Which Vulnerabilities does Acunetix Web Vulnerability Scanner Check for?

Acunetix Web Vulnerability Scanner automatically checks for the following vulnerabilities, among others:

Web Server Configuration Checks

• Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
• Verify Web Server Technologies
• Vulnerable Web Servers
• Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

Parameter Manipulation Checks

• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• SQL Injection
• Code Execution
• Directory Traversal
• HTTP Parameter Pollution
• File Inclusion
• Script Source Code Disclosure
• CRLF Injection
• Cross Frame Scripting (XFS)
• PHP Code Injection
• XPath Injection
• Path Disclosure
  (Unix and Windows)
• LDAP Injection
• Cookie Manipulation
• Arbitrary File creation (AcuSensor Technology)
• Arbitrary File deletion (AcuSensor Technology)
• Email Injection (AcuSensor Technology)
• File Tampering (AcuSensor Technology)
• URL redirection
• Remote XSL inclusion
• DOM XSS
• MultiRequest Parameter Manipulation
  : Blind SQL/XPath Injection
• Input Validation
• Buffer Overflows
• Sub-Domain Scanning

File Checks

• Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
• Cross Site Scripting in URI
• Checks for Script Errors

File Uploads

• Unrestricted File uploads Checks

Directory Checks

• Looks for Common Files (such as logs, traces, CVS)
• Discover Sensitive Files/Directories
• Discovers Directories with Weak Permissions
• Cross Site Scripting in Path and PHPSESSID Session Fixation.
• Web Applications
• HTTP Verb Tampering

Text Search

• Directory Listings
• Source Code Disclosure
• Check for Common Files
• Check for Email Addresses
• Microsoft Office Possible Sensitive Information
• Local Path Disclosure
• Error Messages
• Trojan Shell Scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Password Checks

• Weak HTTP Passwords
• Authentication attacks
• Weak FTP passwords

Google Hacking Database (GHDB)

• Over 1200 Google Hacking Database Search Entries

Port Scanner and Network Alerts

• Finds All Open Ports on Servers
• Displays Network Banner of Port
• DNS Server Vulnerability: Open Zone Transfer
• DNS Server Vulnerability: Open Recursion
• DNS Server Vulnerability: Cache Poisoning
• Finds List of Writable FTP Directories
• FTP Anonymous Access Allowed
• Checks for Badly Configured Proxy Servers
• Checks for Weak SNMP Community Strings
• Finds Weak SSL Cyphers