Reddit
reddit.com › r/cybersecurity › open-source vulnerability management software
r/cybersecurity on Reddit: Open-Source Vulnerability Management software
October 7, 2025 -
im trying to find a Open-source vulnerability management software that would be suggested for large scale environments. i dont really have many requirements but im just looking for options.. currently looking at rapid7 but looking for more flexibility.
Top answer 1 of 5
17
Greenbone https://www.greenbone.net/en/
2 of 5
13
not sure if this is what you want but have a look at Security Onion
OWASP Foundation
owasp.org › www-community › Vulnerability_Scanning_Tools
Vulnerability Scanning Tools | OWASP Foundation
Free for Open Source Application Security Tools - OWASP page that lists the Commercial Dynamic Application Security Testing (DAST) tools we know of that are free for Open Source · http://sectooladdict.blogspot.com/ - Web Application Vulnerability Scanner Evaluation Project (WAVSEP)
Open source vulnerability scanner
OpenVAS? More on reddit.com
Which Open Source vulnerability scanners do you use in your company?
What do we want? Security! When do we want it? Now! What do we want to pay? Nothing! More on reddit.com
Open-Source Vulnerability Management software
Greenbone https://www.greenbone.net/en/ More on reddit.com
Any good open-source vulnerability scanning tools?
Looking to switch from Trivy? More on reddit.com
Who Shouldn’t Use an Open Source Vulnerability Scanner?
Open Source tools can often be downloaded, modified, and used for free. So why shouldn’t everyone use them?
Open source scanners tend to require more technical expertise, more time, and more effort from the IT team members using the tool. Even organizations with expertise in-house often purchase commercial vulnerability scanning tools or vulnerability-management-as-a-service (VMaaS) instead to save time and the hidden labor costs.
esecurityplanet.com
esecurityplanet.com › home › networks
6 Top Open-Source Vulnerability Scanners & Tools
Why does your business need open source vulnerability scanning?
Open-source development is widespread, and vulnerabilities in open source code are continually being discovered. Because source code is often publicly available, open source solutions are especially vulnerable to attack. Open source vulnerability scanning mitigates these risks, protects sensitive data, and helps organizations achieve open source compliance. RSI Security’s OSS automation services further reduce risks by streamlining the process.
rsisecurity.com
rsisecurity.com › home › open source scanning
Open Source Scanning (OSS) Vulnerability Automation ...
Can Penetration Testing Tools Be Used for Vulnerability Scans?
Many blogs and lists of open source vulnerability scanning tools include a variety of penetration testing tools such as: Wireshark, Metasploit, and Aircrack-Ng. While penetration testing tools can be used to locate vulnerabilities, most of these tools have not been designed to integrate with ticketing systems, provide any ranking or prioritization of vulnerabilities, or incorporate the likelihood of exploitation.
esecurityplanet.com
esecurityplanet.com › home › networks
6 Top Open-Source Vulnerability Scanners & Tools
Videos
The Open Source Vulnerability (OSV) Scanner Releases ...
03:30
Top 8 Best Vulnerability Scanning Tools (2025 Guide) - YouTube
17:58
The Best FREE Tool to Secure Open Source Software - YouTube
19:47
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone) ...
13:34
Comparing Free Vulnerability Assessment Tools: OpenVAS, Qualys, ...
07:41
Why you NEED an Open Source Vulnerability Scanner - YouTube
Factsheet
Developer Greenbone Networks GmbH
Stable release 23.49.3
/ 16 July 2026; 1 day ago (16 July 2026)
/ 16 July 2026; 1 day ago (16 July 2026)
Written in C
Developer Greenbone Networks GmbH
Stable release 23.49.3
/ 16 July 2026; 1 day ago (16 July 2026)
/ 16 July 2026; 1 day ago (16 July 2026)
Written in C
OpenVAS
openvas.org
OPENVAS - Open Vulnerability Assessment Scanner
As part of the commercial vulnerability management product family OPENVAS SCAN, the scanner forms the OPENVAS COMMUNITY EDITION together with other open-source modules.
GitHub
github.com › psiinon › open-source-web-scanners
GitHub - psiinon/open-source-web-scanners: A list of open source web security scanners · GitHub
A list of open source web security scanners on GitHub and GitLab, ordered by Stars. It does not provide in-depth analysis - for more analysis or a wider range of tools, see the links below. Note that some large projects have multiple repos - in which case the second most relevant repo is included immediately after and is indented. ... Tools which can find a range of 'unknown' vulnerabilities on any websites.
Starred by 1.6K users
Forked by 212 users
Red Canary
redcanary.com › cybersecurity 101 › security operations › 12 popular vulnerability scanning tools in 2025
12 popular vulnerability scanning tools in 2025 | Red Canary
July 24, 2025 - While not a dedicated vulnerability scanner like Nessus or Qualys, Nmap’s ability to identify open ports, services, and associated vulnerabilities through its scripts makes it a fundamental tool in any security professional’s toolkit. Invicti is a web application security scanner known for its “proof-based scanning” technology. This feature automatically verifies identified vulnerabilities, helping to eliminate false positives and provide concrete evidence of exploitable flaws. Invicti is designed for accuracy and scalability, making it suitable for organizations with numerous web applications. Nikto is a simple yet effective open-source command-line web server scanner.
Apiiro
apiiro.com › blog › best-open-source-vulnerability-management-tools
12 Best Open Source Vulnerability Management Tools For ...
Secure everything coding agents build, use, and ship - prevent risk before code exists, AutoFix the backlog, and protect the coding agents and supply chain.
Cisco Blogs
blogs.cisco.com › cisco blogs › developer › essential open-source security tools: from vulnerability scanning to ai safety
Essential Open-Source Security Tools: From Vulnerability Scanning to AI Safety - Cisco Blogs
October 31, 2024 - Data Sources: Integrates with APIs from tools like Shodan, VirusTotal, and GitHub, as well as public archives. Deployment Options: Offers CLI, Docker, and prebuilt packages for diverse environments. Amass is widely used for security assessments by pentesters and red teams to identify vulnerabilities across large networks. The MISP Project is an open-source platform for cyber threat intelligence sharing, supporting the analysis and sharing of threat data, malware information, and security incidents.
Rsisecurity
rsisecurity.com › home › open source scanning
Open Source Scanning (OSS) Vulnerability Automation ...
September 11, 2025 - RSI Security’s code vulnerability scanner supports a wide array of languages and containers to cover the entirety of your code. ... Access our large database of vulnerabilities that constantly aggregates information from the NVSD, security advisories, and open source issue trackers. ... Our OSS scan tool use algorithms that match both quality and security issues of impacted libraries to prevent false positives.
OSV
osv.dev
OSV - Open Source Vulnerabilities
OSV-Scanner also provides reusable GitHub workflows that can be easily integrated into CI/CD pipelines to provide continuous vulnerability scanning coverage. This can scan newly added dependencies in pull requests for introduced vulnerabilities, as well as perform regular vulnerability scans for the entire project. ... This project is open source...
Trivy
trivy.dev
Trivy
Trivy is the most popular open source security scanner for Vulnerability &, IaC, SBOM discovery, cloud scanning and Kubernetes security
Wiz
wiz.io › academy › vulnerability-management › oss-vulnerability-management-tools
Best Open-Source Vulnerability Management Tools for 2026 | Wiz
March 20, 2026 - However, Nmap is a discovery tool, not a full vulnerability management platform. Teams typically feed Nmap output into dedicated scanners like OpenVAS for deeper assessment. ... Extends scanning capabilities with 500+ NSE scripts for basic checks and limited vulnerability detection · Detects service versions for more accurate risk analysis ... Nikto is an open-source command-line web server scanner that performs basic vulnerability assessments across a wide range of web servers.
Wiz
wiz.io › academy › container-security › open-source-container-security-tools
12 Open-Source Container Security Tools [By Use Case] | Wiz
March 6, 2026 - Note: We’ll only be covering active open-source projects, as some popular tools are no longer maintained or are not under active development (i.e., Anchore Engine, kube-hunter). These container security solutions are dedicated to inspecting container images and identifying known vulnerabilities within them.
Anchore
anchore.com › software-supply-chain-security › open-source-container-vulnerability-scanning-tools
Open Source Vulnerability Scanning: Tools & How-To Guide
Some of the more popular vulnerability scanners are: ... For this example we’ll focus on Grype, since it is easy to use in many different scenarios and supports a variety of ecosystems. Grype is an open source vulnerability scanner that can run on desktop, in CI systems, as a Docker container and scan a wide variety of ecosystems from Linux distributions to many types of build dependency specifications.
Acunetix
acunetix.com › vulnerability-scanner
Vulnerability Scanner – Automated Web App Security Testing
2 weeks ago - Acunetix is a vulnerability scanner designed to help organizations identify, validate, and fix security vulnerabilities in their web applications and APIs. By combining automated scanning with built-in validation, it enables security teams to focus on real, exploitable risks rather than chasing false positives. Modern vulnerability scanning tools cover a wide range of systems, from operating systems and open ...
GitHub
github.blog › home › security › application security › how exposed is your code? find out in minutes—for free
How exposed is your code? Find out in minutes—for free - The GitHub Blog
April 14, 2026 - The Code Security Risk Assessment brings that same philosophy to vulnerabilities in your source code. Both assessments now run together from a single entry point, with a tabbed interface that lets you switch between your secret exposure and ...