I have experience working with the built-in Wazuh vulnerability scanner as well as OpenVAS (Greenbone) in comparation with trial version of Nessus Pro.

Wazuh tends to display an overwhelming number of vulnerabilities, many of which are outdated, some over a decade old with no available patches. These are still presented without filtering options, unlike tools such as Nessus. This lack of filtering makes it difficult to prioritize or manage vulnerabilities effectively. Even when risks are accepted, Wazuh provides no way to exclude them from dashboards, which clutters visibility. Overall, the scan results from Wazuh are significantly less actionable and less accurate compared to Nessus.

OpenVAS offers a filtering option using QoD (Quality of Detection), which helps narrow down results. However, its coverage is significantly less comprehensive than Nessus. In multiple comparisons, Nessus consistently identified around 70% more vulnerabilities. For example, I had several hosts with known critical vulnerabilities that Nessus clearly detected, while OpenVAS either missed them entirely or only flagged vague, generic issues.

My team and I debated for quite a while but ultimately couldn’t choose either option for production use - both had disadvantages that outweighed their benefits and overall value.

Which free vulnerability scanner do you rely on?

Hi,

Looking to get a cloud vulnerability scanner, I’ve used qualys community in the past, is this still a good option or are their better (subj) tools out there?

It’s going to be used by a junior member of my team who is doing a Network/Security Apprenticeship candidate.

It will be targeting a couple of on-prem hosted publicly accessible services.

Cheers

GD

I have been tasked with finding a solution that will scan our network (we operate a 50+ endpoint SD-WAN) for vulnerabilities.

I am aware that for a network this size, we should get a paid, enterprise solution, but I already lost that fight.

Anyone know of a solution that will fit this use case?

Anyone got any suggestions of a free vulnerability scanner that i could run on all desktop / server estate to see if there are any known vulnerabilities on our systems?

Anything lightweight agent wise would be great.

Thanks

I'm currently on the hunt for an open source or otherwise very cheap vulnerability scanner. I was trying to push management into getting a Tenable Nessus subscription but it seems unlikely to get approval as we've recently signed up for / am about to sign up for some CrowdStrike modules, and we're only a small business of 45.

Given the paid option is almost completely out the door, wanted to come here and ask you all if you have any recommendations for free/open source/cheap alternatives? I don't have any real requirements other than the ability to generate decent looking reports out of the box.

Appreciate your feedback, thank you.

Edit: When I say small biz of 45 - we have a head count of 45 but over 50 servers/workstations and around 10 managed switches to cover. Saw a couple of comments that made me realise I was a little misleading there.

What free apps or websites can you recommend for doing website security/vulnerability scanning? If not free, very inexpensive?

Does anyone have recommendations for solid open source vulnerability scanning tools?

Ideally something that can handle network and/or endpoint scanning and is relatively easy to deploy and maintain.

I look after a smb with around 150 users, 200 workstations and 15 servers all om windows. I am after an open source vulnerability scanner that can report on issues/ threats that exist in my environment. Any recommendations would be appreciated. Budget is tight, so after an open source product.

Is there a good vulnerability scanner free for home use? Needs to check Mac, Windows, Windows Server, Proxmox, OpnSense, Linux, IOs, Andeoid and IpadOS for vulnerabilities and suggestions how to fix or make Firewall rules to secure. I have a M365 Fam account and Defender but i‘m not shure if this is possible like it is with Sentinel and Arc.

I need help with finding a service that can be trusted to scan my server for vulnerabilities like Tenable Nessus but free

I only managed to find https://hostedscan.com/ myself but I am unsure if I can trust them. Does anyone have any suggestions?

I’m curious – what free WAFs, antimalware and vulnerability scanners do you actually use on your personal or professional projects?

I know many managers and tech leads are constantly trying to cover as much ground as possible with free tools, especially when budgets are tight. I’m in the same boat: trying to find free tools that aren’t just “free” but actually deliver real value.

Sometimes you stumble upon a hidden gem that’s not super hyped but provides real protection or great insights without costing a fortune.

So, which ones do you trust? And bonus points if you can share why you think they stand out compared to others!

(Also open to hearing horror stories about free tools that totally failed you.)

Hi, I'm a beginner but passionate about web penetration testing and I'm looking for a vulnerability scanning tool. I don't know if any exist on GitHub, but if you have any examples of Git repositories or anything else, I'd be interested.

Thanks

hi guys, I'm analyzing some vulnerability scanners, in particular I focused on the completely free versions of Nessus (Nessus Essentials) and OpenVAS.

I ask you, if you were a small business, would you prefer to use Nessus Essentials, or OpenVAS? and for what reason?

Are there any good free/open source network vulnerability scanners that you guys can recommend? Just through a quick search, I've found OpenVAS.

I'd just like to know if there is anything harmful running on the network, whether it be viruses / malware. Maybe something that take s a deep dive into open ports to the outside, but also inside the network.

Thanks in advance!

Anyone know of or used any good "open source" vulnerability scanners for personal/lab use?

I used to have a free Nessus subscription, but it appears they have stepped up their game and no longer offer a free version. Not that I remember it being exceptional for web app scans anyway. But I digress, I am doing an audit for our web app and need scanner recommendations. What are the best free/cheap tools for the job?

Greetings all,

I work for a small MSP and we want to keep a better eye on client security. We'd like to start running regular vulnerability scans for clients, with the focus on their network infrastructure (as opposed to web sites/services).

Are any of you doing the same and wouldn't mind sharing some recommendations for tools for scanning, management/remediation or reporting of vulnerabilities?

I know managed security services is a whole different ball game, but I think we need to be doing more to keep our customers security in check.

Any and all advice welcome.

Hi all,

I’m looking for an open source web vulnerability scanner that can help me assess the security of several websites I manage. Some of these are WordPress-based, others are custom or built on various frameworks.

I’ve never done a web security assessment before, so I’m a bit lost on where to start. I’m not looking for anything super advanced (yet), but I want something that gives me a good overview of what might be vulnerable things like outdated plugins, exposed admin panels, basic misconfigurations, etc.

Can anyone recommend tools or even a basic workflow to start scanning my sites? I’m also interested in tools that play well with WordPress specifically.

Thanks in advance!

Looking at getting Nessus for my company but it is god-awfully expensive. I’ve heard good things about Qualys though.

What are you guys using?