Alternatives to Zenmap
Compare Zenmap alternatives for your business or organization using the curated list below. SourceForge ranks the best alternatives to Zenmap in 2026. Compare features, ratings, user reviews, pricing, and more from Zenmap competitors and alternatives in order to make an informed decision for your business.
-
1
Crashtest Security
Crashtest Security
Crashtest Security is a SaaS-based security vulnerability scanner allowing agile development teams to ensure continuous security before even hitting Production. Our state-of-the-art dynamic application security testing (DAST) solution integrates seamlessly with your dev environment and protects multi-page and JavaScript apps, as well as microservices and APIs. Set up Crashtest Security Suite in minutes, get advanced crawling options, and automate your security. Whether you want to see vulnerabilities within the OWASP Top 10 or you want to go for deep scans, Crashtest Security is here to help you stay on top of your security and protect your code and customers.Starting Price: €35 per month -
2
Nmap
Nmap
The Nmap project tries to defy the stereotype of some open source software being poorly documented by providing a comprehensive set of documentation for installing and using Nmap. This page links to official Insecure.Org documentation and generous contributions from other parties. Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open-source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. -
3
Panoptic Scans
Panoptic Scans
Panoptic Scans is a vulnerability scanning software offering automated security assessments for applications and networks. Leveraging OpenVAS, ZAP, and Nmap, it identifies security issues and scans for OWASP Top 10 vulnerabilities, delivering detailed reports for easy remediation. The Attack Narratives feature illustrates how weaknesses can be exploited in combination by attackers. Scheduled scanning ensures consistent monitoring without manual effort, while OpenVAS and ZAP provide thorough network and application security testing. The platform includes a user-friendly interface, email notifications, and fully managed scanners, removing server maintenance concerns. It supports white-label reporting and ensures reliable performance through its managed infrastructure.Starting Price: $25/month -
4
Scapy
Scapy
Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks, or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel), etc. Scapy runs natively on Linux, Windows, OSX, and on most Unixes with libpcap. The same code base now runs natively on both Python 2 and Python 3. Scapy development uses the Git version control system. Scapy reference repository is hosted on GitHub.Starting Price: Free -
5
Dradis
Dradis Framework
Import findings from over 20 popular pentesting and security tools and present your findings in a number of formats including Word, Excel, HTML, CSV, XML, realtime results portal or a custom format. Use multiple methodologies for different stages of a project, keep track of all your tasks and deliver consistent results across your organization without fail. Working together is easier when security project data, tool outputs, scope, results, screenshots and notes are centralized. Track changes, leave feedback and push updated findings to keep everyone on the same page. No need to learn any new technologies - combine the output from your favorite security tools - like Nessues, Burp, Nmap and more to create custom reports using our simple yet powerful templates we help you build to create reports in just a few minutes - not days. Overcome the limitations of static security reports using Dradis Gateway. Share the results of security assessments in real-time.Starting Price: $79 per month -
6
Cyver
Cyver
Change the way you deliver pentests, with cloud pentest management tools, complete with automated reporting & everything you need to deliver Pentest-as-a-Service. Scale workloads with cloud tooling to automate reports & project management, so you can get back to pentesting. Cyver imports work data from tools like Burp Suite, Nessus, NMap, & more to fully automate reporting. Customize report templates, link projects, map findings to compliance controls, and generate pentest reports with one click. Plan, manage, and update pentests, in the cloud. We deliver tooling for client collaboration, pentest management, & long-term scheduling. No more Excel, no more email, and everything in one place, Cyver’s pentest management portal. Offer schedulable, recurring pentests, with client data and vulnerability management, complete with findings-as-tickets, actionable insights like threat analysis and compliance mapping dashboards, and direct communication.Starting Price: €99 per month -
7
LightMesh
Tidal LightMesh
Tidal LightMesh IPAM simplifies IP address management with visual subnet mapping, automated discovery, and bulk imports, eliminating the need for spreadsheets. TreeView visualization and detailed IP insights provide a clear network overview, allowing users to navigate subnets and drill down into individual addresses instantly. With real-time capacity alerts, Nmap integration, and global search, LightMesh ensures full network visibility and control. Audit trails, rollback options, and API integrations enhance automation, while role-based access control and team collaboration improve security. LightMesh seamlessly integrates with AWS and Azure, streamlining cloud and on-prem network management from a single interface. Bulk subnet imports with custom field mapping simplify migration, accelerating onboarding. Designed for businesses of all sizes, LightMesh delivers an intelligent, automated, and scalable IPAM solution to help you plan, monitor, and optimize your network infrastructure.Starting Price: $35 USD per month -
8
Arachni
Arachni
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating systems (MS Windows, Mac OS X and Linux) and distributed via portable packages which allow for instant deployment. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch. Finally, due to its integrated browser environment, it can support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX. -
9
Scuba Database Vulnerability Scanner. Download Scuba, a free tool that uncovers hidden security risks. Scan enterprise databases for vulnerabilities and misconfiguration. Know the risks to your databases. Get recommendations on how to mitigate identified issues. Available for Windows, Mac, Linux (x32), and Linux (x64), Scuba offers over 2,300 assessment tests for Oracle, Microsoft SQL, SAP Sybase, IBM DB2 and MySQL. Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels, that allows you to uncover potential database security risks. It includes more than 2,300 assessment tests for Oracle, Microsoft SQL Server, SAP Sybase, IBM DB2 and MySQL. It’s possible to run a Scuba scan from any Windows, Mac or Linux client. Depending on your database size, users, groups and network connection, an average Scuba scan normally takes 2-3 minutes. No pre-installation or other dependencies are required.
-
10
Rafter
Rafter
Rafter is a developer-friendly security scanning platform that lets you detect and address vulnerabilities in your GitHub repositories with a single click or command. It integrates seamlessly via a browser-based dashboard, CLI, or REST API to scan JavaScript, TypeScript, and Python code for a range of issues, including exposed API keys, SQL injection, XSS flaws, insecure dependencies, hardcoded credentials, and authentication weaknesses. Results are clearly categorized into “Errors,” “Warnings,” and “Improvements,” each offering detailed explanations, code locations, remediation steps, and formatted prompts ready to paste into AI coding assistants. You can view findings in JSON or Markdown, automate scans within CI/CD pipelines, and pull scan results directly into your workflows. Whether you prefer no-code, low-code, or full-code environments, Rafter adapts flexibly to your setup, making proactive security early in development effortless and scalable.Starting Price: $39 -
11
VulnSign
VulnSign
VulnSign is an online vulnerability scanner that is fully automated, customer-orient configurable and has advanced features. VulnSign can scan any type of web application, regardless of the technology it was built with. It uses a Chrome based crawling engine and can identify vulnerabilities in legacy, and custom built, modern HTML5, Web 2.0 applications and Single Page Applications (SPA). It also has vulnerability checks for popular frameworks. The VulnSign vulnerability scanner is very easy to use and most of the pre-scan configuration can be automated. It is an all in one vulnerability management solution, with multi user support and integration capabilities. Though to test it all you need to do is specify the URL and credentials (to scan password protected websites), and launch a vulnerability scan.Starting Price: $49/month/team -
12
urlscan.io
urlscan.io
urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself. urlscan.io will take a screenshot of the page, and record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users of one of the more than 900 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results. Our mission is to allow anyone to easily and confidently analyze unknown and potentially malicious websites. Just like you would use a malware sandbox to analyze suspicious files, you can use urlscan.io to do the same thing but with URLs.Starting Price: $500 per month -
13
Infiltrator
Infiltration Systems
Infiltrator is a free easy to use, intuitive network security scanner that can quickly audit your network computers for vulnerabilities, exploits, and information enumerations. Infiltrator can reveal and catalog a plethora of information on scanned computers - such as installed software, shares, users, drives, hotfixes, NetBios and SNMP information, open ports and much more! Infiltrator can audit each computer's password and security policies, alerting you when changes should be made to increase security. All results can be generated into sleek, easy to read report by the report generator. Infiltrator also comes with over 15 powerful network utilities for footprinting, scanning, enumerating and gaining access to machines. Included utilities are ping sweep, whois lookups, email tracing, brute force cracking tools, share scanning, network enumerating, and many more! -
14
VulScan
RapidFire Tools, a Kaseya Company
Discover, prioritize and manage internal and external vulnerabilities. Harden the networks you manage and protect against evolving threats with vulnerability scanning from VulScan. VulScan is a powerful tool for complete and automated vulnerability scanning. It detects and prioritizes the weaknesses that hackers can exploit, empowering you to harden networks of any size or type and creating an extra layer of cybersecurity protection. Protect the networks you manage with flexible network scanning options. Vulscan includes on-prem internal network scanners, computer-based discovery agents, remote internal scanning by proxy, and hosted external scanners for comprehensive vulnerability management.Starting Price: $99 per month -
15
Indusface WAS
Indusface
Get the most comprehensive application security audit done today. Indusface WAS with its automated scans & manual pen-testing ensures none of the OWASP Top10, business logic vulnerabilities and malware go unnoticed. With zero false positive guarantee and comprehensive report with remediation guidance, Indusface web app scanning ensures developers quickly fixes vulnerabilities. The proprietary scanner built ground up, keeping js framework driven, single page applications in mind to provide complete & intelligent crawling. With latest threat intelligence, get extensive web app scanning for vulnerabilities, and malware. Support on a functional understanding of logical flaws for an in-depth security audit.Starting Price: $49 per month -
16
Hakware Archangel
Hakware
Hakware Archangel is an Artificial Intelligence based vulnerability scanner and pentesting tool. Archangel scanner enables organizations to monitor their networks, systems, and applications for security vulnerabilities with advanced Artificial intelligence continuously testing your environment. Why use Archangel? -Identify vulnerabilities before cyber criminals do -Our vulnerability scanning mitigates the risks of a data breach, which will come with a range of costs, including remediation, the loss of customers as a result of reputational damage and fines -Vulnerability scanning is not explicitly required by the GDPR (General Data Protection Regulation) or POPI (Protection Of Personal Information Act), but the -Regulation does require organisations that process personal data to ensure that they have implemented appropriate technical and organisational security measures – which includes identifying vulnerabilities -The international standard for information security, ISO 27001Starting Price: $100 -
17
Intruder
Intruder
Intruder is an international cyber security company that helps organisations reduce their cyber exposure by providing an effortless vulnerability scanning solution. Intruder’s cloud-based vulnerability scanner discovers security weaknesses across your digital estate. Offering industry-leading security checks, continuous monitoring and an easy-to-use platform, Intruder keeps businesses of all sizes safe from hackers. Receive actionable results prioritised by context. Intruder interprets raw data received from leading scanning engines, so you can focus on the issues which truly matter, such as exposed databases. Intruder's high-quality reports help you sail through customer security questionnaires, and make compliance audits like SOC2, ISO27001, and Cyber Essentials a breeze. -
18
garak
garak
garak checks if an LLM can be made to fail in a way we don't want. garak probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. garak's a free tool, we love developing it and are always interested in adding functionality to support applications. garak is a command-line tool, it's developed in Linux and OSX. Just grab it from PyPI and you should be good to go. The standard pip version of garak is updated periodically. garak has its own dependencies, you can to install garak in its own Conda environment. garak needs to know what model to scan, and by default, it'll try all the probes it knows on that model, using the vulnerability detectors recommended by each probe. For each probe loaded, garak will print a progress bar as it generates. Once the generation is complete, a row evaluating that probe's results on each detector is given.Starting Price: Free -
19
Mageni
Mageni Security
Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage the vulnerabilities. Mageni has everything you need to scan and manage your vulnerabilities. Perform unlimited scans for unlimited assets without restrictions or hidden costs. The scanner detects is compliant with CVE and CVSS. Use smart and powerful dashboards to manage the vulnerabilities of your assets. Configure easily the scans to run in the window of time of your preference.Starting Price: $39 per month -
20
Alibaba Cloud Security Scanner
Alibaba
Cloud Security Scanner utilizes data, white hat penetration testing, and machine learning to provide an all-in-one security solution for domains and other online assets. CSS detects web vulnerabilities, illicit content, website defacement, and backdoors to prevent possible financial loss caused by damage to your brand reputation. Cloud Security Scanner comprehensively detects any risks to your website and online assets, such as web vulnerabilities, weak passwords, website defacement, and Trojan attacks. The system scans all source code, text, and images for vulnerabilities. Developed through penetration testing, WTI has built-in multi-layer verification rules to ensure high accuracy of vulnerability detection. The system uses comprehensive decision making and model-based analysis, to provide accurate detection of content risks. Submit any questions about the scanning results to our team of experts. -
21
SecurityMetrics Perimeter Scan
SecurityMetrics
Comprehensive Vulnerability Assessment Scan For Network Security. Vulnerability scans and network scans find top cybersecurity risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI Compliance (PCI DSS) and HIPAA. Add and remove your own targets through your Perimeter Scan Portal. You can mass upload scan targets and groups. You can group and label scan targets to make it easier to manage by location, network type, or unique circumstances at your organization. Run port scans on your most sensitive targets more frequently, test in scope PCI targets quarterly, or test designated IPs after changes to your network with simplicity. Vulnerability scanning reports list the target, vulnerability type, service (e.g., https, MySQL, etc.), and the severity of each vulnerability (low, medium, high).Starting Price: $99.00/one-time -
22
Bopup Scanner
Bopup
This freeware network scanner displays active computers with logged user names (NetBIOS), MAC and IP addresses. Bopup Scanner also recognizes and shows HTTP (Web) servers running on remote computers (TCP ports 80, 8080), quickly detects online computers, allows to browse shared resources of a remote computer and save results to a text file. Advanced users can enter IP range to scan, change a timeout to resolve a remote host and run the program from a command line interface. Bopup Scanner is a fully portable software. It requires no any setup and installation on a destination computer and can be easily copied to a USB flash drive to move to another PC. The program can be executed with the command line paramaters in order to specify pre-defined options, such as IP range to scan (start and end IP addresses), a path of the file where to save results. So the scanner can be used in batch files as a tool for an automated monitoring.Starting Price: $460 one-time payment| -
23
ManageEngine Vulnerability Manager Plus
ManageEngine
Enterprise vulnerability management software. Vulnerability Manager Plus is an integrated threat and vulnerability management software that delivers comprehensive vulnerability scanning, assessment, and remediation across all endpoints in your network from a centralized console. Scan and discover exposed areas of all your local and remote office endpoints as well as roaming devices. Leverage attacker-based analytics, and prioritize areas that are more likely to be exploited by an attacker. Mitigate the exploitation of security loopholes that exist in your network and prevent further loopholes from developing. Assess and prioritize vulnerabilities based on exploitability, severity, age, affected system count, as well as the availability of the fix. Download, test, and deploy patches automatically to Windows, Mac, Linux, and over 250 third-party applications with an integral patching module—at no additional cost.Starting Price: $695 per user per year -
24
WebReaver
Websecurify
WebReaver is an elegant, easy to use and fully-automated, web application security security testing tool for Mac, Windows and Linux, suitable for novice as well as advanced users. WebReaver allows you easily test any web application for a large variety of web vulnerabilities from the sever kinds such as SQL Injection, local and remote file Includes, command Injection, cross-site scripting and expression Injection to the less severe ones such as variety of session and headers problems, information leakage and many more. Automated security testing technologies, such as those, which rely on scanning, fuzzing, sending arbitrary malicious data to detect security defects, can seriously damage the web applications they are used against. Therefore, it is often recommended to perform automated tests only against systems in demo, testing or pre-production environments. -
25
Sonatype Vulnerability Scanner
Sonatype
Sonatype’s Vulnerability Scanner is a tool designed to help developers identify security risks and compliance issues in their open-source components. It provides users with a comprehensive Software Bill of Materials (SBOM), which lists all open-source dependencies and highlights vulnerabilities and license risks. The platform offers real-time scanning and actionable insights, allowing teams to assess the severity of risks and implement fixes swiftly. With automated scans and detailed reports, Sonatype’s Vulnerability Scanner helps organizations secure their applications, manage third-party dependencies, and maintain compliance across their software environments. -
26
HostedScan
HostedScan
Scan networks, servers, and websites for security risks. Manage your risks via dashboards, reporting, and alerts. Build scheduled vulnerability management into your information security practice. When a new port is open, or a new risk is detected, automatically alert your team. Cut out the noise. Only new or unexpected risks are alerted. Add targets, run scans, and get results programmatically. Embed HostedScan into your own products and services.Starting Price: $ 29 per month -
27
Cloudxray
Cloudnosys
CloudXray is a cloud workload scanning solution that operates in two deployment modes; basic for misconfiguration detection and advanced for full malware, OS vulnerability, and misconfiguration scanning. The architecture consists of an orchestrator deployed in a single region and distributed scanners covering all discovered regions, making it fully compatible with both AWS and GCP environments. It uses an agentless approach to inspect workloads and volumes across your cloud account for malware, CVEs, and policy deviations. The solution provisions scanning instances on demand, integrates via roles and APIs, and provides continuous coverage of cloud resources without requiring persistent agents. CloudXray supports rapid deployment and is optimized for scalable, multi-region cloud workloads. It is designed to help organizations maintain a secure posture across compute instances, storage volumes, and OS layers by combining configuration assessment, vulnerability detection, and more. -
28
Brakeman
Brakeman
Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. Brakeman requires zero setup or configuration once it is installed. Just run it. Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman. Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable. Brakeman is specifically built for Ruby on Rails applications, so it can easily check configuration settings for best practices. -
29
PHP Secure
PHP Secure
PHP Secure is a FREE code scanner that analyzes your PHP code for critical security vulnerabilities. Free online scanner: - Quickly and qualitatively finds web app vulnerabilities - Gives explicit reports and recommendations to fix vulnerabilities - Easy to use and requires no specialized knowledge - Reduces risk, saves budget, and boosts productivity PHP Secure Scanner is suitable for analyzing sites on Php, framework Laravel, and CMS Wordpress, Drupal and Joomla. PHP Secure detects the most common and dangerous types: -SQL injection vulnerabilities -Command Injection -Cross-Site Scripting (XSS) Vulnerabilities -PHP Serialize Injections -Remote Code Executions -Double Escaping -Directory Traversal -Regular Expression Denial of Service (ReDos) -
30
Nikto
CIRT.net
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version-specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system). Not every check is a security problem, though most are. -
31
Swascan
Swascan
It runs the scan of web sites and web applications to spot and analyze in a proactive way security vulnerabilities. The Network Scanner spots and identifies network vulnerabilities and helps you fixing them. It runs the source code analysis to highlight and solve weak spots and security vulnerabilities. The online tool that makes you evaluate the Compliance level of your company in terms of GDPR. Create a unique learning opportunity for your employees and avoid the more and more frequent phishing attacks. Consultancy activity to support companies with management, control and risk evaluation. Ransomware has been confirmed to be the threat par excellence in the global cybersecurity landscape also in Q3 of 2022. In this Webinar Swascan, Pierguido Iezzi CEO of Swascan, will show you more about the data collected, concerning the victims of the 15 Ransomware gangs active in the third quarter of 2022. -
32
ScanFactory
ScanFactory
ScanFactory is an Attack Surface Management & Continuous Automated Vulnerability Assessment Platform that provides realtime security monitoring across all external assets of a company by enumerating & scanning its entire network infrastructure utilizing 15+ most trusted community-backed security tools & extensive database of exploits. Its vulnerability scanner stealthily performs a deep & continuous reconnaissance to map your entire external attack surface & are extended with handpicked top-rated premium plugins, custom wordlists & plethora of vulnerability signatures. Its dashboard can be used to discover & review all vulnerabilities sorted by CVSS & has enough information to understand, replicate & remediate the issue. It also has capability to export alerts to Jira, TeamCity, Slack & WhatsApp.Starting Price: $50 -
33
FreeOCR
FreeOCR
FreeOCR is a free Optical Character Recognition Software for Windows and supports scanning from most Twain scanners and can also open most scanned PDF's and multi-page Tiff images as well as popular image file formats. FreeOCR outputs plain text and can export directly to Microsoft Word format. Free OCR uses the latest Tesseract (v3.01) OCR engine. It includes a Windows installer and It is very simple to use and supports opening multi-page tiff documents, Adobe PDF, and fax documents as well as most image types including compressed Tiff's which the Tesseract engine on its own cannot read.It now can scan using Twain and WIA scanning drivers. FreeOCR V4 includes Tesseract V3 which increases accuracy and has page layout analysis so more accurate results can be achieved without using the zone selection tool. As well as OCR FreeOCR can scan and save images as JPG and we are currently working on a "Scan to PDF" capability with the option to save as searchable PDF. -
34
BurpGPT
Aegis Cyber Ltd
Experience enhanced web security testing with BurpGPT our Burp Suite extension which integrates OpenAI's LLMs for advanced vulnerability scanning and traffic-based analysis. It also supports local LLMs, including custom-trained models, ensuring greater data privacy and more accurate results according to your needs. Effortlessly integrate Burp GPT into your security testing workflows with user-friendly documentation. Developed by application security experts, Burp GPT represents the cutting-edge of web security testing. Burp GPT continuously improves based on user feedback, ensuring it meets evolving security testing needs. Burp GPT is a robust tool developed to enhance the precision and efficiency of application security testing. Extended with advanced language processing capabilities and an intuitive interface, it enhances security testing for both beginners and seasoned testers alike. With BurpGPT, you can perform sophisticated technical tasks.Starting Price: $100.07 per year -
35
OpenVAS
Greenbone Networks
OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates. OpenVAS has been developed and driven forward by the company Greenbone Networks since 2006. As part of the commercial vulnerability management product family Greenbone Enterprise Appliance, the scanner forms the Greenbone Vulnerability Management together with other Open Source modules. -
36
Frontline.Cloud
Fortra
We are native to the cloud, and through the evolution of our technology and market demand, Digital Defense’s Frontline.Cloud platform continues to provide organizations with a robust, yet easy to deploy security solutions that can be trusted to deliver unparalleled results, while lifting the administrative burden associated with premise and hybrid solutions. As the creators of the original SaaS security platform – well before cloud security services became all the rage, and long before competitive companies saw the light – Digital Defense continues to set the standard for the delivery of SaaS solutions and services. The Frontline.Cloud security Software as a Service (SaaS) platform supports multiple systems including Frontline Vulnerability Manager™ (Frontline VM™), Frontline Pen Testing™ (Frontline Pen Test™), Frontline Web Application Scanning™ (Frontline WAS™) and a new offering, Frontline Active Sweep (Frontline ATS™). -
37
SiteLock
SiteLock
We secure websites by automatically finding and fixing threats. Automatically protect your website, reputation, and visitors against cyberthreats. Comprehensive website security software protects your website from malicious cyber threats. This includes the protection of your site code and web applications. Depending on your website security package, you’ll receive daily website scans, automated malware removal, and vulnerability/CMS patching, as well as a web application firewall to block harmful traffic before it ever reaches your site. Our website security scan instantly checks your website from malware, viruses and other cyber threats and alerts you to found issues. Detect and automatically remove malicious content from your website, creating a safe experience for your customers. Easily check for website vulnerabilities in your CMS with our vulnerability scanner before they are exploited. -
38
Nsauditor Network Security Auditor is a powerful network security tool designed to scan networks and hosts for vulnerabilities, and to provide security alerts. Network Security Auditing Software and Vulnerability Scanner Network Security Auditing Software and Vulnerability Scanner Nsauditor network auditor checks enterprise network for all potential methods that a hacker might use to attack it and create a report of potential problems that were found. Network Security Auditing Software and Vulnerability Scanner Network Security Auditing Software and Vulnerability Scanner Nsauditor network auditing software significantly reduces the total cost of network management in enterprise environments by enabling IT personnel and systems administrators gather a wide range of information from all the computers in the network without installing server-side applications on these computers and create a report of potential problems that were found.Starting Price: $69 one-time payment
-
39
AppCheck
AppCheck
Technology agnostic, sophisticated scanning engine developed and maintained by leading security experts, easy to use and highly configurable. Proof of concept evidence is provided through safe exploitation, unparalleled support for modern HTML5 applications. Supports all forms of authentication via a scriptable browser interface. Granular scheduling and continuous scanning, integration with popular bug tracking platforms such as JIRA, and custom integration via JSON API. The dashboard provides a customizable view of your security posture at any given moment in time. The status of discovered vulnerabilities, emerging threats and remediation progress are all displayed using easy to understand dashboard widgets. Whether you just want to run a quick scan or are a power user who needs ultimate control, AppCheck allows complete flexibility. Scans can be run in a few clicks using profiles built by our security experts or built from scratch using the profile editor. -
40
Greenbone Enterprise
Greenbone Networks
The Greenbone Enterprise Appliances are appliances for vulnerability scanning and management. They are offered in various performance levels and basically support an unlimited number of target systems. The actual achievable number depends on the scan pattern and scan targets. To help you find the right model for your application, we provide guide values for the number of target IP addresses below, assuming a common scenario with one scan every 24 hours. Please select the appropriate model based on your network size and frequency of scans. In virtual form, the Greenbone Enterprise Appliances are available for small to medium-sized enterprises and branch offices, as well as for special use cases such as training and audit-via-laptop. -
41
Jsmon
Jsmon Inc.
Jsmon is an advanced JavaScript security platform that continuously scans JS files to detect leaked secrets, sensitive information, and potential vulnerabilities. Trusted by thousands of users, it offers 24/7 JS crawling, automated threat detection, and real-time monitoring to protect your domains. Jsmon’s powerful NodeJS analysis engine identifies hardcoded API keys, credentials, and other security risks across millions of JS files and API paths. The platform features AI-powered Ask AI, which instantly translates complex scan results into plain English. Users benefit from automated notifications via Slack, email, or Discord and can track changes in JS files over time. Jsmon also supports integrations and provides detailed reporting in PDF, JSON, and CSV formats.Starting Price: $25/month/user -
42
Qualys WAS
Qualys
Robust cloud solution for continuous web app discovery and detection of vulnerabilities and misconfigurations. Fully cloud-based, it’s easy to deploy and manage, and scales to millions of assets. WAS finds and catalogs all web apps in your network, including new and unknown ones, and scales from a handful of apps to thousands. With Qualys WAS, you can tag your applications with your own labels and then use those labels to control reporting and limit access to scan data. WAS’ dynamic deep scanning covers all apps on your perimeter, in your internal environment and under active development, and even APIs that support your mobile devices. It also covers public cloud instances, and gives you instant visibility of vulnerabilities like SQLi and XSS. Authenticated, complex and progressive scans are supported. With programmatic scanning of SOAP and REST API services, WAS tests IoT services and APIs used by mobile apps and modern mobile architectures. -
43
DigitSec S4
DigitSec
S4 establishes Salesforce DevSecOps in the CI/CD pipeline in under an hour. S4 empowers developers to find & fix vulnerabilities before production where they can lead to a data breach. Securing Salesforce during development reduces risk and accelerates the pace of deployment. S4 for Salesforce™, our patented SaaS Security Scanner™, automatically assesses Salesforce security posture with its full-spectrum continuous application security testing (CAST) platform purpose-built to detect Salesforce vulnerabilities with its four integrated scans for fast and effortless detection. Static Source Code Analysis (SAST), Interactive Runtime Testing (IAST), Software Composition Analysis (SCA), and Cloud Security Configuration Review. Our static application security testing (SAST) engine is a core feature of S4, providing automated scanning and analysis of all custom source code in your Salesforce Org including Apex, VisualForce, Lightning Web Components, and related-JavaScript. -
44
Tenable Web App Scanning
Tenable
Unified web app and API scanning that’s simple, scalable, and automated. Whether it’s the top 10 risks from OWASP, vulnerable web app components, or APIs, Tenable Web App Scanning gives you comprehensive dynamic application security testing (DAST). Web application security from the largest vulnerability research team in the industry. Deliver immediate value with fast web application scans to discover common security hygiene issues that run in two minutes or less. Set up a new web app scan in a few seconds by leveraging the same vulnerability management workflows you are already familiar with. Configure weekly or monthly automated testing of all of your applications. Create fully customizable dashboards and widget visualizations to integrate IT, cloud, and web application vulnerability data into a single, unified view. Tenable Web App Scanning is available as a cloud-based solution and is now on-premises seamlessly integrated into Tenable Security Center. -
45
Defendify
Defendify
Founded in 2017, Defendify is pioneering All-In-One Cybersecurity® for organizations with growing security needs, backed by experts offering ongoing guidance and support. Delivering multiple layers of protection, Defendify provides an easy-to-use platform designed to strengthen cybersecurity across people, process, and technology, continuously. Defendify streamlines cybersecurity assessments, testing, policies, training, detection, response, and containment in one consolidated and cost-effective cybersecurity solution. 3 layers, 13 solutions, 1 platform, including: • Managed Detection & Response • Cyber Incident Response Plan • Cybersecurity Threat Alerts • Phishing Simulations • Cybersecurity Awareness Training • Cybersecurity Awareness Videos • Cybersecurity Awareness Posters & Graphics • Technology Acceptable Use Policy • Cybersecurity Risk Assessments • Penetration Testing • Vulnerability Scanning • Compromised Password Scanning • Website Security ScanningStarting Price: $0 -
46
Scan Shot
KAERMORHEN
Scan Shot turns your phone into a powerful digital office and QR reader. Scan, sign, and export any document to PDF, JPG, and TXT format. Save time and become more productive in your work and daily life with this portable scanner app. Download the scanner for free to scan and manage all your important documents. Scan as many documents as you want with no page limit. Best and highest quality scanning. Instant scanning speed. Create and save more than one e-signature. Quickly and professionally sign important documents. Sign any documentation in a few taps. Scan anything: identity cards, legal agreements, invoices, orders, receipts, articles, bills, credit notes, and business documents. Automatically extract text on PDF documents or pictures and edit it according to your needs. Scan Shot’s OCR technology can quickly and accurately convert any document to text with no errors. Scan Shot combines document scanning, signing, and editing functionalities with a QR reader.Starting Price: Free -
47
AppScanOnline
AppScanOnline
AppScanOnline is an online scanning service that equips mobile application developers with an efficient tool to check for cybersecurity vulnerabilities. It is developed by Institute for Information Industry’s CyberSecurity Technology Institute (CSTI). CSTI is a seasoned consultant to international organizations with over 10 years of extensive experience in identifying and dealing with advanced worldwide threats. Institute for Information Industry is a Taiwan’s think tank and ICT focused institute with over 40 years of service. III powers the core engine for AppScanOnline static and dynamic analysis technology to provide Mobile APP Automated vulnerability detection, meeting OWASP action security risks, as well as Industrial Bureau APP standards. Make sure your mobile application undergoes our Gold Standard of vigorous Static and Dynamic Scans. Rescan again to make sure your mobile application is cleared of malware, viruses and vulnerabilities. -
48
Edgescan
Edgescan
Validated web application vulnerability scanning on-demand when you want it, and scheduled as often as you need. Validation and rating of risk, trending and metrics on a continuous basis, all available via our rich dashboard for superior security intelligence. You can use the vulnerability scanning and validation service as much as you like, Retest on demand. Edgescan can also alert you if a new vulnerability is discovered via SMS/email/Slack or Webhook. Server Vulnerability Assessment (Scanning and Validation) covering over 80,000 tests. Designed to help ensure your deployment be it in the cloud or on premise is secure and configured securely. All vulnerabilities are validated and risk rated by experts and available via the dashboard to track and report on when required. Edgescan is a certified ASV (Approved Scanning Vendor) and exceeds requirements of the PCI DSS by providing continuous, verified vulnerability assessments. -
49
Security Rangers
Security Rangers
Our security tools and integrations save you time while protecting you against vulnerabilities. When in doubt, our Security Rangers are here to help you do any heavy lifting. Quickly demonstrate an InfoSec program and close sales now, while one of our Security Rangers helps you work towards a completed certification. Take advantage of our industry experience and professional partnerships to get best-in-class policies and let us help you tailor them to your specific company and team. A dedicated Security Ranger will be assigned to your team. For each policy and control we will walk you thouogh implementing standards, collecting proof, and staying compliant. Detect vulnerabilities with our certifed penetration testers and automated scans. We believe that continuous vulnerability scanning is the only way to protect your data while not compromising deployment & go-to market speeds. -
50
Hacker Target
Hacker Target
Simplify the security assessment process with hosted vulnerability scanners. From attack surface discovery to vulnerability identification, actionable network intelligence for IT & security operations. Proactively hunt for security weakness. Pivot from attack surface discovery to vulnerability identification. Find security holes with trusted open source tools. Get access to tools used by penetration testers and security professionals around the world. Hunt vulnerabilities from the attackers perspective. Simulating real world security events, testing vulnerabilities and incident response. Discover the attack surface with tools and open source intelligence. Protect your network with improved visibility. Over 1 million scans performed last year. Our vulnerability scanners have been launching packets since 2007. Fixing security issues requires you find them. Identify the issue, re-mediate the risk and test again to be sure.Starting Price: $10 per month
