1. Grabber:
Grabber is an open source web application scanner which helps in detecting security loopholes in web applications. It performs scans to detect the vulnerabilities like cross site scripting, SQL injection, Ajax testing, backup file check and more. It's a very simple and portable scanner which is mainly used for small web applications and it also doesn't offer any GUI interface. This tool is mainly helpful for personal use and not any kind of professional purpose. Written in Python, Grabber has its source code available which can be modified as per requirements.
Download Grabber here
2. Nikto:
Nikto is a GPL approved open source web server scanner which performs tests against the servers for multiple items like dangerous files, outdated versions and other specific problems. It also keeps check on server configuration items like HTTP server options and multiple index files. The plug-ins are frequently updated, sometimes automatically too.
Download Nikto here
3. Vega:
Vega is a free open source web vulnerability scanner and a testing platform too. This tool lets you perform security testing on any web application and it's compatible with OS X, Linux and Windows. Written in Java, Vega has a GUI based environment and it's used to find SQL injection, header injection, directory listing, shell injection, cross site scripting and other similar vulnerabilities. For any kind of help regarding this tool you can refer to its documentation.
Download Vega here
4. Zed Attack Proxy:
Also known as ZAP, Zed Attack Proxy is an open source tool which is available for Windows, Unix/Linux and Macintosh platforms. It is highly helpful to find a wide range of vulnerabilities in web applications and it's very simple to use. This tool is great for penetration testing beginners too. This tool can be used either as a scanner or to intercept a proxy in order to manually perform tests on specific pages.
Download ZAP here
5. Wapiti:
It's another nice web vulnerability scanner which audits security of web applications. It performs black box testing by scanning web pages and it finds out if a script is vulnerable or not. It can detect multiple vulnerabilities like file disclosure, file inclusion, CRLF injection and many others. It's a command-line application which means it's not excellent for beginners while it performs well for experts.
Download Wapiti here
6. sqlmap:
It's an open source penetration testing tool which automatically detects SQL injection flaws. It comes with a broad range of features like database fingerprinting to fetch data from any database and it accesses the underlying file system and executes OS commands.
Download sqlmap here
7. Samurai Web Testing Framework:
The Samurai Web Testing Framework is compatible with Linux environment which is configured to function as a web penetration testing tool. It has a live CD which consists of some best open source and free tools with focus on testing website vulnerabilities. The tools integrated into Samurai include ratproxy, w3af, Burp Suite and BeEF.
Download Samurai here
8. W3af:
It's a popular audit framework which provides a nice web application penetration testing platform and it's developed by Pyhton. It can identify more than 200 types of web application vulnerabilities like SQL injection, cross site scripting and others.
Download W3af here
9. Skipfish:
It's also a nice tool as it crawls through a website and checks every page for security threats and then create a final report. Written in C, it's highly optimised for handling HTTP and as claims say it can handle 2,000 requests per second without any extra load on CPU. This tool is available for Linux, FreeBSD, Mac OS X and Windows.
Download SkipFish here
10. Grendel-Scan:
Grendel-Scan is a nice open source web application security tool which operates automatically in finding out security vulnerabilities in web applications. This tool is available for Windows, Linux and Macintosh and it's written in Java.
Download Grendel-Scan
No comments:
Post a Comment