TL;DR
Nessus and OpenVAS are great vulnerability scanners, but there are many other options available. This guide covers free, open-source, cloud-based, and commercial alternatives, with details on their strengths and weaknesses.
Vulnerability Scanner Options
- Free & Open Source Scanners
- Nikto: A web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/CGIs, outdated software and other problems. It’s fast but can be noisy (generate lots of alerts).
nikto -h target.example.com - OWASP ZAP: A free, open-source penetration testing tool that’s particularly good for finding vulnerabilities in web applications. It includes a spider, passive scanner and active scanner.
https://www.zaproxy.org/ - Lynis: A security auditing tool for Linux, macOS, and Unix-based systems. It scans your system for configuration issues and vulnerabilities.
lynis audit system - w3af: Another web application vulnerability scanner with a GUI interface. It’s less actively maintained than ZAP but still useful.
https://w3af.org/ - Cloud-Based Vulnerability Scanners
- Qualys FreeScan: A limited free version of the Qualys cloud platform, offering basic vulnerability scanning.
https://www.qualys.com/freetrial/ - Detectify: Cloud-based scanner focused on web application vulnerabilities. Offers a free trial and paid plans.
https://detectify.com/ - Intruder: A cloud-based vulnerability scanner that’s easy to use, particularly for identifying common web vulnerabilities.
https://www.intruder.io/ - Commercial Vulnerability Scanners
- Rapid7 InsightVM: A comprehensive vulnerability management platform with advanced features and reporting.
https://www.rapid7.com/products/insightvm/ - Tenable.io (formerly SecurityCenter): Tenable’s cloud-based vulnerability management platform, offering a wide range of scanning capabilities.
https://www.tenable.com/products/tenable-io/ - Acunetix: A web application vulnerability scanner known for its accuracy and speed.
https://www.acunetix.com/ - Container Vulnerability Scanning
- Trivy: A simple and comprehensive vulnerability scanner for containers, images, and Kubernetes.
trivy image target-image - Snyk Container: Cloud based container security platform.
https://snyk.io/container/ - Choosing the Right Scanner
- Consider your needs: What types of systems do you need to scan (web apps, servers, containers)?
- Budget: Free scanners are great for basic use, but commercial scanners offer more features and support.
- Ease of Use: Some scanners are easier to set up and use than others.
- Accuracy: False positives can be time-consuming. Look for scanners with a good reputation for accuracy.
- Reporting: Ensure the scanner provides reports in a format you need (e.g., PDF, CSV).