Open Source/Free Web Vulnerability Scanning Tools Compilation 10-17-2023, 03:47 AM
#1
Here are some of the best open source / free web and SQL vulnerability scanning tools:
1. **OWASP ZAP (Zed Attack Proxy):** ZAP is a widely used and actively maintained tool for finding vulnerabilities in web applications. It includes automated scanners and various tools for manual testing.
2. **Nikto:** Nikto is a command-line tool that scans web servers for known vulnerabilities and misconfigurations. It's especially useful for quickly identifying common issues.
3. **Wapiti:** Wapiti is a web application vulnerability scanner that performs black-box testing and aims to detect various security weaknesses in web applications.
4. **Arachni:** Arachni is a feature-rich, high-performance web application scanner. It's designed to identify various web vulnerabilities, including SQL injection, XSS, and more.
5. **SQLMap:** While primarily a tool for automated SQL injection detection and exploitation, SQLMap can also be used to find and exploit SQL vulnerabilities in web applications.
6. **Skipfish:** Skipfish is an automated web application security scanner that performs a wide range of checks to identify vulnerabilities and security issues.
7. **Acunetix Community Edition:** Acunetix offers a free version with limited features but is still effective at finding common web application vulnerabilities, including SQL injection and XSS.
8. **OpenVAS:** OpenVAS is more focused on network vulnerability scanning but can also identify vulnerabilities in web applications and web servers.
9. **Netsparker Community Edition:** Netsparker provides a limited free version of its web application security scanner, which can identify common web vulnerabilities.
10. **Vega:** Vega is an open-source web vulnerability scanner and testing platform that can be used to find and validate common web vulnerabilities.
1. **OWASP ZAP (Zed Attack Proxy):** ZAP is a widely used and actively maintained tool for finding vulnerabilities in web applications. It includes automated scanners and various tools for manual testing.
2. **Nikto:** Nikto is a command-line tool that scans web servers for known vulnerabilities and misconfigurations. It's especially useful for quickly identifying common issues.
3. **Wapiti:** Wapiti is a web application vulnerability scanner that performs black-box testing and aims to detect various security weaknesses in web applications.
4. **Arachni:** Arachni is a feature-rich, high-performance web application scanner. It's designed to identify various web vulnerabilities, including SQL injection, XSS, and more.
5. **SQLMap:** While primarily a tool for automated SQL injection detection and exploitation, SQLMap can also be used to find and exploit SQL vulnerabilities in web applications.
6. **Skipfish:** Skipfish is an automated web application security scanner that performs a wide range of checks to identify vulnerabilities and security issues.
7. **Acunetix Community Edition:** Acunetix offers a free version with limited features but is still effective at finding common web application vulnerabilities, including SQL injection and XSS.
8. **OpenVAS:** OpenVAS is more focused on network vulnerability scanning but can also identify vulnerabilities in web applications and web servers.
9. **Netsparker Community Edition:** Netsparker provides a limited free version of its web application security scanner, which can identify common web vulnerabilities.
10. **Vega:** Vega is an open-source web vulnerability scanner and testing platform that can be used to find and validate common web vulnerabilities.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)