Vulnerability Scan tool for windows

lnrivera used Ask the Experts™

I'm looking for a vulnerability scan tool to check webpages and servers.

I see that nessus now is not free,  please somebody could send me any suggestion (free or cheaper) scan tools that runs in a windows client?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Have you tried the Microsoft Baseline Security Analyzer? 


We need to scan web servers of any kind of OS.

The windows requirements is only to install the tool



In any case, If is there a really good tool that only runs in linux, of course, I can use it too

Paolo SantiangeliConsulente Informatico



As I said in my first message, I think that nessus are a bit expensive for a little company, is there any special license cheaper? How much you pay for starter license?
Commercial Tools:
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN

Software-as-a-Service Providers:
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG

Free / Open Source Tools:
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan

I use Backtrack, Nikto, Nessus, Paros, ike, SARA,  skipfish, opensource packages and appscan IBM. I do most of  the scan from a Linux client machine. Appscan is a good one but its expensive. Read
btanExec Consultant
Distinguished Expert 2018
OpenVAS -
Its public feed of Network Vulnerability Tests (NVTS) is something useful to keep up to date (to the OpenVAS server used to scan your targets). Also see this link for quick info as well


It can also extract or activate Nikto (Open Source (GPL) web server scanner) scans through plugin module - check out the document


Some other good information include

a) Web Application Security Scanner Evaluation Criteria (WASSEC) - covers areas such as crawling, parsing, session handling, testing, and reporting -

b) OWASP Prevention Cheat Sheet  -

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial