17 years helping British businesses
choose better software

Vulnerability Scanner Tools

A vulnerability scanner is a tool used to monitor applications, networks and environments for security flaws and vulnerabilities. Vulnerability scanners maintain a database of known vulnerabilities and conduct continuous scans to identify new ones. Vulnerability scanners typically produce reports on specific vulnerabilities, as well as provide prioritized remediation recommendations.

Featured software

Most reviewed software

Explore the most reviewed products by our users on the Vulnerability Scanner Tools

United Kingdom Show local products
Invicti Enterprise, formerly Netsparker, is a comprehensive automated web vulnerability scanning solution. Learn more about Invicti
Invicti, formerly Netsparker, is an automated vulnerability scanning security testing tool that makes it possible for enterprise organizations to secure thousands of websites and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to automate their web security with confidence. Learn more about Invicti

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Astra’s cloud-based hacker-style Pentest covers all aspects of pentesting for web apps, mobile apps, APIs, and cloud infrastructure. Learn more about Astra Pentest
Astra Pentest is comprehensive platform featuring an automated vulnerability scanner, manual pentest capabilities, and an all-purpose vulnerability management dashboard that helps you streamline every step of the pentest process, from detection and prioritization of vulnerabilities to collaborative remediation. The automated scanner performs 8000+ security checks, including security checks for all CVEs listed in the OWASP top 10 and SANS 25. It also conducts all required tests to comply with ISO 27001 and HIPAA. Astra Integrates with GitLab, GitHub, Bitbucket, Slack & Jira to superpower your tech stack. Learn more about Astra Pentest

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
A robust, end-to-end security platform securing code since 2003. Supports 30+ languages and integrates with your IDE. Learn more about Kiuwan
Kiuwan is a robust, end-to-end application security platform that integrates seamlessly into your development process. Our toolset includes Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Code Analysis for Quality Assurance (QA), empowering your team to quickly identify and remediate vulnerabilities. Top features: ✅ Extensive language support: Over 30 programming languages. ✅ Detailed action plans: Prioritize remediation with tailored action plans. ✅ Code Security: Seamless SAST integration. ✅ Insights: On-demand or continuous scanning SCA to help reduce third-party threats. Protect your applications with confidence. Learn more about Kiuwan

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Unified detection & response in an AI-powered platform, streamlining cybersecurity for MSPs and IT service providers to protect SMBs. Learn more about Guardz
Guardz is a leading unified cybersecurity solution designed for MSPs. It empowers them to protect their clients from evolving digital threats by leveraging AI and a multilayered approach to combat phishing, ransomware attacks, data loss, and user risks. Our technology streamlines cybersecurity by automating the detection and response process across user data, devices, emails, and cloud directories, all in a single pane of glass. At Guardz, we are committed to your peace of mind and business continuity. Integrating top-tier cybersecurity technology with deep insurance expertise ensures your security measures are consistently monitored, managed, and optimized. Learn more about Guardz

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
All-in-one security solution that scans your website, detects vulnerabilities and offers remediation, in three steps: Find-Fix-Prevent. Learn more about Acunetix
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications. With Acunetix, security teams can: - Save time and resources by automating manual security processes. - Work more seamlessly with developers, or embrace DevSecOps by integrating directly in. - Leave no potential entry points unscanned and vulnerable to attack. - Detect over 12,000+ vulnerabilities, including zero-days. Learn more about Acunetix

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
A prioritization-driven threat and vulnerability management software for enterprises that offers built-in patching. Learn more about ManageEngine Vulnerability Manager Plus
Vulnerability Manager Plus delivers comprehensive coverage, continual visibility, risk-based assessment, and integral remediation of vulnerabilities and misconfigurations from a central console. It offers extensive features including vulnerability assessment, automated patching, CIS compliance management, security configuration management, high-risk software audit, antivirus audit and active port audit. Vulnerability Manager Plus comes with plenty of reports, dashboards, and endless scalability. Learn more about ManageEngine Vulnerability Manager Plus

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
The AI-Powered Accessibility Widget automatically finds/fixes web accessibility issues 24/7 for continuous ADA and WCAG compliance. Learn more about UserWay Accessibility Widget
UserWay’s digital accessibility solutions help you continuously comply with the ADA and WCAG. Trusted by millions of websites, its AI-Powered Widget automatically fixes accessibility violations 24/7, offers 100+ accessibility tools, and supports 50+ languages to elevate your website performance and brand image. UserWay also provides accessibility scanning, document remediation, attorney-led legal support, commission-based partnerships, managed accessibility, platform integration, and more. Learn more about UserWay Accessibility Widget

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Aikido Security scans your source code and cloud for vulnerabilities. Get all your code & cloud security issues in one dashboard. Learn more about Aikido Security
Aikido Security is a developer-first, all-in-one vulnerability scanner. We scan your source code, containers & cloud to show you which vulnerabilities are important to solve. Our strenght shows in combining differnt scanning capabilities like container Scanning, SAST, IaC, DAST, SCA, CSPM, Secrets Detection, open source license scanning, dependencies scanning, all in one tool. Learn more about Aikido Security

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
vRx is a consolidated Vulnerability Remediation platform. Start mitigating vulnerable threats, remotely & automatically. Learn more about vRx
vRx enables companies to analyze, prioritize, and act against software vulnerabilities with or without a security patch. Patch everything you need and close security gaps by automatically or manually installing prioritized updates when a patch is available for your OS and Apps. Focus on the vulnerabilities that have a real probability of being exploited. vRx’s Patchless Protection reduces the risk of a security breach even when a patch is not available. Using in-memory protection. Learn more about vRx

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Nessus Pro, the industry leader in vulnerability assessment, helps you quickly and easily identify and fix vulnerabilities.
Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations. With features such as pre-built policies and templates, group snooze functionality, and real-time updates, it makes vulnerability assessment easy and intuitive. Learn more about Nessus

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Syxsense delivers comprehensive vulnerability scanning, including security configurations.
Syxsense delivers comprehensive vulnerability scanning, including security configurations. Syxsense detects OS and third-party software and security configuration vulnerabilities, such as open ports, disabled firewalls, insecure passwords, and more. With Syxsense, you can safeguard your systems with centralized patch updated and security risk detection and resolution through a single agent. Learn more about Syxsense

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Comprehensive, AI-driven cloud security platform for AWS, Azure, GCP, and others, that’s easy to use and brings value from day one.
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes. Learn more about Orca Security

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Web application penetration testing tool that helps you to identify vulnerabilities on your website before hackers exploit them.
Automate vulnerability assessment, accelerate remediation and secure your web applications from the latest security vulnerabilities. Security tests can be scheduled on a weekly or monthly basis to have regular vulnerability assessments and keep the website security intact. The DevSecOps CI plugins allow one to automate regular vulnerability assessment in the CI/CD pipeline to get real-time updates of an application's security on Slack, JIRA or Trello right during the development phase. Learn more about Beagle Security

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
The first Click&Play Cyber Security platform. CyLock finds out if your systems are hacker safe in one click!
CyLock is a software designed to defend your systems from hacker attacks, identifying weaknesses on your systems and websites, providing information to address vulnerabilities (those used by cyber criminal to access to your computers). Learn more about CyLock EVA

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Monitors the vulnerability management process, tracks remediation and ensures policy compliance.
Security Risk and Compliance Management - On Time, On Budget, On Demand -- Qualys is the first company to deliver an on demand solution for security risk and compliance management. Qualys monitors your company's vulnerability management process, tracks remediation and ensures policy compliance. QualysGuard is also the widest deployed security on demand platform in the world, performing over 150 million IP audits per year - with no software to install and maintain. Learn more about Qualys Cloud Platform

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface.
KACE® by Quest supports your unified endpoint management (UEM) strategy by helping you discover and track every device in your environment, automate administrative tasks, keep compliance requirements up-to-date and secure your network from a range of cyberthreats. Discover, manage and secure all your endpoints from one console as you co-manage your traditional and modern endpoints, including Windows, Mac, Linux, ChromeOS, and iOS and Android devices. Learn more about KACE

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
AppTrana monitors web traffic and blocks malicious attacks. It is combined with DDoS, API risk, and Bot mitigation solutions.
Indusface’s AppTrana is a fully managed web application firewall that ensures risk-based protection with its DDoS, API risk, and Bot mitigation services while assuring web acceleration with secure CDN. Combining automated scanning with manual pen-testing, it detects application vulnerabilities. All of this with 24x7 expert support to meet zero false-positive guarantees. Indusface is the only vendor to be named Customers’ Choice for WAAP in all the 7 segments of the Gartner VoC 2022 Report. Learn more about AppTrana

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Hackrate is a bug bounty platform that helps companies reduce cybersecurity risks by using the power of the global hacker community.
Hackrate Bug Bounty platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company. A bug bounty is about using the power of crowdsourced security to secure your business. During a bug bounty program, a company offers rewards to ethical hackers for reporting vulnerabilities. Learn more about Hackrate

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Our Active Directory Audit Tool is free and runs on Windows Server 2008 & later. The audit results are provided in a clickable report.
FREE tool that scans your Active Directory, and detects security-related weaknesses, specifically related to password policies. Collect and display interactive reports containing user and password policy information. This includes checking user account passwords against a list of vulnerable passwords obtained from leaks and ones observed in real attacks. The audit can also help you identify which accounts may be violating your security policy by using the same password across multiple accounts. Learn more about Specops Password Auditor

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Reduce the time required to manage critical changes and repetitive tasks across complex, multi-vendor networks.
SolarWinds Network Configuration Manager (NCM) delivers powerful network configuration and compliance management. Automate config backups, so you can quickly roll back a blown configuration or provision a replacement device. Continuously audit configs and get alerted if a device is out of compliance, then remediate vulnerabilities rapidly through bulk config deployment. Prevent unauthorized network changes through change delegation, monitoring, and alerting. Learn more about SolarWinds Network Configuration Manager

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Sigrid simplifies the vulnerability scanning process with its powerful platform that provides ongoing monitoring and detailed analysis
Sigrid provides an integrated vulnerability scanning solution that effectively identifies, classifies, and prioritizes vulnerabilities within software portfolios. Leveraging advanced scanning technologies, Sigrid offers comprehensive insights into potential security risks, facilitating prompt and informed responses. Its systematic approach to vulnerability management supports continuous improvements in software security by ensuring all findings are clearly communicated and actionable, enabling teams to address vulnerabilities efficiently and maintain high security standards across their applications. Designed for security teams, IT managers, and developers in organizations of any size, Sigrid is especially valuable for those managing large-scale software systems that require consistent monitoring and rapid response to security vulnerabilities. It is a fit for industries where security compliance and risk management are critical. Learn more about Sigrid

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Uninterrupted protection for organizations with 250+ employees, multiplatform cyber risk management and 24/7 ESET expertise on call.
ESET's MDR service represents the most densely multilayered and effective cybersecurity approach in the world. The MDR service takes ESET's cutting-edge technology and augments it with hands-on expertise, delivered 24/7/365, ensuring antimalware technology and strategy are perfectly aligned. With full XDR capabilities thanks to ESET Inspect, the XDR-enabling component, this is the optimal approach to securing your enterprise. Learn more about ESET PROTECT MDR

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
GlitchSecure is real-time continuous security testing platform that you helps identify and remediate software vulnerabilities.
GlitchSecure is a real-time continuous security testing platform that helps you find and remediate software vulnerabilities and prevent breaches through year round security testing, expert driven insights, and verified reports to eliminate false positives. Go beyond a point in time pentesting and get a real-time assessment of your security posture while continually monitoring your assets for vulnerabilities. Learn more about GlitchSecure

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
EcoTrust is a CAASM platform prioritizing critical business cyber risks, integrating AI for advanced security.
EcoTrust introduces an innovative CAASM platform that redefines cybersecurity by focusing on prioritizing critical business risks. Our solution offers a consolidated view of vulnerabilities and attack surfaces, employing advanced AI to filter out noise and concentrate on what truly matters, enabling security teams to do more with less. It integrates data from over 50 technologies, providing a comprehensive view of cyber risks, enhancing operational efficiency, and improving security decision accuracy. Our platform not only identifies and holistically visualizes risks and vulnerabilities through 6 native scanners but also prioritizes the greatest risks based on technical and business contexts. This optimizes resource allocation, reducing the time needed for critical fixes and improving threat response capabilities. EcoTrust also delivers treatment recommendations generated by AI, speeding up the response to critical vulnerabilities and improving key cyber risk indicators. Learn more about EcoTrust

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
Security management platform offering fully integrated security controls for threat detection and compliance management.
USM Anywhere delivers a unified, simple and affordable solution for threat detection and compliance. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the largest crowd-sourced threat intelligence exchange, USM enables mid-size organizations to defend against modern threats. Learn more about USM Anywhere

Features

  • API
  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization