Coverage Features Comparison - Web Application Scanners:
The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional features.

Last updated: 27/08/2012
Sorted in a descending order according to the amount of technologies the scanner can "crawl" and according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
1
IBM AppScan11
2
Syhunt Dynamic (Sandcat Pro)11
3
WebInspect11
4
NTOSpider
(Obsolete Version / Results)		9
5
JSky (Commercial Edition)7
6
QualysGuard WAS7
7
Acunetix WVS (Commercial Edition)6
8
Netsparker (Commercial Edition)6
9
Acunetix WVS Free Edition5
10
Netsparker Community Edition5
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
11
sqlmap5
12
W3AF5
13
Burp Suite Professional4
14
Grendel Scan4
15
IronWASP4
16
XSSer4
17
Grabber3
18
N-Stalker 2009 Free Edition3
19
N-Stalker 2012 Free Edition3
20
ParosPro3
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
21
safe3wvs (limited free edition)3
22
Sandcat Free Edition3
23
Syhunt Mini (Sandcat Mini)3
24
ZAP3
25
Andiparos2
26
arachni2
27
LoverBoy2
28
Oedipus2
29
Paros Proxy2
30
ProxyStrike2
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
31
SkipFish2
32
SQID (SQL Injection Digger)2
33
SQLiX2
34
Vega2
35
Watobo2
36
WebCruiser Enterprise Edition2
37
WebCruiser Free Edition2
38
WebScarab2
39
XSSS2
40
aidSQL1
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
41
Ammonite1
42
crawlfish1
43
Damn Small SQLi Scanner (DSSS)1
44
Gamja1
45
iScan1
46
JSky Free Edition1
47
Mini MySqlat0r1
48
Nessus1
49
openAcunetix1
50
PowerFuzzer1
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
51
Priamos1
52
Scrawlr1
53
ScreamingCSS1
54
Secubat1
55
Uber Web Security Scanner1
56
VulnDetector1
57
Wapiti1
58
Web Injection Scanner (WIS)1
59
WebSecurify (Opensource Version)1
60
WSTool1
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
61
Xcobra1
62
XSSploit1


Statistics
#
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
Scanners:2714591652152141107315



Glossary
AliasGeneral FeatureDescriptionReferences
Manual CrawlManual Crawling SupportSupport for manually "teaching" the application structure to the scanner
URL FileURL File Parsing SupportSupport for loading the list of target entry points from a file
Html CrawlerHTML Form/Link CrawlerThe ability to automatically crawl HTML forms/links (a.k.a Spider)1
Ajax CrawlerJS/VBS/Ajax CrawlerThe ability to automatically crawl entry points that are accessed via JS/VBS/Ajax code
Flash CrawlerFlash CrawlerThe ability to automatically crawl Flash applications
Applet CrawlerApplet CrawlerThe ability to automatically crawl Applet applications (Java)
Silverlight CrawlerSilverlight CrawlerThe ability to automatically crawl Silverlight applications
WSDL CrawlerWebService WSDL CrawlerThe ability to automatically identify, analyze and crawl web service WSDL files1
REST CrawlerREST WSDL CrawlerThe ability to automatically identify, analyze and crawl RESTful web service WSDL files
Field AutoFillField Value AutoFillThe ability to fill fields with default values while automatically crawling the application (param-name based)
Smart AutoFillSmart Field Value AutoFillThe ability to fill fields with default values while automatically crawling the application (GUI based)
AntiCSRF SupportAntiCSRF Token SupportSupport for replaying & updating AntiCSRF tokens (GET/POST)
Viewstate SupportEvenet & Viewstate SupportSupport for replaying & updating various viewstate and event fields
CAPTCHA BypassCAPTCHA Cracking/Bypass FeaturesCrack/Bypass CAPTCHA fields while scanning the application
WAF BypassWAF Evasion TechniquesUse WAF evasion techniques while scanning the application



Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.