Free Vulnerability Scanners
While there is a whole industry segment focused on network and system vulnerability testing, some of the best tools available are free. The commercial tools out there are not poor offerings, but the open source community and some companies and software providers have developed excellent testing tools and offer them at no charge. Let’s look at some of the best.
MBSA – The Microsoft Baseline Security Analyzer (MBSA) is a lifesaver at finding problems due to missing security patches and security template problems on your Windows systems. With large numbers of Windows servers and automated updates, without a tool like this it would be a huge effort to measure and validate security variability across systems.
Nessus – Nessus has long been my favorite vulnerability scanner. It is fast, with incredible breadth and depth of scans. Nessus 4 is possibly the best vulnerability scanner I have ever used, but only makes the "free" list if it is not used commercially. Tenable Network Security requires a subscription license for commercial organizations. There are over 28K plugins available, with automatic updates possible for new plugins.
NeWT – This is the Windows platform version of Nessus provided by Tenable. I love Nessus, so I had to put the Windows port on the list of the best vulnerability scanners.
Nikto – Nikto is a scanner focused on web server security. Nikto scans for over 3500 vulnerabilities. Many options, including target host lists from nmap output as well as other web server specific scanning features put Nikto on the best free vulnerability scanners list.
Nmap – While not technically a vulnerability scanner, Nmap is where I start when I need to scan a network and discover what’s there. Sometimes the vulnerability is right in front of you but you’re not looking for it, so you don’t see it. Nmap helps to find potential problems hiding in plain sight. Nmap was originally a command line tool with a learning curve involved for the many options. Now there is a GUI for Windows called Zenmap that takes much of the effort out of learning Nmap.
There are many other free tools, and some are specific to particular vulnerabilities, platforms, and so forth. Just picking and running one of the tools described here is not enough. Once you’ve performed your initial vulnerability test, you will need to evaluate the results and validate the vulnerability and remedy the problem. I always like to perform a second test with another tool that is known to detect the discovered vulnerability in order to determine if that problem is actually present. After you have (supposedly) patched or reconfigured to remove the vulnerability, test again to verify that it is truly fixed! To learn more about this check out my articles on the Top 5 Penetration Testing Tools and A Beginners Guide to Pen Testing.