When it comes to vulnerability scanning, there are many high-quality, open-source projects to choose from. While it’s difficult to write a definitive list of the “best” tools, our team at HostedScan has significant experience working with open-source security scanners and we’ve put together a list of our favorites. These projects are industry-trusted and used daily by millions of cybersecurity professionals.
Nmap
website: https://nmap.org/
Nmap (Network Mapper) was first released in 1997 and has become a key tool for every cybersecurity professional. One of the most common use cases for Nmap is port scanning. Port scanning discovers the open ports and services running on a network. The port scan results are used to validate firewall configurations, ensure no unexpected services are publicly exposed, and to build an inventory of what services are running on the network.
Try an Nmap port scan on HostedScan
Besides port scanning and discovery, Nmap has many add-on scripts. One of the most popular uses of scripts is to test the discovered ports and services for vulnerabilities.
OpenVAS / Greenbone Community Edition
website: https://greenbone.github.io/docs/latest/
OpenVAS is a widely-used, open-source network vulnerability scanner. It first scans targets to discover ports and services. Then it checks the discovered services for over 50,000 vulnerabilities and CVEs.
Try an OpenVAS vulnerability scan on HostedScan
OpenVAS is maintained by the team at Greenbone and run through the Greenbone Community Edition software stack. Greenbone also offers a paid enterprise edition of the scanner, which should be used for scanning enterprise products such as Cisco and Palo Alto networking equipment. For scanning typical web servers, the community edition (OpenVAS) is generally sufficient.
ZAP - Zed Attack Proxy
website: https://www.zaproxy.org/
ZAP is “the world’s most widely used web app scanner”. A web application crawls both traditional html and modern javascript websites to check for security vulnerabilities. ZAP has two categories of tests: 1) Passive security tests to check for issues such as cookie security, information disclosure, and csp configurations. 2) Active security tests which submit buttons and forms to check for issues such as sql injection and cross-site scripting.
Try a ZAP web application scan on HostedScan
The ZAP scanner is popular for both automated scanning and manual penetration testing. The software is supported by a dedicated team who are highly responsive and continuously adding improvements.
Nuclei
website: https://github.com/projectdiscovery/nuclei
Like OpenVAS, Nuclei is a network vulnerability scanner. As a newer project, Nuclei doesn’t have as large of a historical vulnerability feed as OpenVAS, however it is loved for it’s modern design. It is easy for security professionals to add new tests and customize their scans using Nuclei. This makes it popular with researchers and bug bounty hunters who are testing for specific vulnerabilities.
SSLyze
website: https://github.com/nabla-c0d3/sslyze
It is essential to ensure that that your web applications have properly configured TLS/SSL. SSLyze makes it easy to check your entire certificate chain for configuration issues and encryption vulnerabilities.
Try an SSLyze scan on HostedScan
Trivy
website: https://github.com/aquasecurity/trivy
Modern software development has moved more and more towards containerized workloads. Trivy checks your container images for OS packages, CVEs, misconfigurations, leaked secrets, and software licensing issues.
The Trivy project is maintained by Aqua Security.
NIST - National Vulnerability Database
website: https://nvd.nist.gov/vuln
While not exactly an open-source tool, the National Vulnerability Database is the authority for CVEs (Common Vulnerabilities and Exposures). CVEs are the foundational data for most vulnerability scanning software.
Kali Linux
website: https://www.kali.org/
Kali Linux is not itself a vulnerability scanner, but is instead an open-source Linux distribution which comes prepackaged with security scanning and penetration testing software. It includes software such as Nmap, OpenVAS, Wireshark, Metasploit, and many more. With Kali, you no longer have to take the time to install and configure all of these tools individually.
Conclusion
I hope you found this list of open-source vulnerability scanners to be useful.
Did I miss one of your favorite security scanning tools? Let me know.
HostedScan Trial
Secure your sites today
Test Nmap, OpenVAS, OWASP ZAP and SSLYZE and manage from one platform.