| Scanner | Version | Vendor | |
| WSTool | 0.14001 | Kim Young-il |
| Tested Against WAVSEP Version: |
| Accurate Version | License / Technology | Last Update | Activity | 0.14001 (Alpha) | GPL PHP | 01-02-2007 |
| GUI | Config | Usage | Stability | Performance | Report | ScanLog | Pause | Session |
 | Complex | Complex | Unstable | Fast | |  | |  |
Cookie | Header | A S I C | I G E S T | T L M | T L M v 2 | E R B E R O S | O R M | Detection | Logout | URL | Param | |||||
| | | | | | | | | | | | | | | | |
O U N T | Crawl | File | Crawler | Crawler | Crawler | Crawler | Crawler | Crawler | Crawler | Autofill | Autofill | CSRF Support | Support | Bypass | Bypass |
| 1 | | | | | | | | | | | | | | | |
O U N T | E T | O S T | O O K I E | E A D E R | E C R E T | N a m e | M L | m l A T T | m l T A G | S O N | N e t E N C | M F | a v a S E R | N e t S E R | C F | C F - B i n | e b S o c k | W R | u s t o m |
| 2 | | | | | | | | | | | | | | | | | | | |
O U N T | Q L i | S Q L i | S J S i | X S S | X S S | X S S | S O N h | F I | F I | M D E x e c | P L O A D | E D I R E C T | R L F i | D A P i | P A P H i | X i | S I | O R M A T i | O D E i | M L i | L i | U F F E R o | N T E G E R o | O D E D i s c | A C K U P f | A D D I N G | U T H b | R I V e | X E | E S S I O N | I X A T I O N | S R F | D o S |
| 2 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
| WebServer Hardening | CGI Scanning | Dir & File Enumeration | Passive Analysis | Additional Features |
| | | |
| Detection Accuracy | Chart | ||||
| 45.59% Detection Rate 40.00% False Positives | (62/136) (4/10) |
| Detection Accuracy | Chart | ||||
| 27.27% Detection Rate 42.86% False Positives | (18/66) (3/7) |
| SQL injection is limited to MSSQL, CGI scanning is limited to administrative pages. Attempts to locate 5xx and 4xx errors. |
| None |
| The GUI is implemented as a web application. The web version is supposed to support authentication and cookie customization, but I had problems activating a scan within it. |