A web vulnerability scanner is a program which works on a web application in order to discover potential security vulnerabilities and architectural flaws. It performs a black-box test, no source code is reviewed.
As web applications are widely used now days, performing many businesses around the world. This is making it an easy target for many attackers to play around. In past few years, thousands of web applications are compromised due to its security vulnerabilities and loop holes in their architecture.
Netsparker
vulnerabilities. It provides the result for only confirmed vulnerabilities after successful exploitation and testing.Burp Suite
Burp suite is a Java base software for performing vulnerability scanning of web applications. It contains a variety of tools designed to facilitate the attack. The free version is available with limited features, but can be directly purchased with one year subscriptions for $299.
Nikto
Nikto is an open source web security scanner tool which performs comprehensive scanning of web servers. It can scan multiple items on servers, including files and versions specific problems for servers. It can also check server’s configuration, making it a powerful tool to scan server’s security and related flaws.
W3af
W3af is known as most powerful and flexible tool for finding web application’s vulnerability. It’s easy to use feature made it popular among the security professionals like ethical hackers. W3af contains many web assessment and exploitation plugins as well.
Arachni Vulnerability Scanner
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.
It is free, with its source code public and available for review.
WebScarab
WebScarab is a tool, available for anyone who wants to expose or check the working of HTTP request on web application. It allows developer to debug program, and security specialist to identify vulnerabilities in the application or in application’s design.
Vega
Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.
Skipfish
It is the most popular tool that scans and prepares sitemap for the web application by recursively crawling into the application. The resulted sitemap is further can be used to exploit and discover different vulnerabilities.
Acunetix
Acunetix is known for its automated nature to find the vulnerabilities such as Sql injection, cross site scripting, weak password strength on authentication pages and others. Security professional uses this tool for preparing security audit reports and advance 
web penetration testing due to its interactive GUI.
AppScan
AppScan is the scanning tool that provides security testing throughout the development cycle of a web application. It scans the web application for the commonly known vulnerabilities and backdoors. Many professional and penetration testers use this tool to test the web application.
