Category Application Scanner

WebInspect 7 is the first and only web application security assessment tool to be re-architected to thoroughly analyze today’s complex web applications built on emerging Web 2.0 technologies. The new architecture delivers faster scanning capabilities, broader assessment coverage, and the most accurate results of any web application scanner available

SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page.

Watchfire® AppScan® is the industry’s most used web application security testing suite and the first to make the technical leap from scanning tool to security testing platform. AppScan scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification - such as SQL-Injection, Cross-Site Scripting and Buffer Overflow

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems in PHP applications.

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Wikto provides the same functionality as the Nikto tool. But it goes a little further. There are 3 main sections of the tool. These are : Back-End miner, Nikto-like functionality and google

WebInspect 7 is the first and only web application security assessment tool to be re-architected to thoroughly analyze today’s complex web applications built on emerging Web 2.0 technologies. The new architecture delivers faster scanning capabilities, broader assessment coverage, and the most accurate results of any web application scanner available

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web site and web application penetration testing.

W3af is a fully automated auditing and exploiting framework for
the web. It is based upon plugins integration using known GPL tools as well as pytko, Hmap and google utilities .... W3af is written in Python.

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities

Watchfire® AppScan® is the industry’s most used web application security testing suite and the first to make the technical leap from scanning tool to security testing platform. AppScan scans and tests for all common web application vulnerabilities - including those identified in the WASC threat classification - such as SQL-Injection, Cross-Site Scripting and Buffer Overflow

As you maybe noticed, Paros Proxy has not been updated since August 2006. In fact, Paros project has a big brother called MileSCAN.

SAPYTO is a SAP Penetration Testing Framework. It enables security professionals to perform security assessments of different components of SAP R/3 deployments. Presented at Blackhat Europe 2007, it was shipped with many plugins to analyze the security of the RFC interface implementation of SAP systems. The plugin-based architecture enables users to develop their own plugins, extending functionality and allowing the framework to detect new vulnerabilities.

OWASP Tiger is a Windows application originally intented to be used for automating the process of testing various known ASP.NET security issues in hosted environments. However, it is much more versatile than that: it can help you construct and send a HTTP requests, receive and analyze the responses, match them against a set of conditions to produce alerts, notifications that something is wrong with the application(s) or service(s) being tested.

Wikto provides the same functionality as the Nikto tool. But it goes a little further. There are 3 main sections of the tool. These are :
Back-End miner, Nikto-like functionality and googler

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3300 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.

Sandcat allows web administrators to perform aggressive and comprehensive scans of an organization’s web server to isolate vulnerabilities and identify security holes. The Sandcat scanner requires basic inputs such as host names, start URLs and port numbers to scan a complete web site and test all the web applications for security vulnerabilities.

The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides.