Shodan

Shodan is a search engine that lets you find specific computers (routers, servers, etc.) using a variety of filters. Some have also described it as a public port scan...

Freemium Web

Burp Suite

Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing...

Freemium Mac Windows Linux BSD

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous...

Free Open Source Mac Windows Linux

Acunetix

Audit your website security and web applications for SQL injection, Cross site scripting and other web vulnerabilities with Acunetix Web Security Scanner. Download Free...

Commercial Windows Web Wordpress

w3af

w3af is a Web Application Attack and Audit Framework

Free Open Source Windows Linux

skipfish

A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint -...

• Discontinued Skipfish is no longer maintained. Last version, 2.10 beta, released in December 2012, can be still downloaded from Google Code Archive

Free Open Source Mac Windows Linux BSD

Netsparker

Netsparker is the only False-positive-free web application security scanner. Simply point it at your website and it will automatically discover the flaws that could...

Commercial Windows

wapiti

Wapiti allows you to audit the security of your web applications. Wapiti is a command line tool.

Free Open Source Windows Linux

Arachni

Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of...

Free Open Source Mac Windows Linux

Probely

Probely finds vulnerabilities or security issues in web applications and provides guidance on how to fix them. Probe.ly was built having developers in mind. Despite its...

Freemium $ $ $ Web

detectify

Detectify is a SaaS based web application service that analyzes the security status of your website and creates a report with the results. We focus on securing your site...

Commercial Web

HTTPCS Security

Put yourself in the shoes of a hacker! Without technical expertise, launch an audit to detect security flaws on your website or web application. Online website...

Commercial $ $ $ Web

SecApps

Find security vulnerabilities right from your browser. Experience the next generation security tools without the need to install any additional software.

Freemium Mac Windows Linux Web Chrome OS

WebARX

WebARX is a complete website protection platform for digital agencies to protect and monitor the whole client portfolio. WebARX is the go-to tool to protect your...

Commercial $ $ $ Web Drupal Joomla PHP HTML ... PrestaShop Wordpress Magento Community Edition vBulletin phpBB

Tamper Data

Firefox add-on that lets you change headers and request parameters before they're sent to the server. Unlike proxy request modifiers, it's integrated into the...

• Discontinued The extension is no longer developed since 2010 and it's not compatible with Firefox 57 and later. It still works on XUL-based Firefox forks like https://alternativeto.net/software/waterfox/ and https://alternativeto.net/software/palemoon/

Free Open Source Mac Windows Linux Firefox