The Complimentary Features of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016
Sorted in a descending order according to the scanner's number of audit features.
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
1
IBM AppScan30The Session Id Analysis is implemented within Appscan Powertools, Null Byte, Parameter Tampering (eShopLifting, Debug Mode, Boolean Parameters), Range Restriction Bypass, HTML5 Attacks (HTML5 SQLi, Client Command Execution, Client Side Open Redirect), Flash Specific Attacks (XSF, XSS via Flash, Flash Permissions, Phishing via Flash), XML Specific Attacks (XXE - XML External Entity, SOAP Array Overflow), Account Lockout, Floating Point DoS, Code Injection (Perl, Partial PHP)
2
WebInspect29Partial URL Input Vector Support (Cross Site Scripting), Partial LDAP Injection (Error/Query Detection) & Xpath Injection support, HTML Injection, Parameter Manipulations, Flash Attacks (XSS via Flash, Flash Analysis, Information Disclosure), Web Service Attacks, Numerous Product Specific Plugins, Java Double Parsing DoS, External Session Id Complexity Analysis via the Cookie Cruncher feature.
3
Acunetix WVS29CVE Specific Buffer Overflows, CVE Specific Privilege Escalation, Mass Assignment (Rails), Expression Language Injection (EL Injection), Http Parameter Pollution (HPP), Mongo DB & node.js SSJS Injection Support, SQLi & RXSS In URI, Fuzzer, Code Injection (PHP/ASP), Reverse Proxy Bypass, File Tampering, Server-Specific audit policies, a large number of CGI detection modules, Numerous general & tech-specific passive analysis features, Network scanning features, Detection of Stored XSS, SQLi, File Inclusion, Directory Traversal, Code Execution, File GTampering and PHP Code Execution (Most Stored Detection Features are Unique!).
4
Tinfoil Security24Heartbleed, YAML Injection (RoR), Shellshock, WebDAV features, POODLE, HTTP PUT, Directory Listing, CVS/SVN Code Disclosure, Clickjacking, Various Passive Analysis Features. According to the vendor Session Fixation is only available to enterprise customers. ADoS refers to XML DoS variations being performed as a part of XXE.
5
W3AF23Eval, Clickjacking, WebDAV, XST, Frontpage Issues, htAccessMethod, Generic Injection, preg_replace (PHP), SSL Issues, phishingVector, generic flaws, Partial DOM-XSS detection, RegEx DoS, Technology specific vulnerabilities and a TON of discovery plugins, evasion, fingerprinting, brute-force, enumeration and analysis features.
6
Burp Suite Professional23Header Manipulation, Stored DOM Injection, Server Side Template Injection, Clickjacking, Dir/File enumeration via the discover content feature in the sitemap.
7
arachni20WebDAV methods, Code Injection (PHP, Ruby, Python, JSP, ASP.Net), XSS in both path & URI, etc.
8
AppSpider19SSL Strength, Credential Brute Force / Dictionary Attacks (Form/Http), Business Logic Abuse Attacks, XST, Directory Indexing, Parameter Analysis, Basic flash/java analysis, Malicious frame/script analysis, Java Grinder, Reverse Proxy.
9
Netsparker Cloud18RFD (Rare!), Form/Basetag Hijacking, User/Pass Bruteforce, Insecure JSONP, Content Spoofing, Malicious File Upload, Remote Code Evaluation (ASP,PHP,Perl), RoR YAML Injection, HTTP and WebDAV Methods, SSL Checks, Heartbleed, HTTP.sys, HSTS Bypass, Admin Interfaces, Source Code Disclosure (PHP), Insecure CORS configuration.
10
Netsparker18RFD (Rare!), Form/Basetag Hijacking, User/Pass Bruteforce, Insecure JSONP, Content Spoofing, Malicious File Upload, Remote Code Evaluation (ASP,PHP,Perl), RoR YAML Injection, HTTP and WebDAV Methods, SSL Checks, Heartbleed, HTTP.sys, HSTS Bypass, Admin Interfaces, Source Code Disclosure (PHP), Insecure CORS configuration.
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
11
ZAP17Forced Browsing (Options Menu), Username Enumeration, Parameter Tampering, AntiCSRF token scanner, HPP, Http Parameter Override. Session Fixation & Backup file enumeration available as extensions (https://code.google.com/p/zap-extensions/). Many passive analysis features from there Casaba Security Fiddler Extension - Watcher, Were implemented as well. CGI scanning features & fuzzing enabled through the integrated use of fuzz-db and JBroFuzz.
12
IronWASP17IronSAP (SAP testing), HAWAS (Hybrid), SSL Scanner, Exploitation (SSRF, CSRF), A partial list of passive features: Password in URL, Password sent in cleartext HTTP, Basic Authentication over Cleartext Communication, Cookie without http-only flag, Cookie without secure flag (in SSL), Cross-domain xml policy analysis, Server Version Disclosure, Various session & html issues, Autocomplete. Partial support for PXSS, DXSS and External Redirect (potential detection - without verification), SSRF.
13
QualysGuard WAS16Flash XSS, Clickjacking, NullByte Poisoning, Generic Vulnerabilities, Numerous Passive Analysis, Hardening and vulnerable-CGI plugins, Network Scanning Features, password bruteforcing. Generic application plugins classified as either web application or web server plugins.
14
Syhunt Dynamic16NoSQL (SSJS) Injection, Parameter Tampering, Code Injection (PHP) and various other checks and features.
15
Syhunt Mini (Sandcat Mini)16Parameter Tampering, Code Injection (PHP) and various other checks and features.
16
Wapiti15Htaccess bypass, Resource consumption, Potentially dangerous file detection.
17
SkipFish15XSSI , Client SQL Execution, Null Byte file disclosure, JSP Inclusion error check, Code Injection (PHP), Many Passive Analysis Features.
18
JSky (Commercial Edition)13Captcha Cracker (Unique!).
19
Sandcat Free Edition13Code Injection (PHP)
20
Vega11Several Passive Analysis Modules.
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
21
N-Stalker10WebDAV (PUT), SSL Scanning, Insecure crossdomain.xml and clientaccesspolicy.xml policies, Insecure cookies, HPP, Clickjacking, Incorrect error handling, path disclosure, Remote Execution (Shellshock)
22
Grendel Scan9Fuzzing
23
Ammonite9Limited PXSS Detection, Identifier Enumeration, Unpublished Content Discovery. Passive Detection Features: Cleartext CC#s in Responses, Hidden Form Fields in Responses, HTML Comments in Responses, HTTP/500 Errors in Responses, Verbose Errors in Responses.
24
WATOBO8Fuzzer, various SAP & JBoss tests (unique feature!), Source Code Disclosure (ASP Snippets, etc), Siebel Checks, .NET Checks for well-known files, Lotus domino DB enumeration, Unencrypted password transmissions, Session related issues, Web server hardening, Autocomplete (passive).
25
ParosPro8Parameter Tampering, Potential File Path Manipulation (Covers some Traversal/LFI cases, without actual verification).
26
PowerFuzzer7Detect exceptions.
27
Andiparos7Parameter Tampering, XSS in path.
28
Paros Proxy6Parameter Tampering
29
Uber Web Security Scanner6claims to fuzz for XML/SOAP injection, Code Injection (PHP, Perl), Detailed RFI. Supports detailed SQL Injection configuration.
30
JSky Free Edition6
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
31
Oedipus6Simple fuzzing (error detection).
32
safe3wvs (limited free edition)5CGI Scanning is possible by checking the others plugin. The commercial version also supports the detection of admin applications, file upload vulnerabilities, directory listing and additional vulnerabilities.
33
WebSecurify (Opensource Version)5Partial list of passive analysis features: Full path disclosure, Error Disclosure, Email disclosure, Banner Disclosure, Session Cookie not flagged as HTTP Only, Autocomplete Enabled, WWW Authentication
34
Grabber5A few QA features.
35
Netsparker Community Edition4In the free edition, the blind SQL injection feature is limited to boolean (binary) SQL injection. The current version of Netsparker CE does not present obsolete files detected (listed but never verified in previous Netsparker CE versions). Various passive checks are also embedded, and include (among other features): Password Transmitted over Query String, Password Transmitted over HTTP, Autocomplete Enabled, Web Server Version Disclosure, Viewstate Not Encrypted, Email Address Disclosure, Internal Path Disclosure (Windows/Unix), Internal Server Errors, Cookie not HttpOnly, and more.
36
ProxyStrike4
37
WebCruiser Enterprise Edition4Injection features support MSSQL, MySQL, Oracle, DB2 and MS Access..
38
iScan4GET/POST coverage. Port scanner. Many known vulnerabilities in web server default application.
39
WebCruiser Free Edition4
40
WebScarab3Fuzzing
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
41
Acunetix WVS Free Edition3It is unclear whether or not the free version actually performs persistent XSS tests.
42
Xcobra3
43
Mini MySqlat0r2SQL Exploitation Framework.
44
WSTool2SQL injection is limited to MSSQL, CGI scanning is limited to administrative pages. Attempts to locate 5xx and 4xx errors.
45
Secubat2
46
openAcunetix2
47
N-Stalker 2012 Free Edition2
48
Damn Small SQLi Scanner (DSSS)2
49
VulnDetector2
50
sqlmap2Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB.
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
51
SQLiX2
52
Gamja2Validation error detection.
53
XSSer2Plenty of different XSS flavors, waf bypass methods, stealth mode, etc.
54
Priamos2SQL exploitation module.
55
XSSploit2Exploit code generation, XSRF generation.
56
LoverBoy1
57
N-Stalker 2009 Free Edition1
58
SQID (SQL Injection Digger)1
59
Web Injection Scanner (WIS)1
60
aidSQL1
#
LogoVulnerability ScannerC
O
U
N
T
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
61
crawlfish1
62
Scrawlr1Scans ONLY GET parameters, 1500 Max Crawled URLs.
63
ScreamingCSS1
64
XSSS1


Statistics
#
WebServer
Hardening
CGI
Scanning
DirAndFile
Enumeration
Passive
Analysis
Scanners:31292132



Glossary
AliasGeneral FeatureDescriptionReferences
Web Server HardeningInsecure Server ConfigurationInsecure Web Server / Application Server Configuration (Admin Interfaces, Permissions, Etc)1, 2, 3, 4
CGI ScanningInsecure CGI Modules DetectionDetect Well-Known Issues and Insecure/Obsolete/Default Components1, 2
Dir & File EnumerationDirectory & Files EnumerationDetect Well-Known / Hidden Files and Directories Using Spiders and Dictionary Attacks1, 2
Passive AnalysisPassive Analysis of Security IssuesDetect Security Issues Without any Active Tests (Caching, Autocomplete, Info Leakage, Etc)



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.