Open Source Vulnerability Scanner
The danger with vulnerability scanning is not the holes it finds but the ones it silently misses, and a scanner you cannot inspect leaves you trusting a clean report you have no way to check. The open source tools here let you read exactly what each check probes for and run the scan entirely on your own infrastructure, so the assessment of your exposure does not depend on an outside party's word.
sqlmap
Open-source tool that automates SQL injection detection, exploitation, and database takeover
Nuclei
Fast YAML-based vulnerability scanner for applications, APIs, networks, DNS, and cloud configs
OWASP ZAP
Open source web app scanner for finding security vulnerabilities during development and testing
Vuls
Agentless vulnerability scanner for Linux and FreeBSD with offline scans and multiple scan modes
Kubescape
Kubernetes security platform spanning IDEs, CI/CD pipelines, and live clusters
Nikto
Open-source web server scanner for finding dangerous files, programs, and outdated server versions
Faraday
Open source vulnerability management platform for organizing, normalizing, and visualizing security findings
OWASP Nettacker
Python-based automated penetration testing and information-gathering framework from OWASP
OpenVAS Scanner
Scan engine for Greenbone Community Edition that runs continuously updated vulnerability tests