Scanners Flashcards
Nikto
a free software command-line vulnerability scanner that scans webservers for dangerous files/CGIs, outdated server software and other problems. It performs generic and server type specific checks. It also captures and prints any cookies received.
Open VAS
a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
SQLMap
an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Nessus
a proprietary vulnerability scanner developed by Tenable, Inc.
Open SCAP
a command line tool which enables various SCAP capabilities such as displaying the information about specific security content, vulnerability and configuration scanning, or converting between different SCAP formats.
Wapiti
allows you to audit the security of your websites or web applications. It performs “black-box” scans (it does not study the source code) of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data.
WPScan
black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites.
Brakeman
Brakeman is a free vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.
Scout Suite
an open-source cloud security-auditing tool. It queries the cloud API to gather configuration data. Based on configuration data gathered, ScoutSuite shows security issues and risks present in your infrastructure.
