free security assessment tools 2014Finding a good vulnerability scanner is a hard job as there are many to choose from. We have made an top 5 list of free vulnerability scanners which you can use to audit your targets for vulnerabilities. 

Vulnerability scanning is performed by (ethical) hackers that wish to find vulnerabilities in their designated targets which they afterwards can exploit with the right exploit.

Qualys - Cloud solution free for 7 days 

The Qualys vulnerability scanner can be used for free and it will allow you to use the power of the cloud as your targets will be audited from on external IP. The Qualys cloud solution will allow you to discover devices, find vulnerabilities, perform PCI audits and it will help you to stay on top of the latest security patches. 

Nessus Vulnerability Scanner - Free for 7 days 

The Nessus® vulnerability scanner provides patch, configuration, and compliance auditing; mobile, malware, and botnet discovery; sensitive data identification; and many other features.

With a continuously updated library of more than 60,000 plugins and the support of Tenable’s expert vulnerability research team, Nessus delivers accuracy to the marketplace. Nessus scales to serve the largest organizations, and is easy to deploy on premises or in the Amazon Web Services (AWS) cloud.

OpenVAS - Open Source Vulnerability scanner

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 30,000 in total (as of April 2013).

All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).

Subgraph VEGA free vulnerability scanner

The Subgraph VEGA security scanner can be downloaded for free and is free of charge. Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. 

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web:Javascript. 

GFI LanGuard 30 days free usage

Easy to set up and use, GFI LanGuard® acts as a virtual security consultant to provide you with a comprehensive overview of your business’s network security status through vulnerability assessments, patch management, and network and software auditing.

The GFI LanGuard is an complete network security package.