AlternativeTo Logo

Open Source Nessus Alternatives

The best open source alternative to Nessus is Metasploit. It's not free, so if you're looking for a free alternative, you could try OpenVAS or Tsunami. If that doesn't suit you, our users have ranked more than 25 alternatives to Nessus and ten of them is open source so hopefully you can find a suitable replacement. Other interesting open source alternatives to Nessus are OpenSCAP, skipfish, nuclei and BabySploit.

Nessus alternatives are mainly Vulnerability Scanners but may also be Cloud Computing Services or WAFs. Filter by these if you want a narrower list of alternatives or looking for a specific functionality of Nessus.
This page was last updated
Nessus iconNessus
  27
  • Mac
  • Windows
  • Linux
  • Android
  • iPhone

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration...

Learn more about Nessus

  1. Metasploit icon

    Metasploit

    • Free PersonalOpen Source
    • Windows
    • Linux
    • BSD

    Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners such as Nexpose - for free.

    Screenshot
    Most users think Metasploit is a great alternative to Nessus.
  2. OpenVAS icon

    OpenVAS

    • FreeOpen Source
    • Linux

    The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

    Screenshot
    Most users think OpenVAS is a great alternative to Nessus.


  3. Tsunami

    • FreeOpen Source
    • Self-Hosted

    Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

    No screenshots yet
  4. OpenSCAP icon

    OpenSCAP

    • FreeOpen Source
    • Linux

    SCAP is a line of standards managed by NIST.

    No screenshots yet
  5. skipfish icon

    skipfish

    • FreeOpen Source
    • Mac
    • Windows
    • Linux
    • BSD

    A fully automated, active web application security reconnaissance tool. Key features: High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.

    Discontinued

    Skipfish is no longer maintained. Last version, 2.10 beta, released in December 2012, can be still downloaded from Google Code Archive

    at work, during scanning


  6. nuclei icon

    nuclei

    • FreeOpen Source
    • Windows
    • Mac
    • Linux

    Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc.

    How it works
  7. BabySploit icon

    BabySploit

    • FreeOpen Source
    • Self-Hosted
    • Python

    BabySploit is a penetration testing toolkit aimed at making it easy to learn how to use bigger, more complicated frameworks like Metasploit.

    Screenshot
  8. Strobes icon

    Strobes

    • FreemiumOpen Source
    • Software as a Service (SaaS)

    Strobes is a one-stop-shop solution for all security stakeholders to ensure that their enterprise is well guarded against security issues and cyber attacks.

    Screenshot
  9. kube-hunter icon

    kube-hunter

    • FreeOpen Source
    • Linux

    kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster that you don't own!

    Screenshot
  10. WoTT icon

    WoTT

    • FreemiumOpen Source
    • Linux
    • Online
    • Software as a Service (SaaS)

    Improve your authentication security for your linux servers with mutual TLS (mTLS). WoTT automatically rotates private keys with our public key infrastructure (PKI) and lets you seamlessly and easily manage certificates at scale.

    Screenshot
Showing 10 of 10 alternatives