Site scanners

This is a list of possibly-good website security scanners; this page is not an endorsement. I have not tested all or most of them, it's just the beginning of my research.

Many tools that have been advertised as free have ended up being trials, extremely limited in scope, or no longer free at all.

Tested

Again, not endorsements, just tracking what I've used.

Web-based

These scanners can be run right from a browser, and are by and large free. However, this combination also means that they are narrow in scope and light on detail.

Pentest-tools.com

ImmuniWeb

securityheaders.com by Probely

Serpworx

Client-based

These scanners must be installed and run from a device you own; be sure to connect via VPN or set rules not to block your IP, or you're likely going to get cutoff from your site while testing.

WPScan

Kali Linux Tools

ZAP

Untested

I haven't experimented with these at all, but wanted to track and note them for future use.

Barracuda Site Security Scanner | Barracuda Campus

Vulnerability Scanning Tools | OWASP Foundation