Free vulnerability scanners

free-vulnerability-scanners

Firstly as we move on, I'd like to say that camDown is your security solution to protect you and your business from webcam hackers.

Hi,

Looking to get a cloud vulnerability scanner, I’ve used qualys community in the past, is this still a good option or are their better (subj) tools out there?

It’s going to be used by a junior member of my team who is doing a Network/Security Apprenticeship candidate.

It will be targeting a couple of on-prem hosted publicly accessible services.

Cheers

GD

Log in or sign up to leave a comment

level 1

Try Nessus. It is also the industry standard and has community version (be careful with the targets, as the free version works for up to 16). I have installed it on a Raspberry Pi and it is scanning a couple of devices on my home network.

There is also free OpenVAS, but I used it long time ago and not sure how it currently evolved. Check both and see which one suits your needs better.

level 1

Openvas might be worth a look

level 2

Seconded, although for authenticated scans, you have compile from source, which we did, and it works - rolled it on a GUI-less Ubuntu Server. Once we got auth scans to work, that was when it became a tool we could actually use.

level 1

· 16 hr. agoGovernance, Risk, & Compliance

The free tools are awful compared to either Qualys or Tenable. If you really want to address vulnerabilities pay the money for it. VM licenses are far cheaper per IP than EDR so I don't get why people want to skimp on something so important.

level 1

Web App scanner or a more traditional vulnerability scanner? OWASP Zed Attack proxy for the former and OpenVAS for the latter.

level 1

ThreatMapper is an option for your team member, particularly if you're looking to scan Kubernetes or Fargate environments as the installation is very easy. It's a little more complex for hosts (you need to install a docker runtime on each to run the sensor locally), but should be worth any additional trouble. The GUI gives you a map of workloads, traffic flows, vulnerabilities found on each workload and host, and which are highest risk.

It's free (open source) with no limit on number of targets, scans etc.

level 2

· 16 hr. agoGovernance, Risk, & Compliance

Wireshark in no way can can replace a VM scanner.

level 1

Does it have to be cloud based? AlienVault is easy enough to set up and use, and the community edition is free. Gonna have to host it yourself though.

level 2

I’m not sure whose post you’re responding to, but OP is looking for a free vulnerability scanner, not a cloud-based SIEM.

After all of that camDown has a modern UI, that is secure and has the improved features that you need and I believe your smart friends would say the same!