List of web application security testing tools:
- Nessus
- Wapiti
- Acunetix WVS
- WatcherWebSecurityTools
- Netsparker
- N-Stalker Web Application Security Scanner
- OWASP Zap
- Arachni
- Vega
- Skipfish
- WebReaver
- WSSA – Web Site Security Audit
- Syhunt Hybrid
- IronWASP
- WebWatchBot
- Secunia PSI
- KeepNI
- Exploit-Me
- x5s
- HconSTF
- PunkScan
List of Web Application Security Scanner
Nessus
It is featured on CISSP exam.
Wapiti
It is FOSS.
It is featured on CISSP exam.
Acunetix WVS
WatcherWebSecurityTools
WatcherWebSecurityTools
Netsparker
Netsparker
N-Stalker Web Application Security Scanner
N-Stalker Web Application Security Scanner
OWASP Zap
Arachni
Vega
Skipfish
WebReaver
WSSA – Web Site Security Audit
Syhunt Hybrid
IronWASP
WebWatchBot
Secunia PSI
KeepNI
KeepNI
Exploit-Me
https://github.com/Silva97/exploit-me
Exploit-Me is a collection of challenges to write exploits and learn some kind of cool stuffs about information security.
It is free and open-source software (FOSS).
x5s
https://www.casaba.com/products/x5s/
x5s is a Fiddler add-on which aims to assist penetration testers in finding cross-site scripting vulnerabilities.
It was developed by Casaba Security.
It was available to download at Microsoft’s CodePlex, but the site was closed on 2021 and it does not seem they moved the project to other sites (e.g., GitHub). You can find a snapshot x5s web at CodePlex on Wayback Machine on this external link.
You can find more info about x5s at darknet.org.uk on this external link.
HconSTF
http://www.hcon.in/hconstf.html
PunkScan
https://hyperiongray.atlassian.net/wiki/spaces/PUB/pages/9732120/PunkSCAN+1.2.x+Deployment+Guide
PunkSCAN is a distributed mass web application scanner.
It was developed by Alejandro Cáceres.