Web application vulnerability scanners

A2jacomel · ‎01-08-2018

Hi! Could you recommend me a good free web application vulnerability scanning tool? I need to start scanning some internal web application and to create an madurate a proccess for the company. I have red some in Google, but want to know what do you think and know about it. Thanks in advance.

Nothwindtrader · ‎01-08-2018

I recommend you have a look here:

https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools

CraigO · ‎01-08-2018

TL;DR ...Zed Attack Proxy, Nikto, BurpSuite, Vega

jltrinka · ‎01-08-2018

For free, I would go with OWASP Zed Attack Proxy (ZAP). For relatively cheap, I would go with Burp Suite Pro. Some other free tools that may help you are CMS-specific scanners like WPScan which are featured in Kali, but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.

___
Jeremy Trinka

rjaldins · ‎01-08-2018

Hey there , what do you mean about this : but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.. ??

jltrinka · ‎01-08-2018

Wordpress and Drupal are popular open-sourced content management systems that web developers use as frameworks to expedite time to build wesites. They also come with a number of their own vulnerabilities, like default configurations and old, vulnerable plugins. There are some free scanners in Kali Linux that quickly check for issues that are often seen with these types of sites, like WPScan.

___
Jeremy Trinka