List of vulnerability assessment tools:
- Qualys Vulnerability Managment (Qualys VM)
- Nessus Professional
- GFI LanGuard
- Qualys FreeScan
- Nikto
- Burp Suite
- OpenVAS
- Drozer
- MobSF
- Retina CS
- SAINT
- Microsoft Baseline Security Analizer (MBSA)
- Automated Vulnerability Detection System (AVDS)
- Core Impact Pro
- N-Stalker Web Application Security Scanner X Enterprise Edition
- Acunetix Web Vulnerability Scanner
- Nipper Studio
- Nexpose
- Secunia Personal Software Inspector (PSI)
- Nsauditor Network Security Auditor
- ScanLine
- Nmap
- aircrack-ng
One of the most popular are Nikto, N-Stalker or Burp Suite.
The Open Web Application Security Project (OWASP) maintains a comprehensive list of vulnerability assessment tools:
https://owasp.org/www-community/Vulnerability_Scanning_Tools
List of vulnerability assessment tools
Nessus
https://www.tenable.com/products/nessus/nessus-professional
Web-based.
Commercial. There is a free demo version.
Nikto
https://github.com/sullo/nikto
Command-line vulnerability scanner, present in Kali Linux.
It is used in CEH course.
N-Stalker Web Application Security Scanner X Enterprise Edition
https://www.nstalker.com
Burp Suite
https://www.portswigger.net/burp
Desktop application with graphical interface.
There is a free version (BS Community Edition) and commercial (BS Professional)
OpenVAS
Open Vulnerability Assessment Scanner (OpenVAS) is a free tool that belongs to suite Greenbone Vulnerability Manager and developed by Greenbone networks. Most of its components are under licence GPL.
Drozer
https://labs.withsecure.com/tools/drozer
Drozer is a security and attack framework for Android
MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is a security framework for Android, iOS and Windows.
GFI LanGuard
Qualys FreeScan
Qualys Vulnerability Managment (Qualys VM)
Retina CS
SAINT
Microsoft Baseline Security Analizer (MBSA)
Automated Vulnerability Detection System (AVDS)
Core Impact Pro
https://www.coresecurity.com
Acunetix Web Vulnerability Scanner
https://www.acunetix.com
Nipper Studio
https://www.titania.com
Nexpose
https://www.rapid7.com
Secunia Personal Software Inspector (PSI)
https://secuniaresearch.flexerasoftware.com
Nsauditor Network Security Auditor
http://www.nsauditor.com
ScanLine
https://www.mcafee.com
Nmap
https://nmap.org
Aircrack-ng
It can be considered a vulnerability assessment tool for wireless networks.
You might be also interested in…
External references
- “CISPP Study Guide 9th Edition”, p. 737; Mike Chapman et al.; 2021