Link to OWASP Vulnerability Scanning Tools

psiinon / open-source-web-scanners

A list of open source web security scanners

Apache License 2.0

958 stars 127 forks source link

Link to OWASP Vulnerability Scanning Tools #3

Closed OlivierJaquemet closed 2 years ago

OlivierJaquemet commented 2 years ago

Add external link to OWASP "Vulnerability Scanning Tools" which includes more tools

OlivierJaquemet commented 2 years ago

I did find some open source tools that were in this OWASP page that were not in yours and not in the other page you had linked.

psiinon commented 2 years ago

Oh, which ones? Would be good to add them if they are on github ...

OlivierJaquemet commented 2 years ago

Here are the Open Source scanner listed on that page that are on GitHub and not yet on your list :

There are others Open source scanner in the OWASP list, but not on GitHub

psiinon commented 2 years ago

Thanks! So

Deepfence ThreatMapper = Infrastructure?
OpenVAS by Greenbone = Infrastructure?
Adobe Ride (REST JSON Payload fuzzer) = Fuzzer?
VWT Digital Sec-helpers = Infrastructure?

I thought OWASP PurpleTeam was a wrapper around other tools (like ZAP) - I dont really want to track those as well ;) Or does it do any of its own scanning? (if you know)

OlivierJaquemet commented 2 years ago

Your classification looks good to me.

Regarding PurpleTeam, I'm sorry, but I have absolutely no idea... It looks like they have their own (app and tls scanner](https://purpleteam-labs.com/doc/local/set-up/#application-scanner), but I could not check for sure.

psiinon commented 2 years ago

I'll check - I know the author ;) And will add the others when I get the chance, unless you fancy PR'ing them? ;) Thanks for the feedback!