Website Vulnerability Scanners are a type of security software, most commonly used by website owners and IT professionals to perform security audits. Once activated, these automated tools will scan the website and, in some cases, dig into network infrastructure, to detect and report any known exploits that may be used to attack the site.
The tests performed differ from scanner to scanner. For example, some Vulnerability Scanners may look at registry entries in MS Windows operating systems to see if a specific patch or update has been implemented. Others will try to modify URLs to check for sanitization issues or discover vulnerabilities in Web Applications used on the site. In some case, some Vulnerability Scanners will go one step further and actually attempt to exploit the detected vulnerability.
Vulnerability Scanners Should Always be Monitored
While not “inherently” malicious, Vulnerability Scanners can be used for bad purposes. Hackers can and will use these tools to identify soft-spots for future Denial of Service (DOS), SQL injections, XSS and other cyber-attacks. This is why it is important to be aware of any outside scanning attempts, as they may serve as a prelude to an upcoming attack.
Incapsula’s Bot Identification capabilities will recognize any suspicious Vulnerability Scanning attempts and the service can be configured to block them, as needed.
We also are now introducing a “Vulnerability Scanners” category into our Botopedia directory. We hope that this information will help website owners recognize and monitor any Vulnerability Scanner related activity on their site.
To get you started, we also compiled a list which details the most commonly used Vulnerability Scanners, organized in an alphabetical order.
Botopedia.org: Verified Vulnerability Scanner Information
Common Vulnerability Scanners
Acunetix: Founded in 2004, Acunetix is a security company that develops Vulnerability Scanning solutions. Acunetix Scanner offers various security features, such as: automatic client script analyzer, SLQI and XSS testing, advanced penetration testing tools (i.e. HTTP Editor and the HTTP Fuzzer) and more.
AppScan: The IBM Security AppScan portfolio includes dynamic application security testing (DAST) and static application security testing (SAST) — as well as other security technologies like glass-box testing and run-time analysis that keep up with the latest threats and drive precise, actionable results.
Botopedia.org: User-Agent Information and Real-time IP verification
Havij: “Carrot”in Farsi, Havij is an automated SQL Injection software that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. Compared to all other scanners on the lisr, Havij is the one most commonly used for malicious purposes. By using Havij hacker can detect and exploit application level vulnerabilities to gain illegal access to Databases, retrieve DBMS users and password hashes, dump table and etc. Havij can even be used to accessing the underlying file system and executing commands on the operating system.
Nessus: Nessus is a popular Vulnerability Scanning software from Tenable Network Security that aims to detect potential vulnerabilities on the tested systems. Nessus will detect illegal remote access exploits, misconfiguration and missing patched, TCP/IP DOS vulnerabilities and more. Nessus will also detect easy to guess passwords and can implement Hydra (an external tool) to launch a dictionary attack.
Qualys: Founded in 1999, Qualys is an established security company that provides a suite of Cloud-basesd security and compliance solutions. Qualys Vulnerability Scanner is used to identify web application exploits like SQL injection, cross site scripting (XSS) and URL redirection, as well as other known and emerging threats.
ScanAlert: McAfee ScanAlert is a user-side Vulnerability Scanner that protects visitor’s private information. ScanAlert's dose so by mimicking hacking attempts and conducting security scans for known vulnerabilities. ScanAlert uses a “HACKER SAFE” certification mark to identify secure websites. ScanAlert will revisit a “HACKER SAFE“ website on a daily basis, using over 10,000 different security tests to make sure that it stays secure.
SiteLock: Founded in 2008, SiteLock is a security company that provides Vulnerability Scanning solutions and other added value services, including on-demand Services team, maintenance plans, website design and etc. These services aim to complement SiteLock Scans, help fix identified issues and harden websites to help future attacks.
Sucuri: Founded in 2007, Sucuri provides security scanning services to detects unauthorized and potentially harmful changes to network and cloud assets (i.e. websites, DNS records, Whois data, SSL certificates and more). The name of company “Sucuri”, in Portuguese, is the name for a species of Anaconda found in the Brazilian Amazon – a dominant hunter and a second largest snake in existence.
WebInspect: HP WebInspect software is one of the leading Web Application Security Assessment tools, designed to analyze Web Application related vulnerabilities. WebInspect mimics real-world hacking methods to analyze complex web applications and services for security vulnerabilities and to protect most sensitive entry points from attack.
WhiteHat: Founded in 2001 by Jeremiah Grossman, WhiteHat is a Security company that combines Cloud-based technology platform with a team of security experts to help website owners in various on-line industries, including e-commerce, financial services, information technology, healthcare and more. WhiteHat Vulnerability Scanner is a commonly accepted security auditing tool, used by prominent security experts and IT professionals all around the world.