eSecurity Planet
esecurityplanet.com โบ home โบ networks
6 Top Open-Source Vulnerability Scanners & Tools
March 17, 2026 - Initially developed by Google, ... its industry reputation. ... Google launched OSV-Scanner in 2021 and made the tool both free and open-source as a resource for the developer community....
Factsheet
Developer Greenbone Networks GmbH
Stable release 23.45.1
/ 28 April 2026; 1 day ago (28 April 2026)
/ 28 April 2026; 1 day ago (28 April 2026)
Written in C
Developer Greenbone Networks GmbH
Stable release 23.45.1
/ 28 April 2026; 1 day ago (28 April 2026)
/ 28 April 2026; 1 day ago (28 April 2026)
Written in C
OpenVAS
openvas.org
OPENVAS - Open Vulnerability Assessment Scanner
Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates. OPENVAS has been developed and driven forward by the company Greenbone since 2006.
Open-Source Vulnerability Management software
Greenbone https://www.greenbone.net/en/ More on reddit.com
27
30
October 7, 2025Any good open-source vulnerability scanning tools?
Looking to switch from Trivy? More on reddit.com
90
122
1 month agoAny good open source vuln scanners?
I have OpenVAS on my list of things to test out. But more from a platform to write some custom network based checkes for when other solutions don't have coverage More on reddit.com
39
27
February 22, 2024Introducing Raven: Open Source Vulnerability Scanner for CI/CD : blueteamsec
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of... More on pay.reddit.com
Who Shouldnโt Use an Open Source Vulnerability Scanner?
Open Source tools can often be downloaded, modified, and used for free. So why shouldnโt everyone use them?
Open source scanners tend to require more technical expertise, more time, and more effort from the IT team members using the tool. Even organizations with expertise in-house often purchase commercial vulnerability scanning tools or vulnerability-management-as-a-service (VMaaS) instead to save time and the hidden labor costs.
esecurityplanet.com
esecurityplanet.com โบ home โบ networks
6 Top Open-Source Vulnerability Scanners & Tools
Can Penetration Testing Tools Be Used for Vulnerability Scans?
Many blogs and lists of open source vulnerability scanning tools include a variety of penetration testing tools such as: Wireshark, Metasploit, and Aircrack-Ng. While penetration testing tools can be used to locate vulnerabilities, most of these tools have not been designed to integrate with ticketing systems, provide any ranking or prioritization of vulnerabilities, or incorporate the likelihood of exploitation.
esecurityplanet.com
esecurityplanet.com โบ home โบ networks
6 Top Open-Source Vulnerability Scanners & Tools
Videos
17:58
The Best FREE Tool to Secure Open Source Software - YouTube
13:48
How to Scan ANY Website for Vulnerabilities - YouTube
r/SideProject on Reddit: I made a web app vulnerability scanner ...
00:54
How Open Source Vulnerability Scanners Help with Remediation - YouTube
07:41
Why you NEED an Open Source Vulnerability Scanner - YouTube
13:34
Comparing Free Vulnerability Assessment Tools: OpenVAS, Qualys, ...
Trivy
trivy.dev
Trivy
The way the @AquaSecTeam team has turned Trivy into the best open-source vulnerability scanner in such a short time is really amazing. ... "So happy to see collaboration between @Azure and @AquaSecTeam on scanning container images in Azure Container Registry CI/CD workflows using such a great tool - Trivy." ... "I love how Trivy democratized dependency scanning to the masses as a free and extremely easy to use tool, with also a permissive license.
OSV
osv.dev
OSV - Open Source Vulnerabilities
OSV-Scanner also provides reusable GitHub workflows that can be easily integrated into CI/CD pipelines to provide continuous vulnerability scanning coverage. This can scan newly added dependencies in pull requests for introduced vulnerabilities, as well as perform regular vulnerability scans for the entire project. ... This project is open source. If you have any ideas or questions, please feel free ...
OWASP Foundation
owasp.org โบ www-community โบ Free_for_Open_Source_Application_Security_Tools
Free for Open Source Application Security Tools | OWASP Foundation
Akto - Akto is an open-source and commercial DAST and API Security tool that includes both automated API Discovery and scanning of vulnerabilities in CI/CD with the highest test coverage.
CyCognito
cycognito.com โบ learn โบ vulnerability-assessment โบ vulnerability-scanning-tools
10 Vulnerability Scanning Tools: Commercial and Open Source Options | CyCognito
OpenVAS (Open Vulnerability Assessment System) is a free and open source vulnerability scanner that evolved from a fork of the last free version of Nessus. It offers a comprehensive and continually updated database of vulnerabilities, providing ...
OWASP Foundation
owasp.org โบ www-community โบ Vulnerability_Scanning_Tools
Vulnerability Scanning Tools | OWASP Foundation
Free for Open Source Application Security Tools - OWASP page that lists the Commercial Dynamic Application Security Testing (DAST) tools we know of that are free for Open Source ยท http://sectooladdict.blogspot.com/ - Web Application Vulnerability Scanner Evaluation Project (WAVSEP)
Qualysec
qualysec.com โบ open-source-vulnerability-scanners
Top 10 Open-Source Vulnerability Scanners and tools
December 18, 2025 - OSS Index is a public and constantly updated database that identifies known security vulnerabilities (CVEs) of open-source parts. This free vulnerability scanner works either directly or with Dependency-Check, which is an open-source scanner that developers can integrate with CI/CD pipelines to warn them about insecure packages.
Wapiti-scanner
wapiti-scanner.github.io
Wapiti : a Free and Open-Source web-application vulnerability scanner in Python
Wapiti is a command-line application. Here is an example of output against a vulnerable web application. You may find some useful information in the README and the INSTALL files. Have any questions ?
Reddit
reddit.com โบ r/cybersecurity โบ open-source vulnerability management software
r/cybersecurity on Reddit: Open-Source Vulnerability Management software
October 7, 2025 -
im trying to find a Open-source vulnerability management software that would be suggested for large scale environments. i dont really have many requirements but im just looking for options.. currently looking at rapid7 but looking for more flexibility.
GitHub
github.com โบ psiinon โบ open-source-web-scanners
GitHub - psiinon/open-source-web-scanners: A list of open source web security scanners ยท GitHub
A list of open source web security scanners on GitHub and GitLab, ordered by Stars. It does not provide in-depth analysis - for more analysis or a wider range of tools, see the links below. Note that some large projects have multiple repos - in which case the second most relevant repo is included immediately after and is indented. ... Tools which can find a range of 'unknown' vulnerabilities on any websites.
Starred by 1.3K users
Forked by 161 users
Vuls
vuls.io
Vuls ยท Agentless Vulnerability Scanner for Linux/FreeBSD
Vuls is open-source, agent-less vulnerability scanner based on information from NVD, OVAL, etc. Cloud, on-premise, Docker and supports major distributions. Vuls uses multiple vulnerability databases NVD, JVN, OVAL, RHSA/ALAS/ELSA/FreeBSD-SA and Changelog.
Reddit
reddit.com โบ r/cybersecurity โบ any good open-source vulnerability scanning tools?
r/cybersecurity on Reddit: Any good open-source vulnerability scanning tools?
1 month ago -
Does anyone have recommendations for solid open source vulnerability scanning tools?
Ideally something that can handle network and/or endpoint scanning and is relatively easy to deploy and maintain.
Top answer 1 of 33
60
To be honest VM tools are worth paying for. I've been a longtime user of both Tenable and Qualys and even worked for Tenable for a couple years. To provide really good and accurate coverage takes a lot of time and talent that isn't always guaranteed from free tools run by a group of volunteers. Looking at their site today Tenable has published "318996 plugins covering 116840 CVE IDs and 30933 Bugtraq IDs." Sure you don't need all of those and many are old and not perhaps relevant, but unless you have a very basic environment with only MS OS's and apps both Tenable and Qualys are worth paying for. I don't get whey VM tools don't get the respect they deserve for being such a fundamental part of security. People never had an issue paying for Symantec and McAfee AV so why not VM?
2 of 33
31
Wazuh is really great
Linux Security
linuxsecurity.com โบ home โบ features โบ top linux vulnerability scanners in 2026: a guide to open-source security tools
Top Linux Vulnerability Scanners in 2026: A Guide to Open-Source Security Tools
2 weeks ago - In this article, weโll discuss what a vulnerability scanner is and introduce our top free, adaptable tools, including practical vulnerability assessment tools and open-source vulnerability scanning software designed to improve security without adding cost.
Geekflare
geekflare.com โบ security โบ 15 open source vulnerability scanners for 2026
15 Open Source Vulnerability Scanners for 2026
March 11, 2026 - Wapiti is a free and open-source web application vulnerability scanner that assesses the security of websites. It operates as a โblack-boxโ scanner, which means it doesnโt require access to the applicationโs source code.
Help Net Security
helpnetsecurity.com โบ home โบ 25 open-source cybersecurity tools that donโt care about your budget
25 open-source cybersecurity tools that donโt care about your budget - Help Net Security
4 days ago - The OpenClaw Scanner identifies instances of OpenClaw, an autonomous AI assistant also known as MoltBot, that can execute tasks, access local files, and authenticate to internal systems without centralized oversight.
SourceForge
sourceforge.net โบ home โบ open source software โบ security โบ vulnerability scanners
Best Open Source Windows Vulnerability Scanners 2026
Compare the best free open source Windows Vulnerability Scanners at SourceForge. Free, secure and fast Windows Vulnerability Scanners downloads from the largest Open Source applications and software directory
Anchore
anchore.com โบ software-supply-chain-security โบ open-source-container-vulnerability-scanning-tools
A Complete Guide to Open Source Container Vulnerability Scanning
Learn how to scan your containers for vulnerabilities with free open source tools and key best practices to follow.
BreachLock
breachlock.com โบ home โบ top 5 open-source tools for network vulnerability scanning
Top 5 open-source tools for network vulnerability scanning - BreachLock
October 10, 2024 - OpenVAS stands for Open Vulnerability Assessment Scanner. OpenVas is a free, full-featured open-source vulnerability scanner with extensive scan coverage and has been maintained by Greenbone Networks since its first launch in 2009.
Reddit
reddit.com โบ r/asknetsec โบ any good open source vuln scanners?
r/AskNetsec on Reddit: Any good open source vuln scanners?
February 22, 2024 -
I'm currently on the hunt for an open source or otherwise very cheap vulnerability scanner. I was trying to push management into getting a Tenable Nessus subscription but it seems unlikely to get approval as we've recently signed up for / am about to sign up for some CrowdStrike modules, and we're only a small business of 45.
Given the paid option is almost completely out the door, wanted to come here and ask you all if you have any recommendations for free/open source/cheap alternatives? I don't have any real requirements other than the ability to generate decent looking reports out of the box.
Appreciate your feedback, thank you.
Edit: When I say small biz of 45 - we have a head count of 45 but over 50 servers/workstations and around 10 managed switches to cover. Saw a couple of comments that made me realise I was a little misleading there.
Top answer 1 of 15
14
Try - https://github.com/projectdiscovery/nuclei I've used this in my past RT engagements. It really helps me finding possible vulns!
2 of 15
12
I have OpenVAS on my list of things to test out. But more from a platform to write some custom network based checkes for when other solutions don't have coverage