Social Network For Security Executives: Network, Learn & Collaborate
Vulnerability assessment tools detect vulnerabilities in applications using many ways. It analyses coding bugs. Finds well known rootkits, backdoors and trojans.
There are many tools available in the market. Here are our top picks :
1. Nikto2 - Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
2. Netsparker - Netsparker is another web application vulnerability tool with an automation feature available to find vulnerabilities. This tool is also capable of finding vulnerabilities in thousands of web applications within a few hours.
3. OpenVAS - OpenVAS is a powerful vulnerability scanning tool that supports large-scale scans which are suitable for organizations. You can use this tool for finding vulnerabilities not only in the web application or web servers but also in databases, operating systems, networks, and virtual machines.
4. Arachni - Arachni is also a dedicated vulnerability tool for web applications. This tool covers a variety of vulnerabilities and is updated regularly. Arachni provides facilities for risk assessment as well as suggests tips and countermeasures for vulnerabilities found. Arachni is a free and open-source vulnerability tool that supports Linux, Windows, and macOS. Arachni also assists in penetration testing by its ability to cope up with newly identified vulnerabilities.
5. Acunetix - Acunetix is a paid web application security scanner (open-source version also available) with many functionalities provided. Around 6500 vulnerabilities scanning range is available with this tool. In addition to web applications, it can also find vulnerabilities in the network as well. Acunetix provides the ability to automate your scan. Suitable for large scale organizations as it can handle many devices. HSBC, NASA, USA Air force are few industrial giants who use Arachni for vulnerability tests.