Joomscan, Joomla Security Scanner is now updated to 611 vulnerabilities database.

In Joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update

Overview:
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

Features:

• Exact version Probing
• Common Joomla! based web application firewall detection
• Searching known vulnerabilities of Joomla! and its components
• Reporting to Text & HTML output
• Immediate update capability via scanner or svn

Requirement:
Perl 5.6 or up

Download: joomscan-latest.zip

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Features:

• Intercepting Proxy
• Automated scanner
• Passive scanner
• Brute Force scanner
• Spider
• Fuzzer
• Port scanner
• Dynamic SSL certificates
• API
• Beanshell integration

Characteristics:

• Easy to install (just requires java 1.6)
• Ease of use a priority
• Comprehensive help pages
• Fully internationalized
• Under active development
• Open source
• Free (no paid for ‘Pro’ version)
• Cross platform
• Involvement actively encouraged

Download: ZAP 1.3.1