Crawling Method, Coverage and Scan Barrier Support of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional features.

Last updated: 18/09/2016
Sorted in a descending order according to the amount of technologies the scanner can "crawl" and according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
1
WebInspect12
2
AppSpider11
3
IBM AppScan11
4
Acunetix WVS10
5
N-Stalker10
6
Burp Suite Professional9
7
Netsparker9
8
Netsparker Cloud8
9
Syhunt Dynamic8
10
arachni7
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
11
JSky (Commercial Edition)7
12
QualysGuard WAS7
13
Tinfoil Security6
14
W3AF6
15
Acunetix WVS Free Edition5
16
Netsparker Community Edition5
17
sqlmap5
18
ZAP5
19
Grendel Scan4
20
IronWASP4
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
21
XSSer4
22
Grabber3
23
N-Stalker 2009 Free Edition3
24
N-Stalker 2012 Free Edition3
25
ParosPro3
26
safe3wvs (limited free edition)3
27
Sandcat Free Edition3
28
Syhunt Mini (Sandcat Mini)3
29
Vega3
30
WATOBO3
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
31
Andiparos2
32
LoverBoy2
33
Oedipus2
34
Paros Proxy2
35
ProxyStrike2
36
SkipFish2
37
SQID (SQL Injection Digger)2
38
SQLiX2
39
Wapiti2
40
WebCruiser Enterprise Edition2
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
41
WebCruiser Free Edition2
42
WebScarab2
43
XSSS2
44
aidSQL1
45
Ammonite1
46
crawlfish1
47
Damn Small SQLi Scanner (DSSS)1
48
Gamja1
49
iScan1
50
JSky Free Edition1
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
51
Mini MySqlat0r1
52
openAcunetix1
53
PowerFuzzer1
54
Priamos1
55
Scrawlr1
56
ScreamingCSS1
57
Secubat1
58
Uber Web Security Scanner1
59
VulnDetector1
60
Web Injection Scanner (WIS)1
#
LogoVulnerability Scanner
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
61
WebSecurify (Opensource Version)1
62
WSTool1
63
Xcobra1
64
XSSploit1


Statistics
#
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
Scanners:29216222822852011510616



Glossary
AliasGeneral FeatureDescriptionReferences
Manual CrawlManual Crawling SupportSupport for manually "teaching" the application structure to the scanner
URL FileURL File Parsing SupportSupport for loading the list of target entry points from a file
Html CrawlerHTML Form/Link CrawlerThe ability to automatically crawl HTML forms/links (a.k.a Spider)1
Ajax CrawlerJS/VBS/Ajax CrawlerThe ability to automatically crawl entry points that are accessed via JS/VBS/Ajax code
Flash CrawlerFlash CrawlerThe ability to automatically crawl Flash applications
Applet CrawlerApplet CrawlerThe ability to automatically crawl Applet applications (Java)
Silverlight CrawlerSilverlight CrawlerThe ability to automatically crawl Silverlight applications
WSDL CrawlerWebService WSDL CrawlerThe ability to automatically identify, analyze and crawl web service WSDL files1
REST CrawlerREST WSDL CrawlerThe ability to automatically identify, analyze and crawl RESTful web service WSDL files
Field AutoFillField Value AutoFillThe ability to fill fields with default values while automatically crawling the application (param-name based)
Smart AutoFillSmart Field Value AutoFillThe ability to fill fields with default values while automatically crawling the application (GUI based)
AntiCSRF SupportAntiCSRF Token SupportSupport for replaying & updating AntiCSRF tokens (GET/POST)
Viewstate SupportEvenet & Viewstate SupportSupport for replaying & updating various viewstate and event fields
CAPTCHA BypassCAPTCHA Cracking/Bypass FeaturesCrack/Bypass CAPTCHA fields while scanning the application
WAF BypassWAF Evasion TechniquesUse WAF evasion techniques while scanning the application



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.