15 years helping British businesses
choose better software

Vulnerability Scanner Tools

A vulnerability scanner is a tool used to monitor applications, networks and environments for security flaws and vulnerabilities. Vulnerability scanners maintain a database of known vulnerabilities and conduct continuous scans to identify new ones. Vulnerability scanners typically produce reports on specific vulnerabilities, as well as provide prioritized remediation recommendations.

Featured software

Most reviewed software

Explore the most reviewed products by our users on the Vulnerability Scanner Tools

United Kingdom Show local products
Sigrid simplifies the vulnerability scanning process with its powerful platform that provides ongoing monitoring and detailed analysis Learn more about Sigrid
Sigrid provides an integrated vulnerability scanning solution that effectively identifies, classifies, and prioritizes vulnerabilities within software portfolios. Leveraging advanced scanning technologies, Sigrid offers comprehensive insights into potential security risks, facilitating prompt and informed responses. Its systematic approach to vulnerability management supports continuous improvements in software security by ensuring all findings are clearly communicated and actionable, enabling teams to address vulnerabilities efficiently and maintain high security standards across their applications. Designed for security teams, IT managers, and developers in organizations of any size, Sigrid is especially valuable for those managing large-scale software systems that require consistent monitoring and rapid response to security vulnerabilities. It is a fit for industries where security compliance and risk management are critical. Learn more about Sigrid

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
A Powerful, End-To-End Application Security Platform. Securing Your Code Since 2003. Supports 30+ Languages & Integrates With Your IDE. Learn more about Kiuwan
Secure your applications from the start with Kiuwan Code Security – SAST, designed to integrate seamlessly into your development process. Kiuwan is the solution for code security: ✅Broad Language Support: Supports over 30 major programming languages and frameworks. ✅Static Application Security Testing (SAST): Identifies common software vulnerabilities. ✅Contextual Remediation Advice: Get suggestions to fix defects and enhance code quality. Ensure every line of code is efficient and free of vulnerabilities while empowering your team to build safer applications faster. Learn more about Kiuwan

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Guardz empowers MSPs and IT Service Providers to deliver comprehensive cybersecurity protection from one unified platform. Learn more about Guardz
Guardz is a leading unified cybersecurity solution designed for managed service providers (MSPs), empowering them to protect their clients from evolving digital threats by leveraging AI and a multilayered approach to combat phishing, ransomware attacks, data loss, and user risks. Our technology streamlines cybersecurity by automating the detection and response process across user data, devices, emails, and cloud directories, all in a single pane of glass. At Guardz, we are committed to your peace of mind and business continuity. Integrating top-tier cybersecurity technology with deep insurance expertise ensures your security measures are consistently monitored, managed, and optimized. Learn more about Guardz

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
All-in-one security solution that scans your website, detects vulnerabilities and offers remediation, in three steps: Find-Fix-Prevent. Learn more about Acunetix
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly in Learn more about Acunetix

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
A prioritization-driven threat and vulnerability management software for enterprises that offers built-in patching. Learn more about ManageEngine Vulnerability Manager Plus
Vulnerability Manager Plus delivers comprehensive coverage, continual visibility, risk-based assessment, and integral remediation of vulnerabilities and misconfigurations from a central console. It offers extensive features including vulnerability assessment, automated patching, CIS compliance management, security configuration management, high-risk software audit, antivirus audit and active port audit. Vulnerability Manager Plus comes with plenty of reports, dashboards, and endless scalability. Learn more about ManageEngine Vulnerability Manager Plus

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
The AI-Powered Accessibility Widget automatically finds/fixes web accessibility issues 24/7 for continuous ADA and WCAG compliance. Learn more about UserWay Accessibility Widget
UserWay’s digital accessibility solutions help you continuously comply with the ADA and WCAG. Trusted by millions of websites, its AI-Powered Widget automatically fixes accessibility violations 24/7, offers 100+ accessibility tools, and supports 50+ languages to elevate your website performance and brand image. UserWay also provides accessibility scanning, document remediation, attorney-led legal support, commission-based partnerships, managed accessibility, platform integration, and more. Learn more about UserWay Accessibility Widget

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Nessus Pro, the industry leader in vulnerability assessment, helps you quickly and easily identify and fix vulnerabilities.
Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations. With features such as pre-built policies and templates, group snooze functionality, and real-time updates, it makes vulnerability assessment easy and intuitive. Learn more about Nessus

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Syxsense delivers comprehensive vulnerability scanning, including security configurations.
Syxsense delivers comprehensive vulnerability scanning, including security configurations. Syxsense detects OS and third-party software and security configuration vulnerabilities, such as open ports, disabled firewalls, insecure passwords, and more. With Syxsense, you can safeguard your systems with centralized patch updated and security risk detection and resolution through a single agent. Learn more about Syxsense

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Orca Security is the pioneer of agentless cloud security that spans AWS, Azure, Google Cloud and Kubernetes.
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes. Learn more about Orca Security

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Web application penetration testing tool that helps you to identify vulnerabilities on your website before hackers exploit them.
Automate vulnerability assessment, accelerate remediation and secure your web applications from the latest security vulnerabilities. Security tests can be scheduled on a weekly or monthly basis to have regular vulnerability assessments and keep the website security intact. The DevSecOps CI plugins allow one to automate regular vulnerability assessment in the CI/CD pipeline to get real-time updates of an application's security on Slack, JIRA or Trello right during the development phase. Learn more about Beagle Security

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Monitors the vulnerability management process, tracks remediation and ensures policy compliance.
Security Risk and Compliance Management - On Time, On Budget, On Demand -- Qualys is the first company to deliver an on demand solution for security risk and compliance management. Qualys monitors your company's vulnerability management process, tracks remediation and ensures policy compliance. QualysGuard is also the widest deployed security on demand platform in the world, performing over 150 million IP audits per year - with no software to install and maintain. Learn more about Qualys Cloud Platform

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
The first Click&Play Cyber Security platform. CyLock finds out if your systems are hacker safe in one click!
CyLock is a software designed to defend your systems from hacker attacks, identifying weaknesses on your systems and websites, providing information to address vulnerabilities (those used by cyber criminal to access to your computers). Learn more about CyLock Anti-Hacker

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface.
KACE® by Quest supports your unified endpoint management (UEM) strategy by helping you discover and track every device in your environment, automate administrative tasks, keep compliance requirements up-to-date and secure your network from a range of cyberthreats. Discover, manage and secure all your endpoints from one console as you co-manage your traditional and modern endpoints, including Windows, Mac, Linux, ChromeOS, and iOS and Android devices. Learn more about KACE

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
AppTrana monitors web traffic and blocks malicious attacks. It is combined with DDoS, API risk, and Bot mitigation solutions.
Indusface’s AppTrana is a fully managed web application firewall that ensures risk-based protection with its DDoS, API risk, and Bot mitigation services while assuring web acceleration with secure CDN. Combining automated scanning with manual pen-testing, it detects application vulnerabilities. All of this with 24x7 expert support to meet zero false-positive guarantees. Indusface is the only vendor to be named Customers’ Choice for WAAP in all the 7 segments of the Gartner VoC 2022 Report. Learn more about AppTrana

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Our Active Directory Audit Tool is free and runs on Windows Server 2008 & later. The audit results are provided in a clickable report.
FREE tool that scans your Active Directory, and detects security-related weaknesses, specifically related to password policies. Collect and display interactive reports containing user and password policy information. This includes checking user account passwords against a list of vulnerable passwords obtained from leaks and ones observed in real attacks. The audit can also help you identify which accounts may be violating your security policy by using the same password across multiple accounts. Learn more about Specops Password Auditor

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Hackrate is a bug bounty platform that helps companies reduce cybersecurity risks by using the power of the global hacker community.
Hackrate Bug Bounty platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company. A bug bounty is about using the power of crowdsourced security to secure your business. During a bug bounty program, a company offers rewards to ethical hackers for reporting vulnerabilities. Learn more about Hackrate

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Invicti Enterprise, formerly Netsparker, is a comprehensive automated web vulnerability scanning solution.
Invicti, formerly Netsparker, is an automated vulnerability scanning security testing tool that makes it possible for enterprise organizations to secure thousands of websites and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to automate their web security with confidence. Learn more about Invicti

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Reduce the time required to manage critical changes and repetitive tasks across complex, multi-vendor networks.
SolarWinds Network Configuration Manager (NCM) delivers powerful network configuration and compliance management. Automate config backups, so you can quickly roll back a blown configuration or provision a replacement device. Continuously audit configs and get alerted if a device is out of compliance, then remediate vulnerabilities rapidly through bulk config deployment. Prevent unauthorized network changes through change delegation, monitoring, and alerting. Learn more about SolarWinds Network Configuration Manager

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Continuous protection for your evolving IT environment, multiplatform cyber risk management and 24/7 ESET expertise on call.
ESET's MDR service represents the most densely multilayered and effective cybersecurity approach in the world. The MDR service takes ESET's cutting-edge technology and augments it with hands-on expertise, delivered 24/7/365, ensuring antimalware technology and strategy are perfectly aligned. With full XDR capabilities thanks to ESET Inspect, the XDR-enabling component, this is the optimal approach to securing your enterprise. Learn more about ESET PROTECT MDR

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
EcoTrust is a CAASM platform prioritizing critical business cyber risks, integrating AI for advanced security.
EcoTrust introduces an innovative CAASM platform that redefines cybersecurity by focusing on prioritizing critical business risks. Our solution offers a consolidated view of vulnerabilities and attack surfaces, employing advanced AI to filter out noise and concentrate on what truly matters, enabling security teams to do more with less. It integrates data from over 50 technologies, providing a comprehensive view of cyber risks, enhancing operational efficiency, and improving security decision accuracy. Our platform not only identifies and holistically visualizes risks and vulnerabilities through 6 native scanners but also prioritizes the greatest risks based on technical and business contexts. This optimizes resource allocation, reducing the time needed for critical fixes and improving threat response capabilities. EcoTrust also delivers treatment recommendations generated by AI, speeding up the response to critical vulnerabilities and improving key cyber risk indicators. Learn more about EcoTrust

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Security management platform offering fully integrated security controls for threat detection and compliance management.
USM Anywhere delivers a unified, simple and affordable solution for threat detection and compliance. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the largest crowd-sourced threat intelligence exchange, USM enables mid-size organizations to defend against modern threats. Learn more about USM Anywhere

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
GlitchSecure is real-time continuous security testing platform that you helps identify and remediate software vulnerabilities.
GlitchSecure is a real-time continuous security testing platform that helps you find and remediate software vulnerabilities and prevent breaches through year round security testing, expert driven insights, and verified reports to eliminate false positives. Go beyond a point in time pentesting and get a real-time assessment of your security posture while continually monitoring your assets for vulnerabilities. Learn more about GlitchSecure

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Probely is a DAST scanner designed to empower Security and DevOps teams working together to reduce the security risk of web apps & APIs
Probely is the premier cloud-based automated application security testing solution designed to empower Security and DevOps teams working efficiently together on a DevSecOps approach built to reduce risk across web applications and RESTful APIs. With over 30 000 vulnerabilities detection capabilities, including SQLi, XSS, Log4j, OS Command Injection, and SSL/TLS issues, Probely reports vulnerabilities that matter, is false-positive free, and includes detailed instructions on fixing them. Learn more about Probely

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Cyber Chief is a vulnerability scanner & issue management tool that helps you ship software with zero security known vulnerabilities
Cyber Chief gives software teams the power to find and fix thousands of vulnerabilities in their web applications and cloud infrastructure. With its one-click vulnerability scanning and smart vulnerability management features, Cyber Chief will help your software team secure their applications and infrastructure, even if there is zero application security qualifications or experience on your team. Cyber Chief is cloud-based and has military-grade security controls so that your security secret Learn more about Cyber Chief

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
The Unified Data Platform combines complete IT visibility as well as data enrichment and transformation in one central solution.
IT landscapes are subject to constant change, making it increasingly difficult for companies to maintain transparency. The multitude of hardware and software applications as well as geographically distributed branches ensure that a holistic overview of the IT landscape (internal, hosted and cloud) can‘t be guaranteed. The Unified Data Platform powered by RayVentory collects all relevant data for you and prepares them in a meaningful and targeted way: The central point for all data. Learn more about RayVentory

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization