A vulnerability scan, whether internal or external, doesn’t traverse every network file like an antivirus product. It must be configured to scan certain interfaces, like internal or external IP addresses (such as ports and services), for vulnerabilities. Vulnerability scanners include different tools and scripts designed to check for.
Description
Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration. This category of tools is frequently referred to as Dynamic Application Security Testing (DAST) Tools. A large number of both commercial and open source tools of this type are available and all of these tools have their own strengths and weaknesses. If you are interested in the effectiveness of DAST tools, check out the OWASP Benchmark project, which is scientifically measuring the effectiveness of all types of vulnerability detection tools, including DAST.
Nessus is one of the many vulnerability scanners used during vulnerability assessments and penetration testing engagements, including malicious attacks. This article will focus on this vulnerability scanner, discussing the fundamentals that one needs to have before getting started with the tool, the different scanning capabilities that it provides, what it takes to run the tool and how results. Vulnerability scanners automate security auditing and can play a vital part in your IT security by scanning your network and websites for different security risks. These scanners are also capable of generating a prioritized list of those you should patch, and they also describe the vulnerabilities and provide steps on how to remediate them. Vulnerability scanners are tools that constantly monitor applications and networks to identify security vulnerabilities. They work by maintaining an up-to-date database of known vulnerabilities, and conduct scans to identify potential exploits. Vulnerability scanning or vulnerability assessment is a systematic process of finding security loopholes in any system addressing the potential vulnerabilities. The purpose of vulnerability assessments is to prevent the possibility of unauthorized access to systems.
Here we provide a list of vulnerability scanning tools currently available in the market.
Disclaimer: The tools listing in the table below are presented in alphabetical order. OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below.
OWASP is aware of the Web Application Vulnerability Scanner Evaluation Project (WAVSEP). WAVSEP is completely unrelated to OWASP and we do not endorse its results, nor any of the DAST tools it evaluates. However, the results provided by WAVSEP may be helpful to someone interested in researching or selecting free and/or commercial DAST tools for their projects. This project has far more detail on DAST tools and their features than this OWASP DAST page.
Tools Listing
| Name/Link | Owner | License | Platforms | Note |
|---|---|---|---|---|
| Abbey Scan | MisterScanner | Commercial | SaaS | |
| Acunetix | Acunetix | Commercial | Windows, Linux, MacOS | Free (Limited Capability) |
| App Scanner | Trustwave | Commercial | Windows | |
| AppCheck Ltd. | AppCheck Ltd. | Commercial | SaaS | Free trial scan available |
| AppScan | HCL Software | Commercial | Windows | |
| AppScan on Cloud | HCL Software | Commercial | SaaS | |
| AppSpider | Rapid7 | Commercial | Windows | |
| AppTrana Website Security Scan | AppTrana | Free | SaaS | |
| Arachni | Arachni | Free | Most platforms supported | Free for most use cases |
| Astra Security Suite | Astra Security | Free | SaaS | Paid Option Available |
| BREACHLOCK Dynamic Application Security Testing | BREACHLOCK | Commercial | SaaS | |
| Beagle Security | Beagle Security | Commercial | SaaS | Free (Limited Capability) |
| BlueClosure BC Detect | BlueClosure | Commercial | Most platforms supported | 2 week trial |
| Burp Suite | PortSwiger | Commercial | Most platforms supported | Free (Limited Capability) |
| Contrast | Contrast Security | Commercial | SaaS or On-Premises | Free (Full featured for 1 App) |
| Crashtest Security | Crashtest Security | Commercial | SaaS or On-Premises | |
| Cyber Chief | Audacix | Commercial | SaaS or On-Premises | |
| Detectify | Detectify | Commercial | SaaS | |
| Digifort- Inspect | Digifort | Commercial | SaaS | |
| Edgescan | Edgescan | Commercial | SaaS | |
| GamaScan | GamaSec | Commercial | Windows | |
| GoLismero | GoLismero Team | Open Source | Windows, Linux and Macintosh | GPLv2.0 |
| Grabber | Romain Gaucher | Open Source | Python 2.4, BeautifulSoup and PyXML | |
| Gravityscan | Defiant, Inc. | Commercial | SaaS | Free (Limited Capability) |
| Grendel-Scan | David Byrne | Open Source | Windows, Linux and Macintosh | |
| HostedScan.com | HostedScan.com | Commercial | SaaS | Free Forever |
| IKare | ITrust | Commercial | N/A | |
| IOTHREAT | IOTHREAT | Commercial | SaaS | Free (View Partial Results). Full report (PRO) - 50% discount for the OWASP community with 'OWASP50'. |
| ImmuniWeb | High-Tech Bridge | Commercial | SaaS | Free (Limited Capability) |
| Indusface Web Application Scanning | Indusface | Commercial | SaaS | Free trial available |
| InsightVM | Rapid7 | Commercial | SaaS | Free trial available |
| Intruder | Intruder Ltd. | Commercial | ||
| K2 Security Platform | K2 Cyber Security | Commercial | SaaS/On-Premise | Free trial available |
| Mayhem for API | ForAllSecure | Commercial | SaaS | 30-day Free Trial |
| N-Stealth | N-Stalker | Commercial | Windows | |
| Nessus | Tenable | Commercial | Windows | |
| Netsparker | Netsparker | Commercial | Windows | |
| Nexpose | Rapid7 | Commercial | Windows/Linux | Free (Limited Capability) |
| Nikto | CIRT | Open Source | Unix/Linux | |
| Nmmapper Tool Collections | Nmmapper | Commercial | SasS | Great Collection of Kali Tool hosted online |
| Nuclei | ProjectDiscovery | Open Source | Windows, Unix/Linux, and Macintosh | Fast and customisable vulnerability scanner based on simple YAML based DSL. |
| Probely | Probely | Commercial | SaaS | Free (Limited Capability) |
| Proxy.app | Websecurify | Commercial | Macintosh | |
| QualysGuard | Qualys | Commercial | N/A | |
| ReconwithMe | Nassec | Commercial | SaaS | Paid Option Available |
| Retina | BeyondTrust | Commercial | Windows | |
| Ride (REST JSON Payload fuzzer) | Adobe, Inc. | Open Source | Linux / Mac / Windows | Apache 2 |
| SOATest | Parasoft | Commercial | Windows / Linux / Solaris | |
| ScanRepeat | Ventures CDX | Commercial | SaaS | |
| ScanTitan Vulnerability Scanner | ScanTitan | Commercial | SaaS | Free (Limited Capability) |
| Sec-helpers | VWT Digital | Open Source or Free | N/A | |
| SecPoint Penetrator | SecPoint | Commercial | N/A | |
| Security For Everyone | Security For Everyone | Commercial | SaaS | Free (Limited Capability) |
| Securus | Orvant, Inc | Commercial | N/A | |
| Sentinel | WhiteHat Security | Commercial | N/A | |
| StackHawk | StackHawk | Commercial | SaaS | |
| Tinfoil Security | Synopsys | Commercial | SaaS or On-Premises | Free (Limited Capability) |
| Trustkeeper Scanner | Trustwave SpiderLabs | Commercial | SaaS | |
| Vega | Subgraph | Open Source | Windows, Linux and Macintosh | |
| Vex | UBsecure | Commercial | Windows | |
| WPScan | WPScan Team | Commercial | Linux and Mac | Free options |
| Wapiti | Informática Gesfor | Open Source | Windows, Unix/Linux and Macintosh | |
| Web Security Scanner | DefenseCode | Commercial | On-Premises | |
| WebApp360 | TripWire | Commercial | Windows | |
| WebCookies | WebCookies | Free | SaaS | |
| WebInspect | Micro Focus | Commercial | Windows | |
| WebReaver | Websecurify | Commercial | Macintosh | |
| WebScanService | German Web Security | Commercial | N/A | |
| Websecurify Suite | Websecurify | Commercial | Windows, Linux, Macintosh | Free (Limited Capability) |
| Wikto | Sensepost | Open Source | Windows | |
| Zed Attack Proxy | OWASP | Open Source | Windows, Unix/Linux, and Macintosh | Apache-2.0 |
| beSECURE (formerly AVDS) | Beyond Security | Commercial | SaaS | Free (Limited Capability) |
| purpleteam | OWASP | Open Source | CLI and SaaS | GNU-AGPL v3 |
| w3af | w3af.org | Open Source | Linux and Mac | GPLv2.0 |
References
- SAST Tools - OWASP page with similar information on Static Application Security Testing (SAST) Tools
- Free for Open Source Application Security Tools - OWASP page that lists the Commercial Dynamic Application Security Testing (DAST) tools we know of that are free for Open Source
- http://sectooladdict.blogspot.com/ - Web Application Vulnerability Scanner Evaluation Project (WAVSEP)
- http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria - v1.0 (2009)
- http://www.slideshare.net/lbsuto/accuracy-and-timecostsofwebappscanners - White Paper: Analyzing the Accuracy and Time Costs of WebApplication Security Scanners - By Larry Suto (2010)
- http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html - NIST home page which links to: NIST Special Publication 500-269: Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0 (21 August, 2007)
- http://www.softwareqatest.com/qatweb1.html#SECURITY - A list of Web Site Security Test Tools. (Has both DAST and SAST tools)
What Is Vulnerability Scanning?
In the modern connected economy, various businesses have expanded operations to global scale riding on the back of the internet and e-commerce. However, the internet also exposes organizations to a myriad of cyber threats, most of which target vulnerabilities present in an organizations’ unpatched systems, servers, applications, and databases. Moreover, networking and security equipment meant to protect organizations from external threats can also be exposed to such vulnerabilities. As organizations evolve and expand their infrastructure, their attack surface also expands, exposing them to new vulnerabilities and zero-day attacks.
This is where organizations use vulnerability scanning or assessment tools as a counter-mechanism. The method of identifying security holes or vulnerabilities in modern IT environments and categorizing them is known as Vulnerability Analysis.
In this article, we’ll list the top 10 vulnerability scanners available today.
Top 10 Vulnerability Scanner Software
1. SolarWinds Network Configuration Manager (NCM)
SolarWinds Network Configuration Manager (NCM) is a capable tool offering a wide range of features for countering vulnerabilities. A lot of times, any misconfiguration of networking equipment, servers, and other applications in an enterprise environment opens doors for threat actors to exploit a vulnerability. Network Configuration Manager provides a smart approach to avoiding such attacks. It automates configuration management, reducing admin workloads in repetitive tasks, and helps you meet compliance mandates. You can also carry out detailed vulnerability assessment as the tool integrates with the National Vulnerability Database—which can help you counter new evolving threats with ease. The tool also offers a free evaluation with full functionality for a 30-day period.
2. ManageEngine Vulnerability Manager Plus
ManageEngine Vulnerability Manager Plus is a comprehensive tool for patch management, vulnerability assessment, and protection against zero-day attacks. The tool’s patch management feature allows you to keep all common systems and applications up to date with the latest definitions; it supports 250 third-party applications. Further, you can enforce security best practices for maintaining strong passwords and allowing access as per the principle of least privilege. The tool also offers executive reports, role-based administration, and antivirus auditing features, which make it stand apart in the market. The tool offers three editions as per the different needs of organizations, and all of them are available free of cost for evaluation purposes. You can learn more about the pricing and features here.
3. Paessler PRTG
Paessler PRTG is popular among security professionals, as the tool offers a highly intuitive interface and a unified dashboard for monitoring the network, applications, servers, and more. The tool uses technologies like NetFlow and packet sniffing to analyze network traffic. It offers a host of features to ensure your organization’s firewall is configured properly, Windows workstations and servers are receiving the latest updates, ports are opened as per best practices, and antivirus software is working properly. Its centralized monitoring helps you stay on top of your environment with minimal effort.
4. Rapid7 Nexpose
Rapid7 Nexpose is an on-premises vulnerability scanner, which can be an ideal solution for enterprises seeking higher performance. It’s a powerful tool using a unique risk rating mechanism, which scores different vulnerabilities and threats on a scale of 1000. The tool’s “Adaptive Security” feature provides resistance against new vulnerabilities posed by the addition of new devices in a network. In addition to providing real-time scanning, it also helps you improve compliance with integrated policy scanning
5. Acunetix
Acunetix is a highly-scalable, fast, and powerful vulnerability scanner offering a high degree of automation. It claims to offer one of the highest SQL injection and XSS detection rates. The scanner covers more than 4000 web application vulnerabilities and can also scan open-source and custom apps for critical code-level flaws with high accuracy. The sleek and intuitive interface helps you carry out vulnerability assessments and create multiple technical and compliance reports within minutes.
6. BeyondTrust Network Security Scanner
BeyondTrust Network Security Scanner is a powerful tool capable of scanning your on-premises network, databases, virtualized resources, web services, containers, and even IoT devices. The tool is ideal for organizations that have made early investments in IoT and want visibility into their fragmented environment with numerous devices working on different protocols and architectures. At the same time, the tool offers all basic and advanced features for vulnerability management. In fact, the vulnerability scanner is available on a standalone basis and can be deployed as a host-based solution or integrated with your enterprise security suite. The flexible deployment options, along with the ability to monitor unlimited IPs, makes BeyondTrust Network Security Scanner one of the most cost-effective solutions in its class.
7. Probely
Probely is a lesser-known, yet a highly capable tool, commonly used by developers. The tool continuously scans your web applications and can generate PCI-DSS and OWASP compliance reports. In case the tool finds a vulnerability in your web applications, it suggests remedial actions (with code-snippets for developers). The tool also offers a Jenkins plugin, which developers commonly integrate into their CI/CD pipelines for vulnerability testing.
Vulnerability Scanner Pc
8. TripWire IP 360
Tripwire IP360 is another leading vulnerability scanning product known for its exceptional auto-discovery and reporting features. It’s a highly scalable product, offering granular visibility into your network. The tool supports the monitoring of hybrid cloud environments and even container-based applications. It offers open APIs to integrate with leading security solutions, help-desks, and asset management tools. It also intelligently prioritizes and classifies different vulnerabilities to mitigate issues efficiently without raising constant alerts. Another major differentiator for the product is the minimal footprint and bandwidth consumption of its agentless architecture. You can learn more about the product features, request an evaluation, or get pricing details here.
9. OpenVAS
Vulnerability Scanner Software
The Open Vulnerability Assessment System (OpenVAS) is a free, open-source tool offering a comprehensive suite of services for vulnerability management. The scanner receives threat intelligence feed from over 50,000 routinely updated vulnerability tests. The tool is built for Linux and is ideal for software professionals who can bear with the steep learning curve. There is also a paid version available with dedicated support and regular updates.
10. Qualys Community Edition
Qualys Community Edition is another free option available as part of the Qualys Cloud Platform, which caters to a large security community. The free version is appropriate for small organizations, as it has certain limitations on the number of assets monitored. However, the paid version can help you out with a comprehensive vulnerability assessment across your distributed IT environment.