Open Source Network Scanner
Nmap ('Network Mapper') is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Many network tools such as traceroute, ping, and network scanner are included. Dia is a free and open-source diagram software that resembles the Visio in many. Open-AudIT can be configured to scan your network and devices automatically. A daily scan is recommended for systems, with network scans every couple of hours. That way, you can be assured of being notified if something changes (day to day) on a PC, or even sooner, if something 'new' appears on your network. An open port scanner is a tool which is used to check the external IP address and identify open ports on the connection. It is used to detect whether the port forwarding is setup accurately or the server applications are being blocked by a firewall. Port Checker tools used to examine the network for ports that are commonly forwarded.
Description
Web Application Vulnerability Scanners are automated tools that scan web applications, normally from the outside, to look for security vulnerabilities such as Cross-site scripting, SQL Injection, Command Injection, Path Traversal and insecure server configuration. This category of tools is frequently referred to as Dynamic Application Security Testing (DAST) Tools. A large number of both commercial and open source tools of this type are available and all of these tools have their own strengths and weaknesses. If you are interested in the effectiveness of DAST tools, check out the OWASP Benchmark project, which is scientifically measuring the effectiveness of all types of vulnerability detection tools, including DAST.
Here we provide a list of vulnerability scanning tools currently available in the market.
Disclaimer: The tools listing in the table below are presented in alphabetical order. OWASP does not endorse any of the Vendors or Scanning Tools by listing them in the table below.
OWASP is aware of the Web Application Vulnerability Scanner Evaluation Project (WAVSEP). WAVSEP is completely unrelated to OWASP and we do not endorse its results, nor any of the DAST tools it evaluates. However, the results provided by WAVSEP may be helpful to someone interested in researching or selecting free and/or commercial DAST tools for their projects. This project has far more detail on DAST tools and their features than this OWASP DAST page.
Tools Listing
| Name/Link | Owner | License | Platforms | Note |
|---|---|---|---|---|
| Abbey Scan | MisterScanner | Commercial | SaaS | |
| Acunetix | Acunetix | Commercial | Windows, Linux, MacOS | Free (Limited Capability) |
| App Scanner | Trustwave | Commercial | Windows | |
| AppCheck Ltd. | AppCheck Ltd. | Commercial | SaaS | Free trial scan available |
| AppScan | HCL Software | Commercial | Windows | |
| AppScan on Cloud | HCL Software | Commercial | SaaS | |
| AppSpider | Rapid7 | Commercial | Windows | |
| AppTrana Website Security Scan | AppTrana | Free | SaaS | |
| Arachni | Arachni | Free | Most platforms supported | Free for most use cases |
| BREACHLOCK Dynamic Application Security Testing | BREACHLOCK | Commercial | SaaS | |
| BlueClosure BC Detect | BlueClosure | Commercial | Most platforms supported | 2 week trial |
| Burp Suite | PortSwiger | Commercial | Most platforms supported | Free (Limited Capability) |
| Contrast | Contrast Security | Commercial | SaaS or On-Premises | Free (Full featured for 1 App) |
| Crashtest Security | Crashtest Security | Commercial | SaaS or On-Premises | |
| Cyber Chief | Audacix | Commercial | SaaS or On-Premises | |
| Detectify | Detectify | Commercial | SaaS | |
| Digifort- Inspect | Digifort | Commercial | SaaS | |
| Edgescan | Edgescan | Commercial | SaaS | |
| GamaScan | GamaSec | Commercial | Windows | |
| GoLismero | GoLismero Team | Open Source | Windows, Linux and Macintosh | GPLv2.0 |
| Grabber | Romain Gaucher | Open Source | Python 2.4, BeautifulSoup and PyXML | |
| Gravityscan | Defiant, Inc. | Commercial | SaaS | Free (Limited Capability) |
| Grendel-Scan | David Byrne | Open Source | Windows, Linux and Macintosh | |
| HostedScan.com | HostedScan.com | Commercial | SaaS | Free Forever |
| IKare | ITrust | Commercial | N/A | |
| ImmuniWeb | High-Tech Bridge | Commercial | SaaS | Free (Limited Capability) |
| Indusface Web Application Scanning | Indusface | Commercial | SaaS | Free trial available |
| InsightVM | Rapid7 | Commercial | SaaS | Free trial available |
| Intruder | Intruder Ltd. | Commercial | ||
| K2 Security Platform | K2 Cyber Security | Commercial | SaaS/On-Premise | Free trial available |
| N-Stealth | N-Stalker | Commercial | Windows | |
| Nessus | Tenable | Commercial | Windows | |
| Netsparker | Netsparker | Commercial | Windows | |
| Nexpose | Rapid7 | Commercial | Windows/Linux | Free (Limited Capability) |
| Nikto | CIRT | Open Source | Unix/Linux | |
| Probely | Probely | Commercial | SaaS | Free (Limited Capability) |
| Proxy.app | Websecurify | Commercial | Macintosh | |
| QualysGuard | Qualys | Commercial | N/A | |
| ReconwithMe | Nassec | Commercial | SaaS | Free (Limited Capability) |
| Retina | BeyondTrust | Commercial | Windows | |
| Ride (REST JSON Payload fuzzer) | Adobe, Inc. | Open Source | Linux / Mac / Windows | Apache 2 |
| SOATest | Parasoft | Commercial | Windows / Linux / Solaris | |
| Sec-helpers | VWT Digital | Open Source or Free | N/A | |
| SecPoint Penetrator | SecPoint | Commercial | N/A | |
| Security For Everyone | Security For Everyone | Commercial | SaaS | Free (Limited Capability) |
| Securus | Orvant, Inc | Commercial | N/A | |
| Sentinel | WhiteHat Security | Commercial | N/A | |
| StackHawk | StackHawk | Commercial | SaaS | |
| Tinfoil Security | Tinfoil Security, Inc. | Commercial | SaaS or On-Premises | Free (Limited Capability) |
| Trustkeeper Scanner | Trustwave SpiderLabs | Commercial | SaaS | |
| Vega | Subgraph | Open Source | Windows, Linux and Macintosh | |
| Vex | UBsecure | Commercial | Windows | |
| WPScan | WPScan Team | Commercial | Linux and Mac | Free options |
| Wapiti | Informática Gesfor | Open Source | Windows, Unix/Linux and Macintosh | |
| Web Security Scanner | DefenseCode | Commercial | On-Premises | |
| WebApp360 | TripWire | Commercial | Windows | |
| WebCookies | WebCookies | Free | SaaS | |
| WebInspect | Micro Focus | Commercial | Windows | |
| WebReaver | Websecurify | Commercial | Macintosh | |
| WebScanService | German Web Security | Commercial | N/A | |
| Websecurify Suite | Websecurify | Commercial | Windows, Linux, Macintosh | Free (Limited Capability) |
| Wikto | Sensepost | Open Source | Windows | |
| Zed Attack Proxy | OWASP | Open Source | Windows, Unix/Linux, and Macintosh | Apache-2.0 |
| beSECURE (formerly AVDS) | Beyond Security | Commercial | SaaS | Free (Limited Capability) |
| purpleteam | OWASP | Open Source | CLI and SaaS | GNU-AGPL v3 |
| w3af | w3af.org | Open Source | Linux and Mac | GPLv2.0 |
References
- SAST Tools - OWASP page with similar information on Static Application Security Testing (SAST) Tools
- Free for Open Source Application Security Tools - OWASP page that lists the Commercial Dynamic Application Security Testing (DAST) tools we know of that are free for Open Source
- http://sectooladdict.blogspot.com/ - Web Application Vulnerability Scanner Evaluation Project (WAVSEP)
- http://projects.webappsec.org/Web-Application-Security-Scanner-Evaluation-Criteria - v1.0 (2009)
- http://www.slideshare.net/lbsuto/accuracy-and-timecostsofwebappscanners - White Paper: Analyzing the Accuracy and Time Costs of WebApplication Security Scanners - By Larry Suto (2010)
- http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners.html - NIST home page which links to: NIST Special Publication 500-269: Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0 (21 August, 2007)
- http://www.softwareqatest.com/qatweb1.html#SECURITY - A list of Web Site Security Test Tools. (Has both DAST and SAST tools)
Choosing the right network monitoring solution for your enterprise is not easy. IT professionals and decision-makers need to consider several factors when choosing solutions for their business, such as security, compatibility, ease of use, and (of course) budget. Enterprise-grade tech solutions are typically viewed as expensive, but is that always the case? Not necessarily! There are several free and open source network monitoring tools that your business should consider when choosing a network monitoring solution.
Best Open Source Network Scanner
That’s why we at Solutions Review have compiled a list of the best 17 free and open source network monitoring tools. These tools are either free to install and use, or released under an open source license. They should definitely be considered if your enterprise wants to keep costs down, but we should note that they may not be the best fit for your company. Many free tools are trimmed-down versions of a fully-equipped network monitoring program, and a lot of open source developments require technical knowledge or developer expertise. As such, we’ve listed some of the major features of each free and open source tool so you know what each solution specializes in.
If you’re looking for more resources on the best free network monitoring tools and vendors, our Free and Open Source Network Monitoring Buyer’s Guide has you covered. The guide profiles 16 free and open source network monitoring tools that provide similar monitoring capabilities to enterprise-grade commercial offerings for a fraction — or none — of the cost. It is the perfect resource for small businesses looking to eliminate network performance issues and ensure high availability. You can download that guide here.
AppNeta PathTest
Free Open Source Network Scanner
AppNeta PathTest is a free network capacity testing tool designed to help businesses understand the true capacity of their network. PathTest seeks to improve layer 3 and layer 4 performance by displaying an accurate picture of your network’s maximum capabilities. It deliberately floods your network with data packets to fill the network to its full capacity. Users can set the duration of this test up to a maximum of 10 seconds and run the tests at any time.
Cacti
Cacti is an open source network monitoring tool based on RRDTool’s data logging and graphing system. The tool uses network polling and data collection functionality to gather information on devices on networks of any size. This includes the ability to design custom scripts for data collection alongside support for SNMP polling. It then displays this information in easy-to-understand graphs which can be arranged in whatever hierarchy your business is most comfortable with.
EventSentry Light
EventSentry Light is a free version of EventSentry’s SIEM, server monitoring, and network monitoring tool suite. The Light version still features the same event log monitoring capabilities as the full version, so your enterprise can collect and interpret data from logs on devices connected to your network. EventSentry Light also handles system health monitoring functions, including service monitoring, performance issue monitoring, and hardware failure monitoring.
Famatech Advanced IP Scanner
Famatech’s Advanced IP Scanner is a free network monitoring scanning tool that provides analysis on LAN networks and devices. Advanced IP Scanner allows you to scan for devices on your network and remotely control connected computers and nodes. You can switch computers off from the tool if you know that the device isn’t in use and is utilizing valuable resources. The tool connects with Famatech’s Radmin solution for remote IT management, so you can manage IPs from anywhere.
Icinga
Icinga is an open source network monitoring tool that measures network availability and performance. Through a web interface, your enterprise can observe hosts and applications across your entire network infrastructure. The tool is natively scalable and can easily be configured to work with every kind of device. There are also a handful of Icinga modules for specific monitoring capabilities, such as monitoring for VMWare’s vSphere cloud environment and business process modelling.
LibreNMS
LibreNMS is an open source network monitoring system that uses several network protocols to observe every device on your network. The LibreNMS API can retrieve, manage, and graph the data it collects and supports horizontal scaling to grow its monitoring capabilities alongside your network. The tool features a flexible alerting system that is tailor-made to communicate with you via the method that works best for your company. They offer native iOS and Android apps as well.
LogRhythm NetMon Freemium
LogRhythm NetMon Freemium is a free version of LogRhythm NetMon that provides the same enterprise-grade packet capturing and analysis capabilities as the full version. While there are limits on packet storage and data processing, The freemium version still allows users to perform network threat detection and response functions based on data packet analysis. It also provides the same network threat alerting system as the full version, allowing you to stay up to date on your network’s performance and security.
Nagios Core
Nagios Core is a free network monitoring tool designed as the basis for other monitoring and alerting software offered by Nagios. It is primarily a performance check tool that schedules and executes checks for network performance across the entire infrastructure. As the event processor for performance checks used by other Nagios software, Nagios Core is also able to extend its capabilities with independent add-ons via the Naigos Exchange.
Observium Community
Observium Community is the free version of Observium’s network monitoring tool. With the free version, you can monitor an unlimited amount of devices while also taking full advantage of Obersvium’s network mapping features. The Observium network monitoring platform features automatic discovery of connected devices. It also comes equipped with discovery protocols to ensure that the map of your network is up to date. This way, you can account for new devices as they connect to the network.
Pandora FMS
Pandora FMS is an open source monitoring tool that helps companies observe their entire IT infrastructure. It not only features network monitoring capabilities, but also Windows and Unix servers and virtual interfaces. For networks, Pandora FMS contains features such as ICMP polling, SNMP support, network latency monitoring, and system overload. You can also install agents on devices to observe factors like device temperature and overheating, as well as logfile occurrences.
Paessler PRTG 100
Paessler PRTG 100 is a network monitoring tool that offers a free version: PRTG 100. PRTG offers this tier of their monitoring program that supports 100 devices on a single network. PRTG’s monitoring features include capabilities to track network traffic, applications, data packets, and bandwidth. The software functions as an all-in-one monitoring suite which is also able to monitor cloud environments, virtual machines, and hardware in addition to a network.
Prometheus
Prometheus is an open source monitoring solution focused on data collection and analysis. It allows users to set up network monitoring capabilities using the native toolset. The tool is able to collect information on devices using SNMP pings and examine network bandwidth usage from the device perspective, among other functinos. The PromQL system analyzes data and allows for the program to generate graphs, tables, and other visuals on the systems it monitors.
SolarWinds Real-Time Bandwidth Monitor
SolarWinds Real-Time Bandwidth Monitor is a free bandwidth monitoring tool. The tool tracks bandwidth usage in real-time and displays graphs on your network’s bandwidth based on bandwidth polling. The tool alerts you when bandwidth usage enters a critical state, letting your enterprise instantly know when your network’s bandwidth is running low. You can define critical bandwidth usage levels yourself so the tool knows exactly when the devices on your network are using too much bandwidth.
Spiceworks Network Monitor
Spiceworks Network Monitor is a free network monitoring program and one of several networking tools that Spiceworks offers. Their monitoring solution offers real-time monitoring capabilities for networks and devices. You can perform ping checks to verify that your network and all connected nodes are currently functional. The tool also supports common network protocols, like HTTP and SIP, or user-defined custom protocols, as well as custom settings for alerts based on sensitivity.
Telerik Fiddler
Telerik Fiddler is a free web monitor and debugging proxy program. The tool is designed specifically for HTTP and HTTPS monitoring, with Fiddler’s web traffic monitoring and data collection capabilities. It can also debug web traffic by ensuring that the proper cookies, headers, and cache directives are being transferred. Fiddler also has a focus on network monitoring by delivering HTTP caching and data compression, in addition to finding performance bottlenecks.
Wireshark
Wireshark is an open source network protocol analyzer that features live network data capture and analysis. The tool executes deep inspections of several different network protocols to determine your network performance on multiple levels. Wireshark also allows users to capture data packets and analyze them even when the network is offline. Data that Wireshark captures can be stored in many universal or shared file formats, allowing other tools to help interpret the data on your network.
Zabbix
Zabbix is an open source monitoring tool suite that includes network monitoring. The network monitoring capabilties of Zabbix includes performance metric analysis, such as bandwidth usage, packet loss, and CPU/memory utilization. It can also detect network node and connection health problems by checking for devices in critical condition. Zabbix can alert you when hardware functions are dropping (fan speed of a network device is low) or when an SNMP check is not responded to.
Looking for a solution to help you improve your network performance? Our Network Monitoring Buyer’s Guide contains profiles on the top network performance monitor vendors, as well as questions you should ask providers and yourself before buying.
Check us out on Twitter for the latest in Network Monitoring news and developments!
Daniel Hein
Latest posts by Daniel Hein (see all)
- The 11 Best Network Management Courses on Coursera to Consider for 2021 - February 25, 2021
- LogicMonitor Acquires Airbrake for Accelerated Performance Monitoring - February 23, 2021
- The Top 11 Network Administration Courses on LinkedIn Learning - February 18, 2021