Abstract

The increasing complexity and importance of web applications have made them main targets of cyberattacks. Ethical hacking plays a crucial role in identifying and fixing vulnerabilities before they can be exploited by attackers. Specifically, automated ethical hacking tools have gained widespread use due to their speed and effectiveness in identifying vulnerabilities. This study reviews the most studied tools in previous research and evaluates their effectiveness based on reported detection results. Using a literature-based approach, this paper analyzes the effectiveness of automated ethical hacking tools in identifying web applications vulnerabilities. By reviewing and synthesizing findings from previous research, the study examines each tool’s ability to detect common web applications vulnerabilities. The discussion highlights pros such as flexibility of use and high detection accuracy for common vulnerabilities, as well as cons like high false positives rates and limited on detecting complex or logic-based vulnerabilities. According to the results, automated tools are beneficial for basic evaluations, but they work better when combined with manual testing. This study offers a deeper understanding of the role automated tools play in modern cybersecurity practices and provide guidance for enhancing vulnerability assessment methods.