The SQL Injection Detection Accuracy of Web Application Scanners:

The current information is based on the results of the *2011* benchmark (excpet for entries marked as updated or new )

Last updated: 27/08/2012, Currently compares 52 scanners
Sorted in a descending order according to the scanner sql injection detection ratio and product name.
Hint: click the version link to get more information about each scanner evaluation, and the product name to get detailed information on the product.

Unified List   Commercial Scanners   Free / Open Source Scanners

Rank	#	Logo	Vulnerability Scanner	Version		Vendor	Detection Accuracy		Chart
1			sqlmap	1.0		sqlmap developers	100.00% Detection Rate 0.00% False Positives	(136/136) (0/10)
2			arachni	0.4.0.3		Tasos Laskos	100.00% Detection Rate 50.00% False Positives	(136/136) (5/10)
2			IronWASP	0.9.1.0		Lavakumar Kuppan	100.00% Detection Rate 50.00% False Positives	(136/136) (5/10)
2			Syhunt Mini (Sandcat Mini)	4.4.3.0		Syhunt	100.00% Detection Rate 50.00% False Positives	(136/136) (5/10)
2			Wapiti	2.2.1		OWASP	100.00% Detection Rate 50.00% False Positives	(136/136) (5/10)
3			Andiparos	1.0.6		Compass Security AG	77.21% Detection Rate 40.00% False Positives	(105/136) (4/10)
3			Paros Proxy	3.2.13		MileSCAN Technologies	77.21% Detection Rate 40.00% False Positives	(105/136) (4/10)
4			Vega	1.0		Subgraph	75.74% Detection Rate 0.00% False Positives	(103/136) (0/10)
5			ZAP	1.4.0.1		OWASP	75.74% Detection Rate 50.00% False Positives	(103/136) (5/10)
6			Netsparker Community Edition	1.7.2.13		Mavituna Security	70.59% Detection Rate 30.00% False Positives	(96/136) (3/10)
7			Watobo	0.9.8		Andreas Schmidt	65.44% Detection Rate 30.00% False Positives	(89/136) (3/10)
8			W3AF	1.2		W3AF developers	59.56% Detection Rate 30.00% False Positives	(81/136) (3/10)
9			Sandcat Free Edition	4.0.0.1		Syhunt	58.82% Detection Rate 20.00% False Positives	(80/136) (2/10)
10			Oedipus	1.8.1		Jordan Del Grande	58.82% Detection Rate 40.00% False Positives	(80/136) (4/10)
11			WebSecurify (Opensource Version)	0.9		GNU Citizen	58.82% Detection Rate 50.00% False Positives	(80/136) (5/10)
12			ProxyStrike	2.2		Edge Security	52.21% Detection Rate 0.00% False Positives	(71/136) (0/10)
13			PowerFuzzer	1.0		Marcin Kozlowski	51.47% Detection Rate 40.00% False Positives	(70/136) (4/10)
14			WebCruiser Free Edition	2.4.2		Janus Security	50.74% Detection Rate 0.00% False Positives	(69/136) (0/10)
15			Gamja	1.6		Sanghun Jeon	50.00% Detection Rate 80.00% False Positives	(68/136) (8/10)
16			WSTool	0.14001		Kim Young-il	45.59% Detection Rate 40.00% False Positives	(62/136) (4/10)
17			Grendel Scan	1.0		David Byrne	42.65% Detection Rate 50.00% False Positives	(58/136) (5/10)
18			SkipFish	2.07		Michal Zalewski - Google	40.44% Detection Rate 0.00% False Positives	(55/136) (0/10)
19			safe3wvs (limited free edition)	10.1		Safe3 Network Center	40.44% Detection Rate 30.00% False Positives	(55/136) (3/10)
20			Damn Small SQLi Scanner (DSSS)	0.1h		Miroslav Stampar	39.71% Detection Rate 20.00% False Positives	(54/136) (2/10)
21			JSky Free Edition	1.0.0		NoSec	38.24% Detection Rate 20.00% False Positives	(52/136) (2/10)
22			SQLiX	1.0		OWASP	37.50% Detection Rate 20.00% False Positives	(51/136) (2/10)
23			Mini MySqlat0r	0.5		SCRT Information Security	26.47% Detection Rate 0.00% False Positives	(36/136) (0/10)
24			Uber Web Security Scanner	0.0.2		Levent Kayan & Illuminatus	21.32% Detection Rate 40.00% False Positives	(29/136) (4/10)
25			Secubat	0.5		Stefan Kals	18.38% Detection Rate 70.00% False Positives	(25/136) (7/10)
26			Grabber	0.1		Romain Gaucher	15.44% Detection Rate 20.00% False Positives	(21/136) (2/10)
27			Scrawlr	1.0		HP Application Security Center	13.24% Detection Rate 0.00% False Positives	(18/136) (0/10)
28			aidSQL	02062011		Lynxec	11.76% Detection Rate 0.00% False Positives	(16/136) (0/10)
29			iScan	0.1		Simone Margaritelli	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			LoverBoy	1.0		Ashaman Boyd	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			openAcunetix	0.1		John Martinelli	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			Priamos	1.0		Yigit Aktan	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			SQID (SQL Injection Digger)	0.3		Metaeye Security Group	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			VulnDetector	0.0.2		Brad Cable	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			Web Injection Scanner (WIS)	0.4		netXeyes	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)
29			Xcobra	0.2		Taras Ivashchenko	0.00% Detection Rate 0.00% False Positives	(0/136) (0/10)

Copyright © 2012 by Shay Chen (sectooladdict). All rights reserved.
Click here to learn how this information may be published or reused.