Open source vulnerability scanning tools?

If you have cash. And you’re a professional, Qualys and Nessus are very good (although expensive).

Burp is super, as well, especially for web application vulnerabilities. ZAP is also boss.