The Top 10 Vulnerability Scanners

by Kate McFarlin

A vulnerability scanner is an essential tool for any server, particularly one online. Every day, new hacks and malicious codes are created for the express purpose of cracking into information or bringing a server down.

Installing a vulnerability scanner and using it on a regular basis will help protect a server from these threats. Many can be configured to run automatically and will alert you if a vulnerability is found.


Long considered to be one of the best Unix based vulnerability scanners on the market, this scanner used to be open-source, but is now only available in paid versions. However, the overall cost is low given its capabilities.


Retina is very similar to Nessus, and can scan all of the hosts on a network. This is a very good choice for busy servers and networks where threats are almost constant.

Core Impact

An enterprise-level vulnerability scanner that comes with an enterprise level price tag of more than $10,000, it is worth the money given its capability, track record and ability to constantly scan systems.


The Windows version of Nessus, designed to work on Windows networks and servers, NeWT is a very competent version of the popular Nessus and more than capable of scanning numerous hosts.


This particular vulnerability scanner has numerous options and can run on a server without an agent. However, it is very complex and has a high learning curve. This is not the best utility for beginners, but very well suited for those who are already well-versed in servers, networks and scanners.


SARA stands for Security Auditor's Research Assistant. Although development on this application was halted in 2009, it still ranks among the best vulnerability scanners available today. It's based on the legendary SATAN scanner that first debuted in 1995.


An ideal scanner for those less technically inclined, it works in the background, produces a report of any possible vulnerabilities and then offers links to help you fix any issues.


MBSA is short for Microsoft Baseline Security Analyzer and is, of course, a Windows-based application. It is ideal for running on numerous servers and is capable of handling a heavy workload.


Unlike the other vulnerability scanners mentioned here, QualysGuard is a web-based application. There are a few downsides to this for those looking to control costs, but for those who need a little extra help in understanding vulnerability scan reports, this is an ideal tool.

N-Stealth Security Scanner

N-Stealth Security Scanner offers one serious edge over its competition---a database containing more than 30,000 known vulnerabilities. In addition, it has an active development team that is constantly updating that database to keep information current. For those who face threats on a daily basis, this particular vulnerability scanner would be attractive.

About the Author

Kate McFarlin is a licensed insurance agent with extensive experience in covering topics related to marketing, small business, personal finance and home improvement. She began her career as a Web designer and also specializes in audio/video mixing and design.

More Articles