Vulnerability Assessment Tools

List of vulnerability assessment tools:

  • Qualys Vulnerability Managment (Qualys VM)
  • Nessus Professional
  • GFI LanGuard
  • Qualys FreeScan
  • Nikto
  • Burp Suite
  • OpenVAS
  • Drozer
  • MobSF
  • Retina CS
  • SAINT
  • Microsoft Baseline Security Analizer (MBSA)
  • Automated Vulnerability Detection System (AVDS)
  • Core Impact Pro
  • N-Stalker Web Application Security Scanner X Enterprise Edition
  • Acunetix Web Vulnerability Scanner
  • Nipper Studio
  • Nexpose
  • Secunia Personal Software Inspector (PSI)
  • Nsauditor Network Security Auditor
  • ScanLine
  • Nmap
  • aircrack-ng

One of the most popular are Nikto, N-Stalker or Burp Suite.

The Open Web Application Security Project (OWASP) maintains a comprehensive list of vulnerability assessment tools:

https://owasp.org/www-community/Vulnerability_Scanning_Tools

List of vulnerability assessment tools

Nessus

https://www.tenable.com/products/nessus/nessus-professional

Web-based.

Commercial. There is a free demo version.

Nessus

Nikto

https://github.com/sullo/nikto

Command-line vulnerability scanner, present in Kali Linux.

Nikto

It is used in CEH course.

N-Stalker Web Application Security Scanner X Enterprise Edition

https://www.nstalker.com

Burp Suite

https://www.portswigger.net/burp

Desktop application with graphical interface.

There is a free version (BS Community Edition) and commercial (BS Professional)

Burp Suite

OpenVAS

https://www.openvas.org/

Open Vulnerability Assessment Scanner (OpenVAS) is a free tool that belongs to suite Greenbone Vulnerability Manager and developed by Greenbone networks. Most of its components are under licence GPL.

Drozer

https://labs.withsecure.com/tools/drozer

Drozer is a security and attack framework for Android

MobSF

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is a security framework for Android, iOS and Windows.

GFI LanGuard

Qualys FreeScan

Qualys Vulnerability Managment (Qualys VM)

Retina CS

SAINT

Microsoft Baseline Security Analizer (MBSA)

Automated Vulnerability Detection System (AVDS)

Core Impact Pro

https://www.coresecurity.com

Acunetix Web Vulnerability Scanner

https://www.acunetix.com

Nipper Studio

https://www.titania.com

Nexpose

https://www.rapid7.com

Secunia Personal Software Inspector (PSI)

https://secuniaresearch.flexerasoftware.com

Nsauditor Network Security Auditor

http://www.nsauditor.com

ScanLine

https://www.mcafee.com

Nmap

https://nmap.org

Aircrack-ng

https://www.aircrack-ng.org/

It can be considered a vulnerability assessment tool for wireless networks.

You might be also interested in…

External references

  • “CISPP Study Guide 9th Edition”, p. 737; Mike Chapman et al.; 2021

Leave a Reply

Your email address will not be published. Required fields are marked *