The Authentication, Control and Connection Features of Web Application Scanners

The current information is based on the results of the *2011/2012* benchmarks (excpet for entries marked as updated or new )

Last updated: 29/03/2014
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
1
Acunetix WVS
2
Acunetix WVS Free Edition
3
aidSQL
4
Ammonite
5
Andiparos
6
arachni
7
Burp Suite Professional
8
crawlfish
9
Damn Small SQLi Scanner (DSSS)
10
Gamja
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
11
Grabber
12
Grendel Scan
13
IBM AppScan
14
IronWASP
15
iScan
16
JSky (Commercial Edition)
17
JSky Free Edition
18
LoverBoy
19
Mini MySqlat0r
20
Netsparker
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
21
Netsparker Community Edition
22
N-Stalker
23
N-Stalker 2009 Free Edition
24
N-Stalker 2012 Free Edition
25
NTOSpider
26
Oedipus
27
openAcunetix
28
Paros Proxy
29
ParosPro
30
PowerFuzzer
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
31
Priamos
32
ProxyStrike
33
QualysGuard WAS
34
safe3wvs (limited free edition)
35
Sandcat Free Edition
36
ScanToSecure
37
Scrawlr
38
ScreamingCSS
39
Secubat
40
SkipFish
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
41
SQID (SQL Injection Digger)
42
SQLiX
43
sqlmap
44
Syhunt Dynamic
45
Syhunt Mini (Sandcat Mini)
46
Uber Web Security Scanner
47
Vega
48
VulnDetector
49
W3AF
50
Wapiti
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
51
WATOBO
52
Web Injection Scanner (WIS)
53
WebCruiser Enterprise Edition
54
WebCruiser Free Edition
55
WebInspect
56
WebScarab
57
WebSecurify (Opensource Version)
58
WSTool
59
Xcobra
60
XSSer
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
61
XSSploit
62
XSSS
63
ZAP


Statistics
#
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
Scanners:402837253011632432821432419343731



Glossary
AliasGeneral FeatureDescriptionReferences
Custom CookieHTTP Cookie/s CustomizationSupport for customizing the cookie/s used in the test
Custom HeaderHTTP Header/s CustomizationSupport for customizing the header/s used in the test
BASICBasic AuthenticationSupport for HTTP Basic Authentication1
DIGESTDigest AuthenticationSupport for HTTP Digest Authentication1
NTLMNTLM AuthenticationSupport for Authnetication via NTLM Credentials1
NTLMv2NTLMv2 AuthenticationSupport for Authenctication via NTLM Credentials1
KerberosKerberos AuthenticationSupport for Authenctication via Kerberos Protocol1
FORMFORM Based AuthenticationFORM Based Authentication Support (Html Forms)1
PROXYOutgoing Proxy SupportSupport for forwarding the communication via an Outgoing Proxy
GZIPGZIP Compression SupportSupport for decompressing/compressing GZIP communication1
DEFLATEDeflate Compression SupportSupport for decompressing/compressing Deflate communication1
SSLSSL/TLS Encryption SupportScan SSL/TLS Enhanced Servers1
CERTClient Side CertificateClient Side Certificate Authentication Support
Logout DetectionAutomated Logout DetectionSupport for automatically detecting invalid sessions (logout/timeout)
Logout ExclusionLogout URL ExclusionSupport for excluding the URL from the scan
URL ExclusionURL ExclusionSupport for excluding URL groups from the scan
Param ExclusionHTTP Parameter ExclusionSupport for excluding HTTP parameters from the scan



Copyright © 2010-2014 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.