Nikto!

**Installย ****(recommended****: **Run from a git repo ย ย 
**Download (recommended:**ย Latest GitHub Release https://github.com/sullo/nikto/archive/master.zipย (zip
**Stable Release:ย **Version 2.1.5 bz2 http://cirt.net/nikto/nikto-2.1.5.tar.bz2
or gz http://cirt.net/nikto/nikto-2.1.5.tar.gz
/ Changelog http://cirt.net/nikto/UPDATES/2.1.5/CHANGES.txt
_

Nikto alternatives

  • Zed Attack Proxy

  • The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

    tags: fuzzer owasp penetration-testing proxy sql-injection
  • SHODAN

  • SHODAN is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan directory or a search engine of banners.

    tags: search-by-device search-engine search-ip-address security-focused
  • skipfish

  • A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.

    tags: Discontinued command-line-interface vulnerability-scanner heuristic-detection reconnaissance
  • Acunetix

  • Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!

    tags: website-security
  • w3af

  • w3af is a Web Application Attack and Audit Framework

    tags: web-application-security web-security-scanner web-application-scanner web-hacking
  • IronWASP

  • IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

    tags: internet-security penetration-testing web-application
  • wapiti

  • Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.

    tags: command-line-interface security-focused web-application-scanner web-application-security web-hacking
  • Arachni

  • Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.

    tags: web-security xss sql-injection web-security-scanner web-application-scanner
  • Websecurify

  • Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

    tags: chromium google-chrome internet-security penetration-testing security-focused
  • Intruder

  • Intruder is a proactive security monitoring platform for internet-facing systems.

    tags: hacking security-and-privacy security-as-a-service security-auditing security-testing
  • Yang

  • Yang is yet another Nikto GUI; Software for analyzing and securing your servers. Yang establish diagnostics on :

    tags: server-monitoring security-utilities server-analysis http-analyzer server-checking
  • Network Hotfix Scanner

  • Network Hotfix Scanner is a free advanced hotfix check utility that scans network computers for missing hotfixes and patches, and helps you download and install them. NetHotfixScanner gives you a quick look at the hotfixes and patches installed or missed on any remote computer in your corporate network, it tells you by colored icons specific security bulletin rating ( critical, important, moderate ), title, description and bulletin URL. The tool is designed with a user-friendly interface and is easy to use. ยป

    tags: network-security patch vulnerability-scanner computer-security bulletin
  • Ammonite

  • Ammonite is a web application security scanner extension for Fiddler. Ammonite detects common vulnerabilities such as SQL injection, OS command injection, cross-site scripting, file inclusion, format string vulnerabilities, and buffer overflows. Ammonite includes unique features that make it particularly well suited for penetration testers and security professionals.

    tags: penetration-testing security-testing software-testing sql-injection xss
  • Golem Security Scanner

  • Golem Security Scanner is a powerful and intuitive website security scanner which uses a combination of proprietary and open source scanners to maximize the scan findings. Much less expensive for the paid version than other providers, with a free option which scans a portion of the site.

    tags: web-application-security website-security-scanner website-virus-scan