Which Vulnerabilities does Acunetix Web Vulnerability Scanner Check for?

Acunetix Web Vulnerability Scanner automatically checks for the following vulnerabilities, among others:

Web Server Configuration Checks

  • Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
  • Verify Web Server Technologies
  • Vulnerable Web Servers
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

Parameter Manipulation Checks

File Checks

File Uploads

Directory Checks

  • Looks for Common Files (such as logs, traces, CVS)
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Web Applications
  • HTTP Verb Tampering

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Microsoft Office Possible Sensitive Information
  • Local Path Disclosure
  • Error Messages
  • Trojan Shell Scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Password Checks

Google Hacking Database (GHDB)

Port Scanner and Network Alerts

  • Finds All Open Ports on Servers
  • Displays Network Banner of Port
  • DNS Server Vulnerability: Open Zone Transfer
  • DNS Server Vulnerability: Open Recursion
  • DNS Server Vulnerability: Cache Poisoning
  • Finds List of Writable FTP Directories
  • FTP Anonymous Access Allowed
  • Checks for Badly Configured Proxy Servers
  • Checks for Weak SNMP Community Strings
  • Finds Weak SSL Cyphers