As someone who uses Metasploit, Canvas, Burp Suite Pro and am currently evaluating Netsparker I might be able to offer an unbiased view.
Metasploit is an exploitation framework. There's different versions available (community, pro etc.). The community version has a web app scanner and is reasonably ok, but it tends to be caught by intrusion detection systems fairly easily and it's payloads often don't clean up properly. It's better suited to infrastructure exploitation, but can be used in a web app context.
Canvas[1] has some limited web app scanning capability but has more of a core focus on infrastructure exploitation.
Burp Suite Pro[2] is a framework for testing web applications. It's probably the best tool out there for testing web apps (if you know what you're doing). It's also ludicrously cheap and there is a free version for non-commercial use. It comes with a fairly comprehensive web app scanner.
NetSparker is a web application scanner. From what I can tell it's mainly competing with things like Accunetix. It has some features that are similar to Metasploit Pro but focuses primarily on the application layer. It sits more between Burp Suite Pro and Canvas for my purposes. You can download an eval from http://www.mavitunasecurity.com/ or the community edition.
Metasploit is an exploitation framework. There's different versions available (community, pro etc.). The community version has a web app scanner and is reasonably ok, but it tends to be caught by intrusion detection systems fairly easily and it's payloads often don't clean up properly. It's better suited to infrastructure exploitation, but can be used in a web app context.
Canvas[1] has some limited web app scanning capability but has more of a core focus on infrastructure exploitation.
Burp Suite Pro[2] is a framework for testing web applications. It's probably the best tool out there for testing web apps (if you know what you're doing). It's also ludicrously cheap and there is a free version for non-commercial use. It comes with a fairly comprehensive web app scanner.
NetSparker is a web application scanner. From what I can tell it's mainly competing with things like Accunetix. It has some features that are similar to Metasploit Pro but focuses primarily on the application layer. It sits more between Burp Suite Pro and Canvas for my purposes. You can download an eval from http://www.mavitunasecurity.com/ or the community edition.
[1] http://www.immunityinc.com
[2] http://www.portswigger.net