Grabber is a nice web application scanner which can detect many security vulnerabilities in web applications. It performs scans and tells where the vulnerability exists. It can detect the following vulnerabilities:
- Cross site scripting
- SQL injection
- Ajax testing
- File inclusion
- JS source code analyzer
- Backup file check
It is not fast as compared to other security scanners, but it is simple and portable. This should be used only to test small web applications because it takes too much time to scan large applications.
This tool does not offer any GUI interface. It also cannot create any PDF report. This tool was designed to be simple and for personal use. You can try this tool just for personal use. If you are thinking of it for professional use, I will never recommend it.
This tool was developed in Python. And an executable version is also available if you want. Source code is available, so you can modify it according your needs. The main script is grabber.py, which once executed calls other modules like sql.py, xss.py or others.
Vega is another free open source web vulnerability scanner and testing platform. With this tool, you can perform security testing of a web application. This tool is written in Java and offers a GUI based environment. It is available for OS X, Linux and Windows.
While working with the tool, it lets you set a few preferences like total number of path descendants, number of child paths of a node, depth and maximum number of request per second. You can use Vega Scanner, Vega Proxy, Proxy Scanner and also Scanner with credentials. If you need help, you can find resources in the documentation section: