Vulnerability Scanners

Recommended Penetration Scanning Software For 2017

Home / Hacker Tools / Top Ten / Vulnerability Scanners

What Is This Resource?
‘Vulnerability Exploitation Scanning Software’ can make the life of a Pentester easy. 

However, a good Penetration Tester (‘Ethical Hacker’) will never rely solely on their tools. The ‘human’ and the ‘tool’ when combined can have very difficult results. What is often the case in the corporate world is when a Penetration Test is commissioned by the client they might often request that a second Red Team come into the organization to conduct the same test. The reason for this is not so much to ensure a competitive atmosphere but rather it is done to compare the results of offensive security teams since it is very likely that the teams will be using the same tools and hacking software that we have listed below.

Quick Links (Tools Listed In This Resource):

To submit a tool please click here or for further information on the range of hacking tools and software that we list please follow this link.

Check Out The Hardware!

It's all well and good knowing the tools, but what about using Vulnerability Scanners on laptops, raspbery pi's and mobiles!

Click here for more information.

Last Updated: September 23rd, 2017

Core Impact

Core Impact

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is Core Impact?
Core Impact is considered to be the greatest explotation tool available. It has a huge and regularly updated database of exploits and can do neat tricks like exploiting one computer system then building an encrypted tunnel through that system to reach and exploit other machines.

Is Core Impact Free?
No, and this tool is expensive (about $30,000).

Does Core Impact Work on all Operating Systems?
Core Impact is natively working on Microsoft Windows.

What are the Typical Uses for Core Impact?
With this tool, users can: Leverage true multi-vector testing capabilities across network, web, mobile, and wireless. Run and check for a high level of unique CVEs (in some cases more than other multi purpose tools) and validate patching efforts to ensure vulnerabilities were remediated correctly.


GFI LanGuard

GFI LanGuard

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is GFI LanGuard?
GFI Languard is a vulnerability and network security scanner that provides a concise analysis of the state of your network. Included here are the default configurations or application that poses as a security risk. This tool can also provide you a clear and complete picture of installed programs, mobile devices that connect to Exchange servers, hardware on your networks, state of security applications, open ports and existing services and shares running on computers.

Is GFI LanGuard Free?
A commercial version is available. Free trial versions may also be offered.

Does GFI LanGuard Work on all Operating Systems?
GFI works on Microsoft Windows operating systems.

What are the Typical Uses for GFI LanGuard?
GFI Languard is used to aid with network and software audits, patch management and vulnerability assessments.


MBSA

MBSA

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is MBSA?
Microsoft Baseline Security Analyzer or most commonly called as MBSA is an easy-to-use tool that helps determine the security state of your computer based on Microsoft security recommendations. After the tool completes the scan on your computer, you receive specific remediation suggestions. Use MBSA to improve your security management process by detecting common security misconfigurations and missing security updates on your computer systems.

Is MBSA Free?
Yes. All versions of this tool are free of charge.

Does MBSA Work on all Operating Systems?
It currently work on Microst Windows operating systems.

What are the Typical Uses for MBSA?
This tool created for IT professionals is used to determine the state of security of small to medium sized businesses. Please take note that MBSA only scans for missing security udpates and critical or optional updates are left behind.


Nessus

Nessus

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is Nessus?
Nessus is one of the well-known vulnerability scanners particularly Unix operating systems. Even if they closed the source code in 2005 and removed the free version in 2008, this tool still beats many of its competitors. This tool is updated constantly with over 70,000 plugins. Features of this tool include local and remote security checks, client server architecture with a web-based interface and embedded scripting language that enable users to write their own plugins and learn more about the existing ones.

Is Nessus Free?
A commercial version of this tool is available. There is a free Nessus tool version but it has limited features and can only be licensed for home network use.

Does Nessus Work on all Operating Systems?
It is compatible with Linux, MAC OS X and windows operating systems.

What are the Typical Uses for Nessus?
Nessus is used to scan for the following vulnerabilities like miscofigurations, default passwords or a few common passwords and absent passwords on system accounts. Nessus can also an external tool like Hydra to launch a dictionary attack, denials of service against TCP/IP stack by using malformed packets or prepare for PCI DSS audtis.


Nexpose

Nexpose

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is Nexpose?
Made by the same folks that manage Metasploit (Rapid7) this tool is a vulnerability scanner which aims to support the whole vulnerability management lifecycle that includes discovery, detection, verification, risk classification, impact analysis, reporting and mitigation of operating systems within a network. The tool integrates with Rapid7’s Metasploit for vulnerability exploitation. This tool is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment.

Is Nexpose Free?
There are commercial versions of Nexpose that statrs with $2,000 per year and there is a also a free but limited community edition this tool.

Does Nexpose Work on all Operating Systems?
Works for Microsoft Windows and Linux operating systems.

What are the Typical Uses for Nexpose?
Nexpose is used to gather fresh data and by its Live Monitoring, you can fix the problems in a matter of hours. By also using this tool, you can transform your data into detailed visualization so you can focus resources and easily share each action with IT, compliance, security and the C-Suite.


Nipper

Nipper

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is Nipper?
Nipper Studio processes the devices’ native configurations during a network audit and enables users to create various audit reports. Using traditional methodology for your network audit, such as Agent-based software and Network Scanners or manual Penetration Testing, you could experience various drawbacks, which does not affect Nipper Studio security audit software. These network scanners send large numbers of network probes to a device and can impact performance. Only the exposed vulnerabilities are verified, potentially missing many issues. Agent-based audit software requires software to be installed on the devices during the network audit. This is not possible for all devices and can introduce additional security vulnerabilities. Manual Penetration Tests checks individual network devices in detail. However this is slow, expensive and results in point in time audits of only a sample of devices.

Is Nipper Free?
A commercial version is available. Free or limited use may also be offered.

Does Nipper Work on all Operating Systems?
Nipper natively works on Linux, Microsoft Windows and MAC OS X operating systems.

What are the Typical Uses for Nipper?
Network Infrastructure Parser also known as Nipper audits the security of network devices such as routers, switches and firewalls. It can parse and analyze device configuration files which the user must supply.


OpenVAS

OpenVAS

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is OpenVAS?
OpenVas is a free vulnerability scanner that was forken out from the last free version of another vulnerability scanner (Nessus) after this tool went propriety in 2005. Plugins of OpenVAS are still written in the Nessus NASL language and even if this project seems dead for a while, its development has restarted.

Is OpenVAS Free?
Yes, all versions of this tool are free of charge.

Does OpenVAS Work on all Operating Systems?
OpenVAS is compatible with Linux and Windows operating systems.

What are the Typical Uses for OpenVAS?
OpenVAS framework is typically used for vulnerability scanning and vulnerability management.


QualysGuard

QualysGuard

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is QualysGuard?
QualysGuard aids businesses in simplifying security operations and lower the cost of compliance by providing critical security intelligence on demand and automating the full spectrum of auding, protection for IT system, compliance and web applications.

Is QualysGuard Free?
A commercial version is available. Free trial may also be offered.

Does QualysGuard Work on all Operating Systems?
It works natively on Linux, Microsoft Office and MAC OS X operating systems.

What are the Typical Uses for QualysGuard?
QualysGuard is used for network discovery and mapping, vulnerability assessment reporting, remediation tracking according to business risk and vulnerability assessment.


Retina

Retina

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is Retina?
Retina is one of the security industry’s most respected and industry-validated vulnerability scanner and serves as the engine for our vulnerability management solutions. There’s no better option for securing your network from vulnerabilities.

Is Retina Free?
Retina is a paid program that starts with $1,700.00.

Does Retina Work on all Operating Systems?
Retina is a Microsft Windows-only tool.

What are the Typical Uses for Retina?
Just like the Nessus tool, Retina is used to monitor and scan all the hosts on a certain network and report any found vulnerabilities.


SAINT

SAINT

Tool Category: Vulnerability Scanners

Cost of Tool: Free


What is SAINT?
SAINT is a paid product that provides support to the Security Content Automation Protocol (SCAP) specification as an Authenticated vulnerability, unauthenticated vulnerability scanner and patch scanner. There are four steps of a SAINT Scan, Step 1 is to screen every live system on a network for TCP and UDP services. Step 2 is for each service that it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network. Step 3 is to scan for vulnerabilities and the last step is that when vulnerabilities are detected, the results are categorized in several ways, allowing customers to target the data they find most useful.

Is SAINT Free?
SAINT is used to be an open source tool but like Nessus but is now a commercial vulnerability scanning tool.

Does SAINT Work on all Operating Systems?
It works on Linux and MAC OS X while other users says that it can also run on Windows operating system and can scan Windows vulnerabilities.

What are the Typical Uses for SAINT?
SAINT is used to screen every live system on a network for UDP and TCP services. For every service and node that it discovers, it will launch a set of pings and probes designed to detect anything that will allow attackers or hackers to gain unauthorized access, gain sensitive information about the network or create a denial of service (DOS).


[continued from top of page]