w3af Alternatives

    w3af is described as 'Web Application Attack and Audit Framework'. There are more than 10 alternatives to w3af for a variety of platforms, including Windows, Linux, Online / Web-based, Mac and Wordpress. The best alternative is OWASP Zed Attack Proxy (ZAP), which is both free and Open Source. Other great apps like w3af are Burp Suite (Freemium), Nikto (Free, Open Source), Probely (Freemium) and Acunetix (Paid).

    This page was last updated Dec 15, 2019

    1. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
      show more
    2. Burp Suite is an integrated platform for performing security testing of web applications.


      • FreeOpen Source
      • Mac
      • Windows
      • Linux
      Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers.
    3. Probely finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind.
      show more
      • Windows
      • Online
      • Wordpress
      Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free Edition!
      show more


    4. Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could leave you dangerously exposed.
      show more
    5. Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.
      No screenshots yet
    6. Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.
      No screenshots yet
      • FreeOpen Source
      • Mac
      • Windows
      • Linux
      Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications.
      No screenshots yet
    7. Put yourself in the shoes of a hacker! Without technical expertise, launch an audit to detect security flaws on your website or web application. Online website vulnerability scanner. No installation required. ISO & RGPD compliant. How to avoid hackers?
    Showing 10 of 18 alternatives