My queries before start using ironWASP

[winx...@gmail.com]

Hi Team, 

I am totally new to IRONwasp or any other web assessments,struck with couple of questions, thanks in advance 

In the login record sequence, i hope i can record only username and password without CSRF, if yes when and what situation i need to use CSRF token ? 

when i perform the scan the URL with ironWASP, what are the list of vulnerabilities i can cover ? can i have the list of vulnerabilities ?

Is the IRONwasp would cover the vulnerabilities like shellshock and Heardbleed ? 

How updated is this or how frequent is this will get update, for example HTTP.sys remote code execution will also cover in this ?

Regards

winxlinx