Vulnerability scanners are critical tools for proactively identifying security weaknesses before attackers can exploit them. This curated list includes both open-source and commercial solutions for various scanning needs.

Network Vulnerability Scanners

Nessus

Commercial / Free Home Use

Industry-leading vulnerability scanner with extensive plugin library. Offers comprehensive scanning capabilities for networks, web applications, and cloud environments. Free version available for home use.

Visit Nessus →

OpenVAS

Open Source

Full-featured open-source vulnerability scanner maintained by Greenbone Networks. Includes thousands of network vulnerability tests and regular feed updates.

Visit OpenVAS →

Qualys VMDR

Commercial / Cloud-Based

Cloud-based vulnerability management platform offering continuous monitoring, detection, and response capabilities with minimal infrastructure requirements.

Visit Qualys →

Nmap

Open Source

Powerful network scanner for host discovery, port scanning, and service detection. Essential tool for security auditing and network inventory. Includes NSE scripting engine for vulnerability detection.

Visit Nmap →

Web Application Scanners

Burp Suite

Commercial / Free Community Edition

Comprehensive web application security testing platform. Includes proxy, scanner, intruder, and repeater tools. Community edition available for manual testing.

Visit Burp Suite →

OWASP ZAP

Open Source

Free and open-source web application security scanner. Ideal for finding vulnerabilities in web applications during development and testing phases.

Visit OWASP ZAP →

Acunetix

Commercial

Automated web application security testing tool that detects over 7,000 vulnerabilities including SQL injection, XSS, and misconfigurations.

Visit Acunetix →

Nikto

Open Source

Web server scanner that performs comprehensive tests against web servers for dangerous files, outdated server software, and configuration issues.

Visit Nikto →

Specialized Scanners

Trivy

Open Source

Comprehensive security scanner for containers, infrastructure as code, and file systems. Detects vulnerabilities in dependencies, misconfigurations, and secrets.

Visit Trivy →

Lynis

Open Source

Security auditing tool for Unix-based systems. Performs in-depth security scans and provides hardening recommendations for servers and workstations.

Visit Lynis →

Wapiti

Open Source

Web application vulnerability scanner that performs "black-box" testing. Audits the security of web applications by crawling and injecting payloads.

Visit Wapiti →