Best open-source web application vulnerability scanners
What Is an Open Source Vulnerability Scanner? An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. It should address both the open source software in your code base and any dependencies.
Web Scanners
| Main Site | Description |
|---|---|
| Arachni | Free, Simple, Distributed, Intelligent, Powerful, Friendly |
| Astra | Automated Security Testing For REST API’s |
| Ffuf | Fast web fuzzer written in Go |
| Hetty | Hetty is an HTTP toolkit for security research. |
| Jawfish | Tool for breaking into web applications. |
| Nikto | Nikto is an Open Source web server scanner |
| Nuclei | Fast and customizable vulnerability scanner based on simple YAML based DSL. |
| Skipfish | Skipfish is an active web application security reconnaissance tool. |
| Striker | Striker is an offensive information and vulnerability scanner. |
| Taipan | Web application vulnerability scanner |
| Ugly-duckling | Ugly Duckling is a lightweight scanner built specifically for our Crowdsource community to submit proof-of-concept modules |
| Vega | Vega helps you find and fix cross-site scripting (XSS), SQL injection, and more |
| W3af | w3af is a Web Application Attack and Audit Framework. |
| Wfuzz | Web application fuzzer |
| Yasuo | A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network |
| ZAP | The world’s most widely used web app scanner. Free and open source |
CMS Scanners
| Main Site | Description |
|---|---|
| Clusterd | application server attack toolkit |
| CMSScan | CMS Scanner: Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues |
| Droopescan | A plugin-based scanner |
| JoomScan | OWASP Joomla Vulnerability Scanner Project |
| Volnx | Vega helps you find and fix cross-site scripting (XSS), SQL injection, and more |
| WPscan | WPScan WordPress Security Scanner |