Announcements
April is Volunteer Appreciation Month! We want to thank all of our
volunteers for all the hard work they do! Join us in celebrating!
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Web application vulnerability scanners

Hi! Could you recommend me a good free web application vulnerability scanning tool? I need to start scanning some internal web application and to create an madurate a proccess for the company. I have red some in Google, but want to know what do you think and know about it. Thanks in advance.

5 Replies
Highlighted
Newcomer II

Re: Web application vulnerability scanners

Viewer

Re: Web application vulnerability scanners

TL;DR ...Zed Attack Proxy, Nikto, BurpSuite, Vega

Newcomer I

Re: Web application vulnerability scanners

For free, I would go with OWASP Zed Attack Proxy (ZAP).  For relatively cheap, I would go with Burp Suite Pro. Some other free tools that may help you are CMS-specific scanners like WPScan which are featured in Kali, but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.

___
Jeremy Trinka
Viewer III

Re: Web application vulnerability scanners

Hey there , what do you mean about this : but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.. ??

Newcomer I

Re: Web application vulnerability scanners

Wordpress and Drupal are popular open-sourced content management systems that web developers use as frameworks to expedite time to build wesites.  They also come with a number of their own vulnerabilities, like default configurations and old, vulnerable plugins.  There are some free scanners in Kali Linux that quickly check for issues that are often seen with these types of sites, like WPScan.

___
Jeremy Trinka