The Complimentary Features of Web Application Scanners

#	Logo	Vulnerability Scanner		C O U N T	WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
1		W3AF		23					Eval, Clickjacking, WebDAV, XST, Frontpage Issues, htAccessMethod, Generic Injection, preg_replace (PHP), SSL Issues, phishingVector, generic flaws, Partial DOM-XSS detection, RegEx DoS, Technology specific vulnerabilities and a TON of discovery plugins, evasion, fingerprinting, brute-force, enumeration and analysis features.
2		arachni		20					WebDAV methods, Code Injection (PHP, Ruby, Python, JSP, ASP.Net), XSS in both path & URI, etc.
3		IronWASP		17					IronSAP (SAP testing), HAWAS (Hybrid), SSL Scanner, Exploitation (SSRF, CSRF), A partial list of passive features: Password in URL, Password sent in cleartext HTTP, Basic Authentication over Cleartext Communication, Cookie without http-only flag, Cookie without secure flag (in SSL), Cross-domain xml policy analysis, Server Version Disclosure, Various session & html issues, Autocomplete. Partial support for PXSS, DXSS and External Redirect (potential detection - without verification), SSRF.
4		ZAP		17					Forced Browsing (Options Menu), Username Enumeration, Parameter Tampering, AntiCSRF token scanner, HPP, Http Parameter Override. Session Fixation & Backup file enumeration available as extensions (https://code.google.com/p/zap-extensions/). Many passive analysis features from there Casaba Security Fiddler Extension - Watcher, Were implemented as well. CGI scanning features & fuzzing enabled through the integrated use of fuzz-db and JBroFuzz.
5		Syhunt Mini (Sandcat Mini)		16					Parameter Tampering, Code Injection (PHP) and various other checks and features.
6		SkipFish		15					XSSI , Client SQL Execution, Null Byte file disclosure, JSP Inclusion error check, Code Injection (PHP), Many Passive Analysis Features.
7		Wapiti		15					Htaccess bypass, Resource consumption, Potentially dangerous file detection.
8		Sandcat Free Edition		13					Code Injection (PHP)
9		Vega		11					Several Passive Analysis Modules.
10		Grendel Scan		9					Fuzzing
#	Logo	Vulnerability Scanner		C O U N T	WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
11		WATOBO		8					Fuzzer, various SAP & JBoss tests (unique feature!), Source Code Disclosure (ASP Snippets, etc), Siebel Checks, .NET Checks for well-known files, Lotus domino DB enumeration, Unencrypted password transmissions, Session related issues, Web server hardening, Autocomplete (passive).
12		PowerFuzzer		7					Detect exceptions.
13		Andiparos		7					Parameter Tampering, XSS in path.
14		Oedipus		6					Simple fuzzing (error detection).
15		Uber Web Security Scanner		6					claims to fuzz for XML/SOAP injection, Code Injection (PHP, Perl), Detailed RFI. Supports detailed SQL Injection configuration.
16		JSky Free Edition		6
17		Paros Proxy		6					Parameter Tampering
18		safe3wvs (limited free edition)		5					CGI Scanning is possible by checking the others plugin. The commercial version also supports the detection of admin applications, file upload vulnerabilities, directory listing and additional vulnerabilities.
19		Grabber		5					A few QA features.
20		WebSecurify (Opensource Version)		5					Partial list of passive analysis features: Full path disclosure, Error Disclosure, Email disclosure, Banner Disclosure, Session Cookie not flagged as HTTP Only, Autocomplete Enabled, WWW Authentication
#	Logo	Vulnerability Scanner		C O U N T	WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
21		WebCruiser Free Edition		4
22		Netsparker Community Edition		4					In the free edition, the blind SQL injection feature is limited to boolean (binary) SQL injection. The current version of Netsparker CE does not present obsolete files detected (listed but never verified in previous Netsparker CE versions). Various passive checks are also embedded, and include (among other features): Password Transmitted over Query String, Password Transmitted over HTTP, Autocomplete Enabled, Web Server Version Disclosure, Viewstate Not Encrypted, Email Address Disclosure, Internal Path Disclosure (Windows/Unix), Internal Server Errors, Cookie not HttpOnly, and more.
23		ProxyStrike		4
24		iScan		4					GET/POST coverage. Port scanner. Many known vulnerabilities in web server default application.
25		Acunetix WVS Free Edition		3					It is unclear whether or not the free version actually performs persistent XSS tests.
26		Xcobra		3
27		WebScarab		3					Fuzzing
28		WSTool		2					SQL injection is limited to MSSQL, CGI scanning is limited to administrative pages. Attempts to locate 5xx and 4xx errors.
29		Secubat		2
30		Mini MySqlat0r		2					SQL Exploitation Framework.
#	Logo	Vulnerability Scanner		C O U N T	WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
31		openAcunetix		2
32		N-Stalker 2012 Free Edition		2
33		Damn Small SQLi Scanner (DSSS)		2
34		VulnDetector		2
35		Priamos		2					SQL exploitation module.
36		SQLiX		2
37		Gamja		2					Validation error detection.
38		sqlmap		2					Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB.
39		XSSer		2					Plenty of different XSS flavors, waf bypass methods, stealth mode, etc.
40		XSSploit		2					Exploit code generation, XSRF generation.
#	Logo	Vulnerability Scanner		C O U N T	WebServer Hardening	CGI Scanning	Dir & File Enumeration	Passive Analysis	Additional Features
41		LoverBoy		1
42		N-Stalker 2009 Free Edition		1
43		SQID (SQL Injection Digger)		1
44		Web Injection Scanner (WIS)		1
45		aidSQL		1
46		crawlfish		1
47		Scrawlr		1					Scans ONLY GET parameters, 1500 Max Crawled URLs.
48		ScreamingCSS		1
49		XSSS		1