Vulnerability Assessment Tools

List of vulnerability assessment tools:

  • Nessus Professional
  • Nikto
  • N-Stalker Web Application Security Scanner X Enterprise Edition
  • Burp Suite
  • OpenVAS
  • Qualys Vulnerability Managment (Qualys VM)
  • GFI LanGuard
  • Qualys FreeScan
  • Drozer
  • MobSF
  • Retina CS
  • SAINT
  • Microsoft Baseline Security Analizer (MBSA)
  • Automated Vulnerability Detection System (AVDS)
  • Core Impact Pro
  • Acunetix Web Vulnerability Scanner
  • Nipper Studio
  • Nexpose
  • Secunia Personal Software Inspector (PSI)
  • Nsauditor Network Security Auditor
  • ScanLine
  • Nmap
  • aircrack-ng

One of the most popular are Nikto, N-Stalker or Burp Suite.

The Open Web Application Security Project (OWASP) maintains a comprehensive list of vulnerability assessment tools:

https://owasp.org/www-community/Vulnerability_Scanning_Tools

List of vulnerability assessment tools

Nessus

https://www.tenable.com/products/nessus/nessus-professional

Web-based.

Commercial. There is a free demo version.

Nessus

Nikto

https://github.com/sullo/nikto

Command-line vulnerability web scanner, present in Kali Linux.

Nikto

It is used in Certified Ethical Hacker (CEH) course.

https://www.nstalker.com

Burp Suite

https://www.portswigger.net/burp

Desktop application with graphical interface.

There is a free version (BS Community Edition) and commercial (BS Professional)

Burp Suite

OpenVAS

https://www.openvas.org/

Open Vulnerability Assessment Scanner (OpenVAS) is a free tool that belongs to suite Greenbone Vulnerability Manager and developed by Greenbone networks.

It is free and open-source software (FOSS). Most of its components are under a GPL licence.

Drozer

https://labs.withsecure.com/tools/drozer

Drozer is a security and attack framework for Android

MobSF

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is a security framework for Android, iOS and Windows.

N-Stalker Web Application Security Scanner X Enterprise Edition

GFI LanGuard

Qualys FreeScan

Qualys Vulnerability Managment (Qualys VM)

Retina CS

SAINT

Microsoft Baseline Security Analizer (MBSA)

Automated Vulnerability Detection System (AVDS)

Core Impact Pro

https://www.coresecurity.com

Acunetix Web Vulnerability Scanner

https://www.acunetix.com

Nipper Studio

https://www.titania.com

Nexpose

https://www.rapid7.com

Secunia Personal Software Inspector (PSI)

https://secuniaresearch.flexerasoftware.com

Nsauditor Network Security Auditor

http://www.nsauditor.com

ScanLine

https://www.mcafee.com

Nmap

https://nmap.org

Aircrack-ng

https://www.aircrack-ng.org/

It can be considered a vulnerability assessment tool for wireless networks.

You might be also interested in…

External references

  • “CISPP Study Guide 9th Edition”, p. 737; Mike Chapman et al.; 2021

Leave a Reply

Your email address will not be published. Required fields are marked *