Tool comparison of Linux vulnerability scanners

Systems running a Linux-based kernel can have a wide range of vulnerabilities. It starts with kernel security and goes up to vulnerabilities in software components and their configuration. Fortunately, there are many security tools available in this area. The only challenge with them is to find the right tool for the job, as each has its own focus area.

When looking for a vulnerability scanner on Linux, first determine what you like to target. Typically the tools running on the host can find more details than those that scan from the network. Although that part might be mitigated when a scan is performed with credentials provided.

While most tools in this area can find vulnerabilities, consider also your main purpose while scanning for them. For example, setting up proper software patch management might be more important than the act of finding vulnerabilities. In that case a vulnerability scanner can be used as a detection tool to check if processes are working as expected.

Tool comparison of Lynis, OpenSCAP, OpenVAS, Vuls, and salt-scanner
LynisOpenSCAPOpenVASVulssalt-scanner
Description

Lynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.

Dependencies
Strenghts
  • The source code is easy to read and understand
  • More than 100 contributors
  • More than 8000 GitHub stars
  • Tool is easy to use
  • Available as package (simplified installation)
  • Commercial support available
  • Used language is shell script
  • Very low number of dependencies
  • Project is mature (10+ years)
  • The source code of this software is available
  • More than 25 contributors
  • The source code of this software is available
  • Supported by a large company
  • The source code of this software is available
  • Well-known tool
  • More than 50 contributors
  • More than 5000 GitHub stars
  • The source code of this software is available
  • The source code of this software is available
Weaknesses
  • No releases on GitHub available
Programming language(s)

Shell script

C

C

Golang

Python

Last release

3.0.5 (2021-07-02)

1.3.5 (2021-04-23)

21.4.1 (2021-06-23)

0.15.13 (2021-07-18)

Unknown

Tool page (last updated)

2021-07-03

2021-06-16

2021-06-24

2021-07-19

2021-05-21

Tool score

100

89

97

100

64

Download

Download

Download

Download

Download

Download

More information