Tool | Description |
---|---|
Arachni | Arachni is a Ruby framework that helps penetration testers and administrators gauge web application security. |
Nikto2 | Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. |
OWASP ZAP | The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing. |
Skipfish | Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. |
w3af | Detects web application vulnerabilities and provides tools for penetration testing efforts with specially crafted HTTP requests. |
Wapiti | Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. |
Created
November 22, 2019 06:24
-
-
Save subfission/964f8e98b842212092855a863549b427 to your computer and use it in GitHub Desktop.
Open source solutions for Dynamic Application Security Testing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment