The Reflected XSS Detection Accuracy of Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016, Currently compares 55 scanners
Sorted in a descending order according to the scanner reflected xss detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners


Rank
#
LogoVulnerability ScannerVersionVendorDetection AccuracyChart
1
Acunetix WVS10.5Acunetix100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Acunetix WVS Free Edition8.0Acunetix100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
AppSpider6.0Rapid7100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
IBM AppScan9.0.0.999 / 8.8.0.0IBM Security Systems Division100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
IronWASP0.9.7.4Lavakumar Kuppan100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Netsparker4.1.1.0Netsparker Ltd100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Netsparker Cloud2015-06-16Netsparker Ltd100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Syhunt Dynamic5.0.0.7Syhunt100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Syhunt Mini (Sandcat Mini)4.4.3.0Syhunt100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Tinfoil SecurityXTinfoil Security100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
Vega1.0Subgraph100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
WebInspect10.1.177.0HP Application Security Center100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
1
ZAP2.2.2OWASP100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)
2
ParosPro1.9.12MileSCAN Technologies98.48% Detection Rate
0.00% False Positives		(65/66)
(0/7)
3
Sandcat Free Edition4.0.0.1Syhunt98.48% Detection Rate
85.71% False Positives		(65/66)
(6/7)
4
Burp Suite Professional1.7.03PortSwigger96.97% Detection Rate
0.00% False Positives		(64/66)
(0/7)
4
N-StalkerXN-Stalker96.97% Detection Rate
0.00% False Positives		(64/66)
(0/7)
5
N-Stalker 2012 Free Edition10.13.11.31N-Stalker95.45% Detection Rate
0.00% False Positives		(63/66)
(0/7)
6
SkipFish2.10Michal Zalewski - Google93.94% Detection Rate
0.00% False Positives		(62/66)
(0/7)
7
ProxyStrike2.2Edge Security93.94% Detection Rate
85.71% False Positives		(62/66)
(6/7)
8
arachni1.1Tasos Laskos90.91% Detection Rate
0.00% False Positives		(60/66)
(0/7)
9
Netsparker Community Edition3.1.6.0Netsparker Ltd78.79% Detection Rate
0.00% False Positives		(52/66)
(0/7)
10
WATOBO0.9.19Andreas Schmidt75.76% Detection Rate
100.00% False Positives		(50/66)
(7/7)
11
Wapiti2.3.0OWASP66.67% Detection Rate
42.86% False Positives		(44/66)
(3/7)
12
N-Stalker 2009 Free Edition7.0.0.223N-Stalker60.61% Detection Rate
0.00% False Positives		(40/66)
(0/7)
13
WebSecurify (Opensource Version)0.9GNU Citizen57.58% Detection Rate
0.00% False Positives		(38/66)
(0/7)
14
QualysGuard WAS2014-01-21Qualys, Inc.50.00% Detection Rate
0.00% False Positives		(33/66)
(0/7)
14
JSky (Commercial Edition)3.5.1NoSec50.00% Detection Rate
0.00% False Positives		(33/66)
(0/7)
15
XSSer1.6psy50.00% Detection Rate
85.71% False Positives		(33/66)
(6/7)
16
Grabber0.1Romain Gaucher50.00% Detection Rate
100.00% False Positives		(33/66)
(7/7)
17
W3AF1.6W3AF developers37.88% Detection Rate
0.00% False Positives		(25/66)
(0/7)
18
XSSS0.40Sven Neuhaus33.33% Detection Rate
71.43% False Positives		(22/66)
(5/7)
19
Andiparos1.0.6Compass Security AG27.27% Detection Rate
42.86% False Positives		(18/66)
(3/7)
19
WSTool0.14001Kim Young-il27.27% Detection Rate
42.86% False Positives		(18/66)
(3/7)
20
Ammonite1.2RyscCorp.24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
20
Oedipus1.8.1Jordan Del Grande24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
20
Paros Proxy3.2.13MileSCAN Technologies24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
20
PowerFuzzer1.0Marcin Kozlowski24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
20
WebCruiser Enterprise Edition2.7.0Janus Security24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
20
WebCruiser Free Edition2.4.2Janus Security24.24% Detection Rate
42.86% False Positives		(16/66)
(3/7)
21
XSSploit0.5SCRT Information Security21.21% Detection Rate
85.71% False Positives		(14/66)
(6/7)
22
Gamja1.6Sanghun Jeon18.18% Detection Rate
14.29% False Positives		(12/66)
(1/7)
22
ScreamingCSS1.02David deVitry18.18% Detection Rate
14.29% False Positives		(12/66)
(1/7)
23
crawlfish0.92ericfish13.64% Detection Rate
28.57% False Positives		(9/66)
(2/7)
24
Grendel Scan1.0David Byrne12.12% Detection Rate
0.00% False Positives		(8/66)
(0/7)
25
JSky Free Edition1.0.0NoSec12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
25
safe3wvs (limited free edition)10.1Safe3 Network Center12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
25
WebScarab20110329OWASP12.12% Detection Rate
42.86% False Positives		(8/66)
(3/7)
26
Uber Web Security Scanner0.0.2Levent Kayan & Illuminatus10.61% Detection Rate
42.86% False Positives		(7/66)
(3/7)
27
Secubat0.5Stefan Kals7.58% Detection Rate
0.00% False Positives		(5/66)
(0/7)
28
iScan0.1Simone Margaritelli0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
28
openAcunetix0.1John Martinelli0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
28
VulnDetector0.0.2Brad Cable0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)
28
Xcobra0.2Taras Ivashchenko0.00% Detection Rate
0.00% False Positives		(0/66)
(0/7)

Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.