Almost every penetration testing project must follow a strict schedule, mostly determined by clients' requirements or development delivery dates. It is very useful for a penetration tester to have a tool that can perform plenty of tests on an application in a short period of time in order to identify the biggest possible number of vulnerabilities in the scheduled days. Automated vulnerability scanners are the tools to pick for this task. They can also be used to find exploitation alternatives or to be sure that one doesn't leave something obvious behind in a penetration test.

Kali Linux includes several vulnerability scanners aimed at Web applications or specific Web application vulnerabilities; in this chapter, we will cover some of the most widely used by penetration testers and security professionals.