Authentication, Control and Connection Features Comparison - Web Application Scanners:
The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Last updated: 27/08/2012
Sorted in an ascending order according to the scanner name .
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
1
Acunetix WVS (Commercial Edition)
2
Acunetix WVS Free Edition
3
aidSQL
4
Ammonite
5
Andiparos
6
arachni
7
Burp Suite Professional
8
crawlfish
9
Damn Small SQLi Scanner (DSSS)
10
Gamja
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
11
Grabber
12
Grendel Scan
13
IBM AppScan
14
IronWASP
15
iScan
16
JSky (Commercial Edition)
17
JSky Free Edition
18
LoverBoy
19
Mini MySqlat0r
20
Nessus
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
21
Netsparker (Commercial Edition)
22
Netsparker Community Edition
23
N-Stalker 2009 Free Edition
24
N-Stalker 2012 Free Edition
25
NTOSpider
(Obsolete Version / Results)
26
Oedipus
27
openAcunetix
28
Paros Proxy
29
ParosPro
30
PowerFuzzer
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
31
Priamos
32
ProxyStrike
33
QualysGuard WAS
34
safe3wvs (limited free edition)
35
Sandcat Free Edition
36
Scrawlr
37
ScreamingCSS
38
Secubat
39
SkipFish
40
SQID (SQL Injection Digger)
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
41
SQLiX
42
sqlmap
43
Syhunt Dynamic (Sandcat Pro)
44
Syhunt Mini (Sandcat Mini)
45
Uber Web Security Scanner
46
Vega
47
VulnDetector
48
W3AF
49
Wapiti
50
Watobo
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
51
Web Injection Scanner (WIS)
52
WebCruiser Enterprise Edition
53
WebCruiser Free Edition
54
WebInspect
55
WebScarab
56
WebSecurify (Opensource Version)
57
WSTool
58
Xcobra
59
XSSer
60
XSSploit
#
LogoVulnerability Scanner
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
61
XSSS
62
ZAP


Statistics
#
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param
Scanners:41273623278331432719412415343630



Glossary
AliasGeneral FeatureDescriptionReferences
Custom CookieHTTP Cookie/s CustomizationSupport for customizing the cookie/s used in the test
Custom HeaderHTTP Header/s CustomizationSupport for customizing the header/s used in the test
BASICBasic AuthenticationSupport for HTTP Basic Authentication1
DIGESTDigest AuthenticationSupport for HTTP Digest Authentication1
NTLMNTLM AuthenticationSupport for Authnetication via NTLM Credentials1
NTLMv2NTLMv2 AuthenticationSupport for Authenctication via NTLM Credentials1
KerberosKerberos AuthenticationSupport for Authenctication via Kerberos Protocol1
FORMFORM Based AuthenticationFORM Based Authentication Support (Html Forms)1
PROXYOutgoing Proxy SupportSupport for forwarding the communication via an Outgoing Proxy
GZIPGZIP Compression SupportSupport for decompressing/compressing GZIP communication1
DEFLATEDeflate Compression SupportSupport for decompressing/compressing Deflate communication1
SSLSSL/TLS Encryption SupportScan SSL/TLS Enhanced Servers1
CERTClient Side CertificateClient Side Certificate Authentication Support
Logout DetectionAutomated Logout DetectionSupport for automatically detecting invalid sessions (logout/timeout)
Logout ExclusionLogout URL ExclusionSupport for excluding the URL from the scan
URL ExclusionURL ExclusionSupport for excluding URL groups from the scan
Param ExclusionHTTP Parameter ExclusionSupport for excluding HTTP parameters from the scan



Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.