Though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself.\nVulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. Some can even automate the patching process.\nThough vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities or limit how many hosts can be scanned but there are also those that offer broad IT security scanning.\n\n Nessus Essentials\n\nNessus Essentials, formerly Nessus Home, from Tenable allows you to scan up to 16 IP addresses at a time. The company offers a 7-day free trial of its profession edition, which can perform unlimited IP scanning and also adds compliance checks or content audits, live results, and the ability to use the Nessus virtual appliance.\nNessus Essentials installs on Windows, macOS, and a variety of Linux\/Unix distributions. On the web GUI, you can easily see which scanning types are included--host discovery plus vulnerability scans. You\u2019ll also see, listed but inaccessible, scan types that are available in the profession edition: vulnerability scanning for mobile devices and compliance scanning.\nWith the free edition you can schedule one auto scan, but that\u2019s not a restriction with the professional edition. You can also configure email notifications, discovery settings, assessment and report preferences, and some advanced settings. You can also review plugins and the vulnerabilities or exploits they are looking for related to the scan. After a scan runs you can access an overview of what it found on each host and dig down to details about vulnerabilities and possible remediations.\nYou can also utilize Policies to create custom templates defining what actions are performed during a scan. Plus, you can utilize Plugin Rules to hide or change the severity of desired plugins.\nOverall, Nessus Essentials is solid and easy to use, but because it is limited to scanning up to 16 IP addresses at a time, its usefulness in larger organizations is questionable.\n\n Nexpose Community Edition\n\nNexpose Community Edition\u00a0from Rapid7 can scan networks, operating systems, web applications, databases, and virtual environments. It\u2019s good for a year, after which you have to apply for a new license. The company also offers a 30-day free trial of its commercial editions.\nNexpose installs on Windows, Linux, or virtual machines and provides a web-based GUI. Through its web portal you can create sites to define the IPs or URLs you\u2019d like to scan, select the scanning preferences, scanning schedule, and provide any necessary credentials for scanned assets.\nOnce a site is scanned, you\u2019ll see a list of assets and vulnerabilities. It shows asset details including OS and software information and details on vulnerabilities and how to fix them. You can optionally set policies to define and track your desired compliance standards. You can also generate and export reports on a variety of aspects.\nNexpose Community Edition is a solid full-featured vulnerability scanner that\u2019s easy to setup.\n\n OpenVAS\n\nThe\u00a0Open Vulnerability Assessment System (OpenVAS)\u00a0is a Linux-based network security scanner platform, with most components licensed under the GNU General Public License (GNU GPL). They name the totally free offering the Greenbone Source Edition (GSE), and their commercial offering the Greenbone Security Manager (GSM), which comes with a free 14-day trial.\nThe main component of OpenVAS is the security scanner, which can only run in Linux, but it can be run on a virtual machine inside Windows as well. It does the actual work of scanning and receives a daily update of network vulnerability tests, of which there are more than 85,000. There are slight differences in the scanner features, but there\u2019s more of a difference between the feeds offered for each edition.\nOpenVAS Manager controls the scanner and provides the intelligence. The OpenVAS Administrator provides a command-line interface and can act as full-service daemon, providing user management and feed management.\nThere are a couple clients to serve as the GUI or CLI. The Greenbone Security Assistant (GSA) offers a web-based GUI. The Greenbone Security Desktop (GSD) is a Qt-based desktop client that runs on various OSs, including Linux and Windows. And the OpenVAS CLI offers a command-line interface.\nOpenVAS isn\u2019t the easiest and quickest scanner to install and use, but it\u2019s one of the most feature-rich and broad IT security scanners that you can find for free. It scans for thousands of vulnerabilities, supports concurrent scan tasks, and scheduled scans. It also offers note and false positive management of the scan results. However, it does require Linux at least for the main component.\n\n Qualys Community Edition\n\nQualys Community Edition\u00a0allows you to monitor up to 16 assets with Qualys Cloud Agent, scan up to 16 internal and three external IPs with Vulnerability Management, and scan a single URL with Web Application Scanning. You initially access it via its web portal and then download its virtual machine software if running scans on your internal network. Qualys also offers a 30-day free trial of its commercial edition.\nQualys supports a variety of scan types: TCP\/UDP ports, password brute forcing, and vulnerability detection for hidden malware, missing patches, SSL issues, and other network-related vulnerabilities. You can also provide authentication details so it can log into hosts to extend the detection capabilities.\u00a0\nThe web GUI provides a step-by-step list of how to perform a scan. This includes entering the IP addresses to scan, downloading a virtual scanner or setting up a physical scanner if scanning the local network, and then configuring the scan settings. Once a scan is complete you can view many different types of reports, such as such as an overall scorecard, patches, high severity, Payment Card Industry (PCI), and executive reports.\n\u00a0\nSince Qualys limits scanning to 16 assets and IPs, it\u2019s not something a larger organization will find very useful. For those, consider using another solution for day-to-day use and periodically run Qualys for smaller networks or segments.\n\n ManageEngine Vulnerability Manager \n\nManageEngine Vulnerability Manager provides a free edition that\u2019s fully functional for scanning up to 25 Windows or macOS computers. Unlike most of the other scanners listed here, this one is designed mostly for computer scanning and monitoring, although there is some scanning offered for web servers. They also offer a 30-day free trial of their paid editions, plus another product (Desktop Central) that gives you even more general computer monitoring that can integrate with this vulnerability scanner.\nThe server portion of the ManageEngine Vulnerability Manager is only installable on Windows machines, but the web GUI can be accessed elsewhere. Unlike the other scanners, this one requires you to add endpoint agent software to the systems you want to scan, and it\u2019s available for Windows, macOS, and Linux systems.\nOnce you setup the endpoint agents, you\u2019ll start to see detected items categorized by software and zero-day vulnerabilities, system and server misconfigurations, high risk software, and port audits. Plenty of explanation is given for each item and possible remedies for issue. You can also manage and push patches, as well as view basic computer specs and stats, such as the installed OS, IP address, and last reboot times.\nThe ManageEngine Vulnerability Manager proved to be a good long-term vulnerability monitoring solution at least for computer systems. Due to having to install the software agents, it\u2019s likely not a good fit if you want to perform a one-off scan.\nIn addition to the free version, ManageEngine also offers a 30-day free trial of their paid editions, plus another product (Desktop Central) that provides even more general computer monitoring that can integrate with its vulnerability scanner.\nEric Geier\u00a0is a freelance tech writer. He\u2019s also the founder of\u00a0NoWiresSecurity\u00a0providing a cloud-based Wi-Fi security service, Wi-Fi Surveyors\u00a0providing RF site surveying, and On Spot Techs providing general IT services.