Open Source Web Scanners


Vulnerability Scanning

Best open-source web application vulnerability scanners

What Is an Open Source Vulnerability Scanner? An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. It should address both the open source software in your code base and any dependencies.

Web Scanners

Main SiteDescription
ArachniFree, Simple, Distributed, Intelligent, Powerful, Friendly
AstraAutomated Security Testing For REST API’s
FfufFast web fuzzer written in Go
HettyHetty is an HTTP toolkit for security research.
JawfishTool for breaking into web applications.
NiktoNikto is an Open Source web server scanner
NucleiFast and customizable vulnerability scanner based on simple YAML based DSL.
SkipfishSkipfish is an active web application security reconnaissance tool.
StrikerStriker is an offensive information and vulnerability scanner.
TaipanWeb application vulnerability scanner
Ugly-ducklingUgly Duckling is a lightweight scanner built specifically for our
Crowdsource community to submit proof-of-concept modules
VegaVega helps you find and fix cross-site scripting (XSS), SQL injection, and more
W3afw3af is a Web Application Attack and Audit Framework.
WfuzzWeb application fuzzer
YasuoA ruby script that scans for vulnerable & exploitable 3rd-party
web applications on a network
ZAPThe world’s most widely used web app scanner. Free and open source

CMS Scanners

Main Site Description
Clusterdapplication server attack toolkit
CMSScanCMS Scanner: Scan WordPress, Drupal, Joomla, vBulletin websites for Security issues
DroopescanA plugin-based scanner
JoomScanOWASP Joomla Vulnerability Scanner Project
VolnxVega helps you find and fix cross-site scripting (XSS), SQL injection, and more
WPscan WPScan WordPress Security Scanner