Open source vulnerability scanning tools?

(ömer) #1

what tools do you use. If you could help with this situation, I would greatly appreciate it. thanks


Depends on what you want to scan.

  • Nmap for portscanning
  • Nikto, wpscan, and dirb for websites
  • Hydra if you have creds and want to find where they work
  • Nessus if you want to charge your client $40k for minimal work
  • A tricorder if Dr McCoy is in the room
  • enum4linux for when there’s a Windows box I can’t avoid
  • ping and inspection of the arp table to see what hosts are up on the local subnet
  • masscan to see what hosts are up elsewhere (and there’s no router inbetween which will fall over)

Please don’t use this illegally.

(ömer) #3

I will not use illegal. i am preparing education thesis. I will be very happy if you make a little more comprehensive explanation

(Command-Line Ninja) #4

If you have cash. And you’re a professional, Qualys and Nessus are very good (although expensive).

Burp is super, as well, especially for web application vulnerabilities. ZAP is also boss.


The free Nessus and Nexpose aren’t bad either, depending what your goal is. If you’re doing compliance checks, they may be all you need. If you’re actually trying to find ways to break into something (presumably to patch them), they’ll give you a start, but won’t find much of the interesting stuff.

(A Scrub) #6

Maltego is a really cool script (?) that uses several different other existing tools (e.g. TheHarvester, Nikto, and Nmap). Might be worth looking into.


@MagisterQuis Listed some pretty solid enumeration tools that are the goto’s for pentesters. If you are just working with small amounts of boxes these tools are the stealthiest, most targeted tools for the job.

If you are trying to do more vulnerability analysis and keeping track of how secure your own systems are across a network, check out OpenVAS. It’s more vuln. management but it intends to compete with tools such as Nessus and Nexpose that do the same thing. Here is a pretty interesting article comparing the three.

(sauza) #8


you can try to take a look also to this project:

(ömer) #9

Thank you for your interest.


@knif3 oh, man, if you think Nessus is stealthy, I’d love to know what you call loud :smiley:

The paid version, at least, will scale to a pretty large network if you don’t mind waiting for it to finish.


That is true, I meant more for like Nikto, nmap and such. Enumeration tools. I now see that Nessus was in your list :grin:

Nessus, Nexpose, OpenVAS and all the big “vuln. management software” platforms are never really used for Pen. testing enumeration (Not with companies I have worked with at least).

I rank those as corporate scanning devices. OP didn’t really specify on what he was looking for. Another decent product is AppSpider (if you are looking to drop a few 100K)