On occasion I've read comparisons of these tools with others that only make their analysis based on signatures, such as Nikto or the free version of N-Stalker This comparison is wrong, since the approach is completely different. Both are focused on detecting vulnerabilities but the pattern-based applications generally have larger databases and updated comprehensive tools and therefore are complementary.
The characteristics are very similar in all of them make navigation and later released after the test. Except the last two scrawlr and Acunetix, which only detect SQL Injection and XSS respectively, all others look for common vulnerabilities.
Sandcat Free Edition
URL: http://www.syhunt.com/?n=Sandcat.Sandcat
Download: http://www.syhunt.com/?n=Sandcat.Download
Operating System: Windows
CE NetSpaker
URL: http://www.mavitunasecurity.com/communityedition/
Download: http://www.mavitunasecurity.com/communityedition/download/
Operating System: Windows
Websecurify
URL: http://www.websecurify.com/
Download: http://code.google.com/p/websecurify/downloads/list
Operating Systems: Windows, Mac OS, Linux
w3af
URL: http://w3af.sourceforge.net/
Download: http://sourceforge.net/projects/w3af/files/
Operating Systems: Windows, FreeBSD, Linux
skipfish
URL: http://code.google.com/p/skipfish/
Download: http://code.google.com/p/skipfish/downloads/list
Operating System: Linux
wapiti
URL: http://www.ict-romulus.eu/web/wapiti/home
Download: http://www.ict-romulus.eu/web/wapiti/download
Operating System: Linux
scrawlr
URL: URL
Download: Download
Acunetix free edition
URL: http://www.acunetix.com/cross-site-scripting/scanner.htm
Download: http://www.acunetix.com/vulnerability-scanner/download.htm
Operating System: Windows
Source: http://www.securitybydefault.com/
And Source
Thanks!
No comments:
Post a Comment