Vulnerability scanners

Image of a gate with a chain and lock, related to tools used for vulnerability scanning on Linux

Introduction

Vulnerability scanners play an important part in vulnerability management. See which open source tools are available in this category.

Vulnerability scanners typically come in two variants: local or remote. With the first group, the scanning itself happens on the related device itself. While this requires direct access to the system or device, it often results in a more extensive scan. Remote scanning is commonly used, where the scan happens on a central system. Some vulnerability scanners may be configured to do a hybrid: network-based scanning combined with an authenticated scan to obtain more details.

Usage

Vulnerability scanners are typically used for vulnerability management and vulnerability scanning.

Users for these tools include pentesters, security professionals, system administrators.

Tools

Vulnerability scanners
ToolTypeDescriptionLatest releaseRelease dateScore
ArcheryVulnerability assessment and managementArchery is a Django-based application to perform vulnerability assessments and do vulnerability management.ARCHERY-v1.0-betaMarch 19, 201896
Bash ScannerVulnerable package detection for LinuxBash Scanner is a security tool that does a quick scan to see if there are vulnerable packages. It uses an external service to validate.1.2Nov. 30, 201560
BDAVulnerability scan for Hadoop and SparkBDA is a security tool to test installations of Hadoop and Spark, often used to store big data sets. Configuration weaknesses and other issues can be detected.1.0.0May 28, 201885
CMSmapReconnaissance tool for popular CMS frameworksCMSmap is a security tool to perform reconnaissance on a web target. It helps with the detection of several popular content management systems (CMS).UnknownUnknown64
DagdaVulnerability scanner for Docker containersDagda is a security tool to perform static analysis of known vulnerabilities, malware and threats in Docker images and containers. It monitors both the Docker daemon and running containers to find anomalies and suspicious activities.0.6.0Aug. 25, 201768
flunym0usVulnerability scanner for WordPress and MoodleFlunym0us is a security scanner for WordPress and Moodle installations. The tool tests the security of the installation by performing enumeration attempts.UnknownUnknown68
Intrigue CoreAttack surface discoveryIntrigue Core is a security framework to help with automated attack surface discovery. It can be used both as an offensive or defensive tool.0.5July 3, 2018100
JexBossJBoss verify and exploitation toolJexBoss is a security tool to verify and exploit vulnerabilities in JBoss applications. It can be used for security assignments and pentests.UnknownUnknown64
LynisSecurity scanner and compliance auditing toolLynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.2.6.6July 6, 2018100
NmapNetwork and vulnerability scannerNmap is a security scanner that can perform a port scan, network exploration, and determine vulnerabilities7.70March 20, 2018100
OpenVASVulnerability scannerOpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.5.0.9March 27, 201896
Prowler (vuln)Distributed vulnerability scannerProwler is a distributed vulnerability scanner that can run on devices like the Raspberry Pi. It can scan a set of systems and perform the typical tests within vulnerability scanning.UnknownUnknown78
SafetyVulnerability scanner for software dependenciesSafety is a security tool to scan software dependencies and see which ones are possibly vulnerable. See the review and how the tool works.1.8.2July 10, 201897
salt-scannerLinux vulnerability scannerSalt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.UnknownUnknown64
TulparWeb vulnerability scannerTulpar is a security tool to scan web targets for possible vulnerabilities. It checks a wide range of items and attack types for this particular purpose.UnknownUnknown64
VaneWordPress vulnerability scannerVane is a forked project of the now non-free popular WordPress vulnerability scanner WPScan.UnknownUnknown64
VScanVulnerability scanner with Nmap and NSEVscan is a security tool to perform vulnerability scanning with Nmap. It leverages NSE scripts to provide some flexibility in terms of vulnerability detection and exploitation.UnknownUnknown64
VulsAgentless vulnerability scannerVuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.0.4.2Dec. 1, 201793
vulscanVulnerability scanning with NmapVulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.UnknownUnknown78
WapitiVulnerability scanner for web applicationsWapiti is a security tool to perform vulnerability scans on web applications. It uses fuzzing to detect known and unknown paths, among other tests.3.0.0Jan. 19, 201874
WhitewidowSQL vulnerability scannerWhitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.2.0May 1, 201760

Highlighted tools based on their strenghts

Some of the vulnerability scanners have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.

» All-rounder = OpenVAS
» Easy to use = Lynis
» Low on requirements = Lynis

Other related category: Linux vulnerability scanning tools