Nikto ZAProxy Wapiti
If the webapp uses a CMS:
- CMSScan (WP, Drupal, Joomla, vBulletin)
- Clusterd (JBoss, Coldfusion, Tomcat, Weblogic, RAilo, Aixs2, Glassfish)
- WPScan
GoSpider - Dirhunt
Always try to dupplicate findings with backups -x .bck, .backup
Nikto ZAProxy Wapiti
If the webapp uses a CMS:
GoSpider - Dirhunt
Always try to dupplicate findings with backups -x .bck, .backup