cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
A2jacomel
Newcomer I

Web application vulnerability scanners

Hi! Could you recommend me a good free web application vulnerability scanning tool? I need to start scanning some internal web application and to create an madurate a proccess for the company. I have red some in Google, but want to know what do you think and know about it. Thanks in advance.

5 Replies
Nothwindtrader
Newcomer II

CraigO
Viewer

TL;DR ...Zed Attack Proxy, Nikto, BurpSuite, Vega

jltrinka
Newcomer I

For free, I would go with OWASP Zed Attack Proxy (ZAP).  For relatively cheap, I would go with Burp Suite Pro. Some other free tools that may help you are CMS-specific scanners like WPScan which are featured in Kali, but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.

___
Jeremy Trinka
rjaldins
Viewer III

Hey there , what do you mean about this : but that is dependent on whether or not your target is sitting on something like Wordpress/Drupal/etc.. ??

jltrinka
Newcomer I

Wordpress and Drupal are popular open-sourced content management systems that web developers use as frameworks to expedite time to build wesites.  They also come with a number of their own vulnerabilities, like default configurations and old, vulnerable plugins.  There are some free scanners in Kali Linux that quickly check for issues that are often seen with these types of sites, like WPScan.

___
Jeremy Trinka