This document lists and describes the top 10 web vulnerability scanners as reported by users of the nmap-hackers mailing list in 2006. #1 is Nikto, an open source web server scanner that performs comprehensive tests against servers. #2 is Paros Proxy, a Java-based web proxy for assessing vulnerabilities in web applications. #3 is WebScarab, an open source tool for analyzing applications that use HTTP and HTTPS.