红队测试-Web漏洞扫描工具

  • ACSTIS - Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
  • Arachni - Scriptable framework for evaluating the security of web applications.
  • JCS - Joomla Vulnerability Component Scanner with automatic database updater from exploitdb and packetstorm.
  • Netsparker Application Security Scanner - Application security scanner to automatically find security flaws.
  • Nikto - Noisy but fast black box web server and web application vulnerability scanner.
  • SQLmate - Friend of sqlmap that identifies SQLi vulnerabilities based on a given dork and (optional) website.
  • SecApps - In-browser web application security testing suite.
  • WPScan - Black box WordPress vulnerability scanner.
  • Wapiti - Black box web application vulnerability scanner with built-in fuzzer.
  • WebReaver - Commercial, graphical web application vulnerability scanner designed for macOS.
  • cms-explorer - Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • joomscan - Joomla vulnerability scanner.
  • w3af - Web application attack and audit framework.

    推荐阅读