Graphical tool for testing web application security.
- Free and open source
- GUI based and very easy to use, no security expertise required
- Powerful and effective scanning engine
- Supports recording login sequence
- Reporting in both HTML and RTF formats (view the sample report)
- Checks for over 25 different kinds of common web vulnerabilities
- False positive detection support
- False negative detection suppport
- Industry-leading built-in scripting engine that supports Python and Ruby
- Extensibile via plug-ins or modules in Python, Ruby, C# or VB.NET
- Bundled with a growing number of modules built by security researchers
- WiHawk - wireless router vulnerability scanner - Anamika Singh
- XmlChor - XPATH injection exploitation tool - Harshal Jamdade
- IronSAP - SAP security scanner - Prasanna K
- SSL Security Checker - scanner for SSL configuration weaknesses - Manish Saindane
- OWASP Skanda - SSRF exploitation tool - Jayesh Singh Chauhan
- CSRF PoC Generator - CSRF vulnerability exploit generator - Jayesh Singh Chauhan
- HAWAS - automatically detect and decode encoded strings or hashes in websites - Lavakumar Kuppan