Open source vulnerability scanning tools?

what tools do you use. If you could help with this situation, I would greatly appreciate it. thanks


Depends on what you want to scan.

  • Nmap for portscanning
  • Nikto, wpscan, and dirb for websites
  • Hydra if you have creds and want to find where they work
  • Nessus if you want to charge your client $40k for minimal work
  • A tricorder if Dr McCoy is in the room
  • enum4linux for when there’s a Windows box I can’t avoid
  • ping and inspection of the arp table to see what hosts are up on the local subnet
  • masscan to see what hosts are up elsewhere (and there’s no router inbetween which will fall over)

Please don’t use this illegally.


I will not use illegal. i am preparing education thesis. I will be very happy if you make a little more comprehensive explanation

If you have cash. And you’re a professional, Qualys and Nessus are very good (although expensive).

Burp is super, as well, especially for web application vulnerabilities. ZAP is also boss.

1 Like

The free Nessus and Nexpose aren’t bad either, depending what your goal is. If you’re doing compliance checks, they may be all you need. If you’re actually trying to find ways to break into something (presumably to patch them), they’ll give you a start, but won’t find much of the interesting stuff.

1 Like

Maltego is a really cool script (?) that uses several different other existing tools (e.g. TheHarvester, Nikto, and Nmap). Might be worth looking into.

1 Like

@MagisterQuis Listed some pretty solid enumeration tools that are the goto’s for pentesters. If you are just working with small amounts of boxes these tools are the stealthiest, most targeted tools for the job.

If you are trying to do more vulnerability analysis and keeping track of how secure your own systems are across a network, check out OpenVAS. It’s more vuln. management but it intends to compete with tools such as Nessus and Nexpose that do the same thing. Here is a pretty interesting article comparing the three.

1 Like


you can try to take a look also to this project:

1 Like

Thank you for your interest.

@knif3 oh, man, if you think Nessus is stealthy, I’d love to know what you call loud :smiley:

The paid version, at least, will scale to a pretty large network if you don’t mind waiting for it to finish.


That is true, I meant more for like Nikto, nmap and such. Enumeration tools. I now see that Nessus was in your list :grin:

Nessus, Nexpose, OpenVAS and all the big “vuln. management software” platforms are never really used for Pen. testing enumeration (Not with companies I have worked with at least).

I rank those as corporate scanning devices. OP didn’t really specify on what he was looking for. Another decent product is AppSpider (if you are looking to drop a few 100K)

1 Like

Guys i want to create tools like that but i want my project is based on Django Framework.I have beeing coing on python for 1 years.This project will be my finish project so How can i do ? is it posible ? Have you got any tutorial to suggest me ?

1 Like

You may try w3af_console it can be stealthy and can make a lot of noise. Search vulns, and also exploit them. And there’s a gui version, but i didn’t use it.
By the way, look at the skipfish. It can be useful, but every scanner may provide false positive.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.