Crawling Method, Coverage and Scan Barrier Support of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional features.

Last updated: 18/09/2016
Sorted in a descending order according to the amount of technologies the scanner can "crawl" and according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
1
WebInspect12
2
AppSpider11
3
IBM AppScan11
4
Acunetix WVS10
5
N-Stalker10
6
Burp Suite Professional9
7
Netsparker9
8
Netsparker Cloud8
9
Syhunt Dynamic8
10
JSky (Commercial Edition)7
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
11
QualysGuard WAS7
12
Tinfoil Security6
13
ParosPro3
14
WebCruiser Enterprise Edition2
15
Ammonite1


Statistics
#
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
Scanners:121014137228512110765



Glossary
AliasGeneral FeatureDescriptionReferences
Manual CrawlManual Crawling SupportSupport for manually "teaching" the application structure to the scanner
URL FileURL File Parsing SupportSupport for loading the list of target entry points from a file
Html CrawlerHTML Form/Link CrawlerThe ability to automatically crawl HTML forms/links (a.k.a Spider)1
Ajax CrawlerJS/VBS/Ajax CrawlerThe ability to automatically crawl entry points that are accessed via JS/VBS/Ajax code
Flash CrawlerFlash CrawlerThe ability to automatically crawl Flash applications
Applet CrawlerApplet CrawlerThe ability to automatically crawl Applet applications (Java)
Silverlight CrawlerSilverlight CrawlerThe ability to automatically crawl Silverlight applications
WSDL CrawlerWebService WSDL CrawlerThe ability to automatically identify, analyze and crawl web service WSDL files1
REST CrawlerREST WSDL CrawlerThe ability to automatically identify, analyze and crawl RESTful web service WSDL files
Field AutoFillField Value AutoFillThe ability to fill fields with default values while automatically crawling the application (param-name based)
Smart AutoFillSmart Field Value AutoFillThe ability to fill fields with default values while automatically crawling the application (GUI based)
AntiCSRF SupportAntiCSRF Token SupportSupport for replaying & updating AntiCSRF tokens (GET/POST)
Viewstate SupportEvenet & Viewstate SupportSupport for replaying & updating various viewstate and event fields
CAPTCHA BypassCAPTCHA Cracking/Bypass FeaturesCrack/Bypass CAPTCHA fields while scanning the application
WAF BypassWAF Evasion TechniquesUse WAF evasion techniques while scanning the application



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.