Coverage Features Comparison - Web Application Scanners:

The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional features.

Last updated: 27/08/2012
Sorted in a descending order according to the amount of technologies the scanner can "crawl" and according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners

#

Logo

Vulnerability Scanner

C O U N T

Manual Crawl

URL File

Html Crawler

Ajax Crawler

Flash Crawler

Applet Crawler

Silverlight Crawler

WSDL Crawler

REST Crawler

Field Autofill

Smart Autofill

Anti CSRF Support

Viewstate Support

CAPTCHA Bypass

WAF Bypass

1

IBM AppScan

11

2

Syhunt Dynamic (Sandcat Pro)

11

3

WebInspect

11

4

NTOSpider (Obsolete Version / Results)

9

5

JSky (Commercial Edition)

7

6

QualysGuard WAS

7

7

Acunetix WVS (Commercial Edition)

6

8

Netsparker (Commercial Edition)

6

9

Burp Suite Professional

4

10

ParosPro

3

#

Logo

Vulnerability Scanner

C O U N T

Manual Crawl

URL File

Html Crawler

Ajax Crawler

Flash Crawler

Applet Crawler

Silverlight Crawler

WSDL Crawler

REST Crawler

Field Autofill

Smart Autofill

Anti CSRF Support

Viewstate Support

CAPTCHA Bypass

WAF Bypass

11

WebCruiser Enterprise Edition

2

12

Ammonite

1

13

Nessus

1

Statistics

#	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
Scanners:	10	5	12	9	5	2	1	5	2	9	1	6	5	3	4

Glossary

Alias	General Feature	Description	References
Manual Crawl	Manual Crawling Support	Support for manually "teaching" the application structure to the scanner
URL File	URL File Parsing Support	Support for loading the list of target entry points from a file
Html Crawler	HTML Form/Link Crawler	The ability to automatically crawl HTML forms/links (a.k.a Spider)	1
Ajax Crawler	JS/VBS/Ajax Crawler	The ability to automatically crawl entry points that are accessed via JS/VBS/Ajax code
Flash Crawler	Flash Crawler	The ability to automatically crawl Flash applications
Applet Crawler	Applet Crawler	The ability to automatically crawl Applet applications (Java)
Silverlight Crawler	Silverlight Crawler	The ability to automatically crawl Silverlight applications
WSDL Crawler	WebService WSDL Crawler	The ability to automatically identify, analyze and crawl web service WSDL files	1
REST Crawler	REST WSDL Crawler	The ability to automatically identify, analyze and crawl RESTful web service WSDL files
Field AutoFill	Field Value AutoFill	The ability to fill fields with default values while automatically crawling the application (param-name based)
Smart AutoFill	Smart Field Value AutoFill	The ability to fill fields with default values while automatically crawling the application (GUI based)
AntiCSRF Support	AntiCSRF Token Support	Support for replaying & updating AntiCSRF tokens (GET/POST)
Viewstate Support	Evenet & Viewstate Support	Support for replaying & updating various viewstate and event fields
CAPTCHA Bypass	CAPTCHA Cracking/Bypass Features	Crack/Bypass CAPTCHA fields while scanning the application
WAF Bypass	WAF Evasion Techniques	Use WAF evasion techniques while scanning the application

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.