Acunetix Reviews - Pros & Cons, Ratings & more

ESET PROTECT MDR

Aikido Security

ESET Endpoint Security

Tenable.io

Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.

Acunetix

Linux

Web-based

Windows

Associate Consultant - Cyber Security Services

Also, the GUI is very pleasant and user friendly plus you don't have to be an expert on the subject matter to use this.

Quality Assurance Analyst

The only con I found in this software is lack of support. The response time of the customer service team is poor.

Dep. Head of Division Business Continuity Management, IT Oversight and Information Security Division

We use on premise solution. Great solution for small and big enterprises.

DIRECTOR

Great integrations with several technologies (such as Web Application Firewalls). Acunetix detects a lot of vulnerabilities and have the possibility to fix with easy ideas to do that.

Director and founder

Currently you have the "Allowed hosts" settings which is crappy in setting up. I need to set all (sub) domains to a different target.

The interface is built as "point a shoot", idiot proof. Currently, If I want to configure things I need to change xml config files on the server and reload acunetix.

IT Security Specialist

Also continous scanning option is an interesting thing for having continous security awareness of Your vulnerability level. Also login sequence recorder is an awesome tool.

Software Engineer

There is nothing so far to dislike this software.

CISO

Following an initial trial and PoC with couple of competitors, Acunetix had the best features, most suitable licensing model, good support, so we purchased a three year license.

Information Security Manager

Ease of use and cost makes this product's RIO right on the money.

Manager

Acunetix is quite a strong tool for web assessments even though it did not support other types of assessments. Both on prem and cloud scanners are available.

It provides reports for developers for developing options and reports can be generated according to the required compliance standard like.

Cool tool and deserves to get tried once. 

Vulnetability scanner

Thank you for your feedback. We will look into improving our vulnerability detection.

Good thing for a web application pentesting, can give You insight of a present vulnerabilities. Would recommend using in tandem with infrastructure scanner (like Nessus) to create a complete testing solution. Also presence of continous scanning and scheduler could be used for a regular security assesment of Your web applications.

Simple, but very powerful web vunlerability scanner

Thank you for your feedback ¿ we¿re glad that Acuneix is working for you.

Regarding your comment about choosing what to scan for ¿ you can already do this in Acunetix, although the feature is slightly hidden away in Settings > Scan Types. Here you can create your own custom Scan Types, and you will be able to choose which vulnerabilities to check for. When creating a new custom Scan Type, you can filter the vulnerability checks from the top right hand corner of the page.

Remember that you can also easily retest for a specific vulnerability identified in a previous scan.

Continuation of the cons section (number of chars was limited).

* Settings are sometimes unclear, an info icon with a popup would be nice.

 Example 1: In the "Site Structure" of a scan it is possible to press "exclude", does it exlude the path from futre scans? If so why don't I see anything in the target settings? Or does "exlude" exclude vulnerabilities from the report? BTW after pressing exlude I'm not able to "include" it again.
 
 Example 2: "scan speed", how many threads per setting are we talking about?


* Would definitly like to get some more feedback from scans directly in the interface, what is it doing, why did it fail, did all the "allowed hosts" got scanned etc. I know you can debug a target, but this is not what I mean. 



Ok tool, but fix your business model and add more settings to the interface

Thank you for your honest feedback:

As you rightly say, we try to keep an easy to use interface, with the intention of automatically detecting the best way to scan the site. There are some settings which are not used by most of our customers, and which can be manually tweaked from the settings file.

I think you might have missed the little help icon at the top right corner of the Acunetix interface. When clicked, this provides help on the settings loaded in the current page. But to answer your queries:

Example 1 - When you Exclude a path from the Site Structure, the exclusion will be stored with the Target, and will affect subsequent scans. You can delete the exclusion from the Target settings.

Example 2: this is explained on our website at https://www.acunetix.com/blog/docs/configure-scan-speed-acunetix/. I have forwarded your comment about the scan feedback to the product team.

Regarding licensing, I would suggest that you get in touch with our sales team, who can work

As a scanner it is quite good, relevant and well described findings, so far no false positives. Following an initial trial and PoC with couple of competitors, Acunetix had the best features, most suitable licensing model, good support, so we purchased a three year license. However, at some point, it all changed. The license became based on other criteria, the testing and verification tools were removed, there is no support or way of reverting to a previous version, after you realise that the changes introduced and making the software unusable or insufficient. Overall, unless there are guarantees that it won't happen again, I will be very reluctant to renew.

Easy to setup, nice results

Thank you for your feedback.

You can download the free Acunetix Manual Pentesting Tools from https://www.acunetix.com/vulnerability-scanner/free-manual-pen-testing-tools/. You can copy the Request done by Acunetix from the Vulnerability details, and use this in the Acuneix Manual Tools

Great for developers for self evaluation

Terrible sales team!

I've been using Acunetix for 5 years already, and it's getting worst instead of getting better..

Thank you for your feedback.

Most of the features that you are missing have been re-introduced in newer updates.

You can now select to exclude parts of a site using the Site Structure identified in a previous scan.

As you rightly say, you can Pause scans in the latest version of Acunetix. You can also change the Target Settings and resume the scan with the new settings.

Response headers have also been re-introduced recently.

We would appreciate if you can provide more details on the issues with the Login of some sites and larger sites. Please send this info to our support team at support@acuneix.com
 

A well priced, cloud based vulnerability scanner 

We worked very well with Acunetix in the last years, we look forward to go on this way

excellent quality!

Thank you for your feedback. Network Scans are still available with Acunetix Online. We will work on improving our Support.

Modular and complete application level testing of agreed upon domains is usually done with ease and reports are generated with rich content.

Delivers what it promises | Automated Web Security Scanning

Thank you for submitting your review of Acunetix on Capterra, we appreciate your time and are glad to hear we are of service to your business.

Regards
Acunetix Team

Good web application vulnerability scanner but not recommended.

Thank you for your candid feedback.

During an automated scan, Acunetix will make a lot of requests, some of which will invalidate the session. Acunetix is able to automatically detect this and will login to the web application to continue scanning the restricted area. As regards false positives, we would be very interested in getting to know about these. Would you be able to forward samples to our team at support@acunetix.com?

Acunetix is quite a strong tool for web assessments even though it did not support other types of assessments. Both on prem and cloud scanners are available. Less false positives compared to other tools and price is a bit expensive. Lots of options available to download reports.  Overall its a good tool for web assessment. 

Best Web assessment tool 

Acunetix Review

One of the best Web Security Scanners!

Thank you for your feedback. As of 16th May 2019 Network Scanning is now available with Acunetix on-premise.

No geral é muito bom, conseguimos testar as vulnerabilidades de cada versão do nosso produto Web, garantindo aos clientes a devida qualidade de segurança, podendo emitir relatórios mensais do Acunetix e enviar aos clientes, mostrando que o software está seguro.

Software de boa reputação no mercado

Reputable software in the market

after using the tool for several years I can say that it is one of the best web vulnerability scaners on the market

Great audit tool

Acunetix always gives me a very good first impression

Thank you for your feedback.

We are planning on integrating the Acunetix Login Sequence Recorder in the Acunetix web UI. This will make it easier to record login sequences moving forward. If all goes well, we will have this feature in place by the end of Q3 / beginning Q4 this year.

Scanning made Simplified

Accunetix in Education

I use Acunetix to scan our Websites and web applications, usually on the test machines, in order to spot vulnerabilities before moving things to production. The nice thing with Acunetix is that you can schedule automated scans, daily, weekly or monthly, so you can just check the reports with the affected items.

Automated Web Vulnerability Scanning with Acunetix

Thank you for an excellent review. We are really happy Acunetix is working out for you

Acunetix helped us get going with security scans. In the end, the lack of support for certain attacks made us change.

Too many issues not found

We use on premise solution. Great solution for small and big enterprises 

Acunetix perfect vulnerability manager solution

Most user friendly vulnerability scanner i've used 

Thank you for taking the time to review Acunetix. We are glad you like our new dashboard. We will look at improving our support process.

We use cloud solution. It can be used by small and big companies 

Perfect vulnerability management solution

Thank you for your positive review. We are very happy that Acunetix is working out well for you.

This is the best and easiest tool to Scanning for Penetration testing

Acunetix Reviews

Suggested alternatives

Pros and cons

34 reviews