Web Application Testing

Website Vulnerability Scanner

Discover common web application vulnerabilities and server configuration issues.

Try the free Light scanner or sign up for a Pro Account to perform in-depth, comprehensive website tests and discover high-risk vulnerabilities.

Scan type
  • Light scan

Reporting

Sample Report

Here is a Website Vulnerability Scanner sample report that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Information at a glance

    The report starts with a quick summary of the findings and risk ratings, a helpful overview you can use to assess risk levels and number of findings.

  • Actionable advice

    Each finding has a detailed explanation in terms of risk and recommendations that gives you a head start in fixing the identified issues.

  • Sorted by risk rating

    Vulnerabilities are sorted by their risk rating, starting from the highest risk identified. This saves you manual work and time, freeing you up for other tasks.

Website Vulnerability Scanner Report Sample

How to use the pentesting tool

Use Cases for Website Vulnerability Scanner

Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

  • Website Penetration Testing

    Speed up your pentest with this online scanner. It’s already set up and configured with optimal settings for best results and performance. Just start the scan and get a notification when results are ready.

  • Security Self-Assessment

    Evaluate your own website’s security to detect weaknesses in your web application. Get clear, easy-to-follow recommendations to fix web vulnerabilities before real attackers exploit them.

  • Third-Party Website Audit

    If you are a web development company, you can use this report to prove to your clients that you have implemented proper security measures in their web application.

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com Website Scanner Sample Report

Website Vulnerability Scanner

Technical Details

The Website Vulnerability Scanner is a custom tool written by our team in order to quickly assess the security of a web application. It is a full-blown web application scanner, capable of performing comprehensive security assessments against any type of web application.

The free scan you can perform on this page is a Light Scan, while only paying customers have access to the Full Scan option. Here is the complete list of tests performed by this vulnerability scanner and the difference between Light and Full scans.


List of tests performed

Light ScanFull ScanTests performed
Fingerprint web server software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Check if HTTP TRACK/TRACE methods are enabled
Crawl website
Check for SQL Injection
Check for Cross-Site Scripting
Check for Local File Inclusion and Remote File Inclusion
Check for OS Command Injection
Check for ASP Cookieless Cross-Site Scripting
Check for Server Side Request Forgery
Check for Open Redirect
Check for PHP Code Injection
Check for JavaScript Code Injection
Check for outdated JavaScript libraries
Find administrative pages
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words
Attempt to find interesting files / functionality
Check for information disclosure issues
Weak Password Submission Method
Clear Text Submission of Credentials
Verify Domain Sources
Check for commented code/debug messages
Find Login Interfaces
Sensitive Data Crawl

Warning: The Full Scan generates a high amount of noise in the network. A majority of the correctly configured IDSs will detect this scan as attack traffic. Do not use it if you don't have proper authorization from the target website’s owner.


Parameters

ParameterDescription
Target URLThis is the URL of the website that will be scanned. The tool does not follow any redirects, so the exact URL will be scanned. If you want to scan only a certain directory or path, you can add it in the URL like: http://www.mycompany.com/base_directory. All urls must start with http or https.
Light ScanThis is a fast, passive and non-intrusive scan.
Full ScanThis is a complete assessment which covers a much broader range of security tests.
Authentication - User/PasswordThe credentials for the scanner to try authentication before starting the scan.
Authentication - CookieA valid session cookie that will be used by the scanner to do authenticated scans.
Authentication - HeadersCustom HTTP headers that can also be used for authentication (ex. JWT tokens, Basic Authentication etc.)

How it works

The Full version of the scanner includes all the tests from the Light scan and adds more complex security tests. It first crawls the target application then it sends various inputs into the parameters of the pages and looks for specific web vulnerabilities such as: SQL Injection, Cross-Site Scripting, Local File Inclusion, OS Command Injection and many more. Furthermore, the scanner also attempts to detect sensitive files from the server like backup files, old files, admin interfaces, archive files, etc.

While the Light Scan is passive and generates a maximum of 20 HTTP requests to the server, the Full Scan is more aggressive and it sends up to 10,000 HTTP requests. This may trigger alarms from IDS devices but you should know that it is not a destructive scan.

Since the Full Scan does a comprehensive website assessment, it can take up to several hours to complete. To keep your workflow uninterrupted, enable notifications that inform you when the web app scan has finished.

Authenticated scanning

The Website Vulnerability Scanner is able to scan the target web application as an authenticated user. You can configure authentication in several ways:

  • User/Password Authentication: When this option is chosen, the scanner will first try to authenticate to the provided login URL and obtain a valid session cookie. This cookie will be used with all the HTTP requests done to the server, performing an authenticated scan. You have the option to check if the authentication was successful before actually starting the scan.
  • Cookie Authentication: With this option you can specify an already valid session cookie (or multiple cookies) that will be sent with each HTTP request to the server. You have to first get the session cookie by manually logging into your target application with a web browser and transferring the cookie from the browser to the scanner (copy/paste).
  • Headers Authentication: This option allows you to specify custom HTTP headers that will be sent with each request to the target application. These can be used for authentication (e.g. JWT tokens, Basic Authentication, etc.) or for other specific application functionality.
  • Recorded Authentication: This method gives you the possibility to record the steps required to authenticate into the target. The scanner will use this recording by replaying the actions and obtain a valid session every time it detects logging in again is required.