[WEB SECURITY] open source web app scanners

Tasos Laskos tasos.laskos at gmail.com
Mon Jul 9 17:58:40 EDT 2012


Just as a heads up if you go with Arachni, it does have all the 
interesting stuff that Tom mentioned but has always been a bit quirky 
when pushed.

I made a turn though with the under dev version and spent (and still do) 
an enormous amount of time on stability, so if you want to give it a 
shot prefer the nightly builds [1] as they are probably more stable than 
the last "stable" version.

If you do go with it and come across a problem let me know, I usually 
respond fast.

Anyhow, I saw Arachni mentioned so I figured I better give you a heads up.

Good luck on finding a tool that fits your needs, it may get tricky.

[1] http://downloads.arachni-scanner.com/nightlies/

PS. I'm the project leader.

On 07/06/2012 04:42 AM, Tom wrote:
> Not quite on par with AppScan or other current commercial products, but
> one that's showing a lot of promise(Especially for the enterprise level)
> is Arachni (https://github.com/Arachni/arachni).  Some interesting
> features: distributed deployment, commandline and web interfaces, a
> self-learning subsystem, and the ability to add custom
> audit/crawler/report modules through Ruby. The distributed deployment
> system is interesting because your able to distribute the load of a scan
> across a set of servers to help increase scan performance.  You can also
> perform separate scans on separate servers and the results will all be
> uploaded to a single server for viewing.  It still in its infancy and
> needs some love, but I believe it's on it's way to becoming something great.
>
> -Tom
>
> On Wed, Jun 27, 2012 at 6:40 PM, Zippy Zeppoli <zippyzeppoli at gmail.com
> <mailto:zippyzeppoli at gmail.com>> wrote:
>
>     Hi List,
>     I was wondering if anyone has come across a web application security
>     scanner which is open source that is on par with IBM Rational AppScan.
>
>     I've come across some tools in the OWASP project but they don't even
>     seem to come close to a too like AppScan.
>
>     Thanks in advance,
>     Z
>
>     _______________________________________________
>     The Web Security Mailing List
>
>     WebSecurity RSS Feed
>     http://www.webappsec.org/rss/websecurity.rss
>
>     Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>     WASC on Twitter
>     http://twitter.com/wascupdates
>
>     websecurity at lists.webappsec.org <mailto:websecurity at lists.webappsec.org>
>     http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>






More information about the websecurity mailing list