Tools compared: Linux vulnerability scanners

Finding the right tool can be difficult. This sheet compares Lynis, OpenSCAP, OpenVAS, salt-scanner and Vuls.

LynisOpenSCAPOpenVASsalt-scannerVuls
Description

Security auditing tool for systems running Linux, mac OS, or Unix, to perform an in-depth health check.

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and does a remote login to find any software vulnerabilities.

Tool detailsThumbnail

Lynis is an open source security auditing tool that is available since 2007 and created by Michael Boelen. Its primary goal is to evaluate the security defenses of systems running Linux or other flavors of Unix. It provides suggestions to install, configure, or correct any security measures.

The OpenSCAP project provides a wide variety of hardening guides, configuration baselines, and tools to test for vulnerabilities and configuration issues. It uses SCAP as the protocol to store the underlying data.

OpenVAS is an open source vulnerability scanner that emerged from when Nessus became closed source in October of 2005.

Dependencies
StrenghtsCommercial support available, More than 50 contributors, More than 3000 GitHub stars, Used language is shell script, Very low number of dependencies, Project is mature (5+ years), The source code of this software is availableMore than 25 contributors, The source code of this software is available, Supported by a large companyThe source code of this software is available, Well-known toolThe source code of this software is availableMore than 50 contributors, More than 4000 GitHub stars, The source code of this software is available
WeaknessesNo releases on GitHub available
Programming language(s)shell scriptCCPythonGolang
Last release

2.5.6 (2017-10-27)

1.2.15 (2017-08-25)

9 (2017-03-08)

Unknown

0.4.0 (2017-08-25)

Tool page (last updated)

2017-09-17

2017-09-17

2017-10-02

2017-09-17

2017-09-17

Tool score
100
89
78
64
89
DownloadDownloadDownloadDownloadDownloadDownload
More informationLynis reviewOpenSCAP reviewOpenVAS reviewsalt-scanner reviewVuls review