Acunetix - Web Vulnerability Scanner For Hackers


Acunetix - Web Vulnerability Scanner For Hackers

Acunetix is a web vulnerability scanner that you can use to detect vulnerabilities in the web applications. It can also be used to perform penetration testing against the detected issues. During scanning, Acunetix can analyze the source code and pinpoint the exact line of code with vulnerability.

It also provides mitigation suggestions for the vulnerabilities -- you can use that to increase the security of the web app.

The scanner is super fast, it can crawl hundreds of thousands of pages in just few minutes.

Now let's talk about the Tools...
  • Site Crawler: It collects referrer pages, headers, and variables within the pages. If the crawler is in the default mode, it will crawl the whole site but you can limit the extensions if you want.
  • Target Finder: It is a port scanner that can find websites running in a range of given addresses. The range of addresses is not limited and you can specify which ports to look on in order to discover websites on nonstandard ports. It can also identify the type of the target web server.
  • Subdomain Scanner: It can identify active sub domains of a top level domain very easily. It can be configured to use the target’s DNS server or any other DNS server specified by the user.
  • Blind SQL Injector: This is a powerful tool that can enumerate databases and tables, dump data and also read specific files on the file system of the web server if an exploitable SQL injection is discovered. It is an automated database data extraction tool, but it also allows you to run custom SQL "Select" queries against the database.
  • HTTP Editor: The HTTP Editor allows you to create, analyze, and edit client HTTP requests and server responses. It also contains an encoding and decoding tool to encode/decode text and URL’s to MD5 hashes, UTF7 formats and many other formats.
  • HTTP Sniffer: The HTTP Sniffer acts as a proxy and allows you to capture, examine and modify HTTP traffic between an HTTP client and a web server. You can also enable, add or edit traps to capture traffic before it is sent to the web server or back to the web client. It can help you analyze how Session IDs are stored and how inputs are sent to the server, and alter any HTTP requests being sent back to the server before they get sent. It also allows you to navigate through parts of the website which cannot be crawled automatically, and import the results into the scanner to include them in the automated scan.
  • HTTP Fuzzer: It enables you to launch a series of sophisticated fuzzing tests to audit the web application's handling of invalid and unexpected random data. The HTTP Fuzzer also allows you to create input rules for further testing in Acunetix Web Vulnerability Scanner.
    • Authentication Tester: This is actually a dictionary attack tool that you can use to perform a dictionary attack against login pages that use both HTTP (NTLM v1, NTLM v2, digest) or form based authentication. This tool uses two predefined text files (dictionaries) containing a list of common usernames and passwords. You can add your own combinations to these text files if you want.
    • Web Services Scanner: It allows you to launch automated vulnerability scans against WSDL based Web Services.
    • Web Services Editor: This tool allows you to import an online or local WSDL for custom editing and execution of various web service operations over different port types for an indepth analysis of WSDL requests and responses. The editor also features syntax highlighting for all languages to easily edit SOAP headers and customize your own manual attacks.
               
                                             DOWNLOAD ACUNETIX SCANNER