Input Vector Support - Web Application Scanners:

The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Note: The content in this page is *incomplete* since the research is still in progress - the various scanners might support additional vectors.

Last updated: 27/08/2012
Sorted in a descending order according to the scanner's number of supported input vectors and the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Note: the information refers to the ability of the scanners to scan the input vector, not simply to interpret it.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

1

IBM AppScan

13

2

WebInspect

13

3

Burp Suite Professional

11

4

IronWASP

10

5

Acunetix WVS (Commercial Edition)

7

6

Ammonite

7

7

Acunetix WVS Free Edition

5

8

Nessus

5

9

NTOSpider (Obsolete Version / Results)

5

10

QualysGuard WAS

5

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

11

W3AF

5

12

arachni

4

13

Netsparker (Commercial Edition)

4

14

SkipFish

4

15

SQLiX

4

16

sqlmap

4

17

XSSer

4

18

JSky (Commercial Edition)

3

19

ParosPro

3

20

safe3wvs (limited free edition)

3

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

21

Syhunt Dynamic (Sandcat Pro)

3

22

Vega

3

23

WebCruiser Enterprise Edition

3

24

WebCruiser Free Edition

3

25

Andiparos

2

26

Gamja

2

27

Grabber

2

28

Grendel Scan

2

29

Mini MySqlat0r

2

30

Netsparker Community Edition

2

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

31

N-Stalker 2009 Free Edition

2

32

Oedipus

2

33

openAcunetix

2

34

Paros Proxy

2

35

PowerFuzzer

2

36

ProxyStrike

2

37

Sandcat Free Edition

2

38

ScreamingCSS

2

39

Secubat

2

40

Syhunt Mini (Sandcat Mini)

2

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

41

Uber Web Security Scanner

2

42

VulnDetector

2

43

Wapiti

2

44

Watobo

2

45

WebScarab

2

46

WebSecurify (Opensource Version)

2

47

WSTool

2

48

Xcobra

2

49

XSSploit

2

50

XSSS

2

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

51

ZAP

2

52

aidSQL

1

53

crawlfish

1

54

Damn Small SQLi Scanner (DSSS)

1

55

iScan

1

56

JSky Free Edition

1

57

LoverBoy

1

58

N-Stalker 2012 Free Edition

1

59

Priamos

1

60

Scrawlr

1

#

Logo

Vulnerability Scanner

C O U N T

G E T

P O S T

C O O K I E

H E A D E R

S E C R E T

P N a m e

X M L

X m l A T T

X m l T A G

J S O N

. N e t E N C

A M F

J a v a S E R

. N e t S E R

W C F

W C F - B i n

W e b S o c k

D W R

C u s t o m

61

SQID (SQL Injection Digger)

1

62

Web Injection Scanner (WIS)

1

Statistics

#	G E T	P O S T	C O O K I E	H E A D E R	S E C R E T	P N a m e	X M L	X m l A T T	X m l T A G	J S O N	. N e t E N C	A M F	J a v a S E R	. N e t S E R	W C F	W C F - B i n	W e b S o c k	D W R	C u s t o m
Scanners:	62	51	21	18	2	9	7	5	3	8	0	3	0	0	2	1	0	0	4

Glossary

Alias	General Feature	Description	References
GET	HTTP Query String Parameters	Input parameters sent in the URL	1
POST	HTTP Body Parameters	Input parameters sent in the HTTP body	1
COOKIE	HTTP Cookie Parameters	Input parameters sent in the HTTP cookie	1
HEADER	HTTP Headers	HTTP request headers used by the application	1
SECRET	Secret HTTP Parameters	Non-visible valid HTTP parameters (such as GET to POST, etc)
PName	HTTP Parameter Names	HTTP parameter names used by the application
XML	XML Element Content	The content of XML elements	1
XmlATT	XML Attributes	XML attributes	1
XmlTAG	XML Tags	The names of XML tags	1
JSON	JSON Parameters	Parameters sent in JSON format	1
.NetENC	.Net PostBack Encoded Parameters	Parameters sent after undergoing .net PostBack encoding	1
AMF	Flash Action Message Format	Parameters sent in Flash AMF format	1
JavaSER	Java Serialized Objects	Parameters sent within Java serialized objects	1
.NetSER	.Net Serialized Objects / Remoting	Parameters sent within .Net serialized objects / remoting	1
WCF	.Net WCF Objects	Parameters sent in WCF requests	1
WCF-Bin	.Net Binary WCF Objects	Parameters sent in binary WCF requests	1
WebSock	HTML5 WebSockets	Direct Socket Browser-Server Communication	1
DWR	Java Direct Web Remoting	Parameters sent in DWR format	1
Custom	Custom Input Vector	Support for defining custom input vectors in the HTTP request

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.