Web vulnerability scanning is using & scanning a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.
A vulnerability scanner can be used to conduct network reconnaissance, which is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed. Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers—such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective.
1. WebCruiser - Web Vulnerability Scanner for Windows V2.6.1
WebCruiser - Web Vulnerability Scanner, an effective and powerful web penetration testing tool that will aid you in auditing your website! It has a Vulnerability Scanner and a series of security tools.
It can support scanning website as well as POC (Proof of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, an XPath injection tool, and a Cross Site Scripting tool!
* Crawler(Site Directories And Files);
* Vulnerability Scanner: SQL Injection, Cross Site Scripting, XPath Injection etc.;
* SQL Injection Scanner;
* SQL Injection Tool: GET/Post/Cookie Injection POC(Proof of Concept);
* SQL Injection for SQL Server: PlainText/Union/Blind Injection;
* SQL Injection for MySQL: PlainText/Union/Blind Injection;
* SQL Injection for Oracle: PlainText/Union/Blind/CrossSite Injection;
* SQL Injection for DB2: Union/Blind Injection;
* SQL Injection for Access: Union/Blind Injection;
* Post Data Resend;
* Cross Site Scripting Scanner and POC;
* XPath Injection Scanner and POC;
* Auto Get Cookie From Web Browser For Authentication;
* Report Output.
Download link - http://sec4app.com/download.htm
2. Safe3 Web Vulnerability Scanner 7.7
Download link - http://www.softpedia.com/get/Internet/Other-Internet-Related/Safe3-Web-Vulnerability-Scanner.shtml
WSSA is driven by the same vulnerability assessment system we provide to governments and corporations; AVDS. Every scan starts by testing the equipment that hosts your site. No matter how carefully coded your pages are, if the host equipment is vulnerable, your site is at risk.
Then WSSA automatically tests your website pages for all of the known code vulnerabilities like:
XSS (Cross Site Scripting)
Remote File Inclusion
PHP/ASP Code Injection
Download link - https://secure.beyondsecurity.com/vulnerability-scanner-signup?step=1
4. Vulnerability Scanner - Nexpose Community Edition
The Nexpose Community Edition is a free, single-user vulnerability scanner specifically designed for very small organizations or individual use. Nexpose Community Edition is powered by the same scan engine as award-winning Nexpose Enterprise Edition and offers many of the same features. Support is available via the extensive Rapid7 Community.
Download link - http://www.rapid7.com/vulnerability-scanner.jsp
5. Trust Guard
Download link - https://www.trust-guard.com/compare-Trust-Seals-s/1.htm
6. Retina Web-Security Scanner
Hackers are increasingly targeting web applications with Gartner estimating that 70% of attacks against websites occurring at the application layer. At the same time, many enterprises increasingly rely on web applications to house critical business data, as well as confidential customer information such as credit card and social security numbers. With so much information and activity online, you need a comprehensive web application scanner that accurately assesses your exposure to attacks.
Powerful Security for Web Applications
Retina Web Security Scanner is a best-in-class web scanning solution that rapidly and accurately scans large, complex web sites and web applications to tackle web-based vulnerabilities. Retina Web Security Scanner identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat level.
Download link - http://go.beyondtrust.com/retina-trial
7. SecuBat Vulnerability Scanner
As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. For example, there has been extensive press coverage of recent security incidences involving the loss of sensitive credit card information belonging to millions of customers.
Typical web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the web that are vulnerable.
SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.
Download link - http://secubat.codeplex.com/downloads/get/103432
8. Acunetix Web Vulnerability Scanner 8.0 Build
Download link - http://www.softpedia.com/get/Internet/WEB-Design/Source-Site-Protectors/Acunetix-Web-Vulnerability-Scanner.shtml
9. Nessus Web Vulnerability Scanner
Download link - http://www.tenable.com/products/nessus/nessus-download-agreement
10. WebCruiser Web Vulnerability Scanner
Download link - http://download.cnet.com/WebCruiser-Web-Vulnerability-Scanner/3000-18510_4-75064882.html