5 free network-vulnerability scanners

Though you may know and follow basic security measures on your own when installing and managing your network and websites, you’ll never be able to keep up with and catch all the vulnerabilities by yourself.

Vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.

Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.

1. Nessus Essentials

Nessus Essentials, formerly Nessus Home, from Tenable allows you to scan up to 16 IP addresses at a time. The company offers a 7-day free trial of its profession edition, which can perform unlimited IP scanning and also adds compliance checks or content audits, live results, and the ability to use the Nessus virtual appliance.

Nessus Essentials installs on Windows, macOS, and a variety of Linux/Unix distributions. On the web GUI, you can easily see which scanning types are included–host discovery plus vulnerability scans. You’ll also see, listed but inaccessible, scan types that are available in the profession edition: vulnerability scanning for mobile devices and compliance scanning.

With the free edition you can schedule one auto scan, but that’s not a restriction with the professional edition. You can also configure email notifications, discovery settings, assessment and report preferences, and some advanced settings. You can also review plugins and the vulnerabilities or exploits they are looking for related to the scan. After a scan runs you can access an overview of what it found on each host and dig down to details about vulnerabilities and possible remediations.

You can also utilize Policies to create custom templates defining what actions are performed during a scan. Plus, you can utilize Plugin Rules to hide or change the severity of desired plugins.

Overall, Nessus Essentials is solid and easy to use, but because it is limited to scanning up to 16 IP addresses at a time, its usefulness in larger organizations is questionable.

2. Nexpose Community Edition

Nexpose Community Edition from Rapid7 can scan networks, operating systems, web applications, databases, and virtual environments. It’s good for a year, after which you have to apply for a new license. The company also offers a 30-day free trial of its commercial editions.

Nexpose installs on Windows, Linux, or virtual machines and provides a web-based GUI. Through its web portal you can create sites to define the IPs or URLs you’d like to scan, select the scanning preferences, scanning schedule, and provide any necessary credentials for scanned assets.

Once a site is scanned, you’ll see a list of assets and vulnerabilities. It shows asset details including OS and software information and details on vulnerabilities and how to fix them. You can optionally set policies to define and track your desired compliance standards. You can also generate and export reports on a variety of aspects.

Nexpose Community Edition is a solid full-featured vulnerability scanner that’s easy to setup.

3. OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a Linux-based network security scanner platform, with most components licensed under the GNU General Public License (GNU GPL). They name the totally free offering the Greenbone Source Edition (GSE), and their commercial offering the Greenbone Security Manager (GSM), which comes with a free 14-day trial.

The main component of OpenVAS is the security scanner, which can only run in Linux, but it can be run on a virtual machine inside Windows as well. It does the actual work of scanning and receives a daily update of network vulnerability tests, of which there are more than 85,000. There are slight differences in the scanner features, but there’s more of a difference between the feeds offered for each edition.

OpenVAS Manager controls the scanner and provides the intelligence. The OpenVAS Administrator provides a command-line interface and can act as full-service daemon, providing user management and feed management.

There are a couple clients to serve as the GUI or CLI. The Greenbone Security Assistant (GSA) offers a web-based GUI. The Greenbone Security Desktop (GSD) is a Qt-based desktop client that runs on various OSs, including Linux and Windows. And the OpenVAS CLI offers a command-line interface.

OpenVAS isn’t the easiest and quickest scanner to install and use, but it’s one of the most feature-rich and broad IT security scanners that you can find for free. It scans for thousands of vulnerabilities, supports concurrent scan tasks, and scheduled scans. It also offers note and false positive management of the scan results. However, it does require Linux at least for the main component.

4. Qualys Community Edition

Qualys Community Edition allows you to monitor up to 16 assets with Qualys Cloud Agent, scan up to 16 internal and three external IPs with Vulnerability Management, and scan a single URL with Web Application Scanning. You initially access it via its web portal and then download its virtual machine software if running scans on your internal network. Qualys also offers a 30-day free trial of its commercial edition.

Qualys supports a variety of scan types: TCP/UDP ports, password brute forcing, and vulnerability detection for hidden malware, missing patches, SSL issues, and other network-related vulnerabilities. You can also provide authentication details so it can log into hosts to extend the detection capabilities. 

The web GUI provides a step-by-step list of how to perform a scan. This includes entering the IP addresses to scan, downloading a virtual scanner or setting up a physical scanner if scanning the local network, and then configuring the scan settings. Once a scan is complete you can view many different types of reports, such as such as an overall scorecard, patches, high severity, Payment Card Industry (PCI), and executive reports.

Since Qualys limits scanning to 16 assets and IPs, it’s not something a larger organization will find very useful. For those, consider using another solution for day-to-day use and periodically run Qualys for smaller networks or segments.

5. ManageEngine Vulnerability Manager

ManageEngine Vulnerability Manager provides a free edition that’s fully functional for scanning up to 25 Windows or macOS computers. Unlike most of the other scanners listed here, this one is designed mostly for computer scanning and monitoring, although there is some scanning offered for web servers. They also offer a 30-day free trial of their paid editions, plus another product (Desktop Central) that gives you even more general computer monitoring that can integrate with this vulnerability scanner.

The server portion of the ManageEngine Vulnerability Manager is only installable on Windows machines, but the web GUI can be accessed elsewhere. Unlike the other scanners, this one requires you to add endpoint agent software to the systems you want to scan, and it’s available for Windows, macOS, and Linux systems.

Once you setup the endpoint agents, you’ll start to see detected items categorized by software and zero-day vulnerabilities, system and server misconfigurations, high risk software, and port audits. Plenty of explanation is given for each item and possible remedies for issue. You can also manage and push patches, as well as view basic computer specs and stats, such as the installed OS, IP address, and last reboot times.

The ManageEngine Vulnerability Manager proved to be a good long-term vulnerability monitoring solution at least for computer systems. Due to having to install the software agents, it’s likely not a good fit if you want to perform a one-off scan.

In addition to the free version, ManageEngine also offers a 30-day free trial of their paid editions, plus another product (Desktop Central) that provides even more general computer monitoring that can integrate with its vulnerability scanner.

Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity providing a cloud-based Wi-Fi security service, Wi-Fi Surveyors providing RF site surveying, and On Spot Techs providing general IT services.