Excellent idea. You can update your list looking in source codes of the last cracker-scanners and in your web-logs. I love to do it.
Ps1: a lot of web scanners created by genial "
script kiddiez" and designed to attack can also be used to discover and solve potential security holes, but rarely the professional developers and webmasters do that (
AFAIK).
Ps2: (maybe off-topic) I'm
trying to code a new security scanner application (Win32/
Lua) called "Pandora's Cube" that test all XOOPS files and uses all ~
4.000 variables extracted from XOOPS Cube using PHPXREF 0.7. The objective is make a more specific tool to help to find some kind of
vulnerabilities in XOOPS Cube.