Crawling Method, Coverage and Scan Barrier Support of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated

or new

)

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional features.

Last updated: 18/09/2016
Sorted in a descending order according to the amount of technologies the scanner can "crawl" and according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary

Unified List Commercial Scanners Free / Open Source Scanners

#	Logo	Vulnerability Scanner	C O U N T	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
1		arachni	7
2		W3AF	6
3		Acunetix WVS Free Edition	5
4		Netsparker Community Edition	5
5		sqlmap	5
6		ZAP	5
7		Grendel Scan	4
8		IronWASP	4
9		XSSer	4
10		Grabber	3
#	Logo	Vulnerability Scanner	C O U N T	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
11		N-Stalker 2009 Free Edition	3
12		N-Stalker 2012 Free Edition	3
13		safe3wvs (limited free edition)	3
14		Sandcat Free Edition	3
15		Syhunt Mini (Sandcat Mini)	3
16		Vega	3
17		WATOBO	3
18		Andiparos	2
19		LoverBoy	2
20		Oedipus	2
#	Logo	Vulnerability Scanner	C O U N T	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
21		Paros Proxy	2
22		ProxyStrike	2
23		SkipFish	2
24		SQID (SQL Injection Digger)	2
25		SQLiX	2
26		Wapiti	2
27		WebCruiser Free Edition	2
28		WebScarab	2
29		XSSS	2
30		aidSQL	1
#	Logo	Vulnerability Scanner	C O U N T	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
31		crawlfish	1
32		Damn Small SQLi Scanner (DSSS)	1
33		Gamja	1
34		iScan	1
35		JSky Free Edition	1
36		Mini MySqlat0r	1
37		openAcunetix	1
38		PowerFuzzer	1
39		Priamos	1
40		Scrawlr	1
#	Logo	Vulnerability Scanner	C O U N T	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
41		ScreamingCSS	1
42		Secubat	1
43		Uber Web Security Scanner	1
44		VulnDetector	1
45		Web Injection Scanner (WIS)	1
46		WebSecurify (Opensource Version)	1
47		WSTool	1
48		Xcobra	1
49		XSSploit	1

Statistics

#	Manual Crawl	URL File	Html Crawler	Ajax Crawler	Flash Crawler	Applet Crawler	Silverlight Crawler	WSDL Crawler	REST Crawler	Field Autofill	Smart Autofill	Anti CSRF Support	Viewstate Support	CAPTCHA Bypass	WAF Bypass
Scanners:	17	11	48	9	1	0	0	0	0	8	0	5	3	0	11

Glossary

Alias	General Feature	Description	References
Manual Crawl	Manual Crawling Support	Support for manually "teaching" the application structure to the scanner
URL File	URL File Parsing Support	Support for loading the list of target entry points from a file
Html Crawler	HTML Form/Link Crawler	The ability to automatically crawl HTML forms/links (a.k.a Spider)	1
Ajax Crawler	JS/VBS/Ajax Crawler	The ability to automatically crawl entry points that are accessed via JS/VBS/Ajax code
Flash Crawler	Flash Crawler	The ability to automatically crawl Flash applications
Applet Crawler	Applet Crawler	The ability to automatically crawl Applet applications (Java)
Silverlight Crawler	Silverlight Crawler	The ability to automatically crawl Silverlight applications
WSDL Crawler	WebService WSDL Crawler	The ability to automatically identify, analyze and crawl web service WSDL files	1
REST Crawler	REST WSDL Crawler	The ability to automatically identify, analyze and crawl RESTful web service WSDL files
Field AutoFill	Field Value AutoFill	The ability to fill fields with default values while automatically crawling the application (param-name based)
Smart AutoFill	Smart Field Value AutoFill	The ability to fill fields with default values while automatically crawling the application (GUI based)
AntiCSRF Support	AntiCSRF Token Support	Support for replaying & updating AntiCSRF tokens (GET/POST)
Viewstate Support	Evenet & Viewstate Support	Support for replaying & updating various viewstate and event fields
CAPTCHA Bypass	CAPTCHA Cracking/Bypass Features	Crack/Bypass CAPTCHA fields while scanning the application
WAF Bypass	WAF Evasion Techniques	Use WAF evasion techniques while scanning the application