15 years helping Canadian businesses
choose better software

Vulnerability Scanner Tools

A vulnerability scanner is a tool used to monitor applications, networks and environments for security flaws and vulnerabilities. Vulnerability scanners maintain a database of known vulnerabilities and conduct continuous scans to identify new ones. Vulnerability scanners typically produce reports on specific vulnerabilities, as well as provide prioritized remediation recommendations.

Featured software

Most reviewed software

Explore the most reviewed products by our users on the Vulnerability Scanner Tools

Canada Show local products
Guardz is a managed cybersecurity solution built specifically for MSPs to secure and insure their SME clients against cyber threats. Learn more about Guardz
Guardz is a managed cybersecurity solution built specifically for MSPs to secure and insure their SME clients against evolving cyber threats such as phishing, ransomware, data loss, and user risk with a holistic and multilayered approach. With Guardz in place, SMEs can enjoy the best of both worlds: robust security measures and an optimized insurance package that allows them to operate with confidence in today's increasingly interconnected and cyber-threatened landscape. Learn more about Guardz

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Invicti Enterprise, formerly Netsparker, is a comprehensive automated web vulnerability scanning solution. Learn more about Invicti
Invicti, formerly Netsparker, is an automated vulnerability scanning security testing tool that makes it possible for enterprise organizations to secure thousands of websites and dramatically reduce the risk of attack. By empowering security teams with the most unique DAST + IAST scanning capabilities on the market, Invicti allows organizations with complicated environments to automate their web security with confidence. Learn more about Invicti

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
The AI-Powered Accessibility Widget automatically finds/fixes web accessibility issues 24/7 for continuous ADA and WCAG compliance. Learn more about UserWay Accessibility Widget
UserWay’s digital accessibility solutions help you continuously comply with the ADA and WCAG. Trusted by millions of websites, its AI-Powered Widget automatically fixes accessibility violations 24/7, offers 100+ accessibility tools, and supports 50+ languages to elevate your website performance and brand image. UserWay also provides accessibility scanning, document remediation, attorney-led legal support, commission-based partnerships, managed accessibility, platform integration, and more. Learn more about UserWay Accessibility Widget

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Astra’s cloud-based hacker-style Pentest covers all aspects of pentesting for web apps, mobile apps, APIs, and cloud infrastructure. Learn more about Astra Pentest
Astra Pentest is comprehensive platform featuring an automated vulnerability scanner, manual pentest capabilities, and an all-purpose vulnerability management dashboard that helps you streamline every step of the pentest process, from detection and prioritization of vulnerabilities to collaborative remediation. Our Pentest platform emulates hackers behavior to find critical vulnerabilities in your app. Astra Integrates with GitLab, GitHub, Bitbucket, Slack & Jira to superpower your tech stack. Learn more about Astra Pentest

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Aikido Security scans your source code and cloud for vulnerabilities. Get all your code & cloud security issues in one dashboard. Learn more about Aikido
Aikido Security is a developer-first, all-in-one vulnerability scanner. We scan your source code, containers & cloud to show you which vulnerabilities are important to solve. Our strenght shows in combining differnt scanning capabilities like container Scanning, SAST, IaC, DAST, SCA, CSPM, Secrets Detection, open source license scanning, dependencies scanning, all in one tool. Learn more about Aikido

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
FractalScan Surface scans the Internet to discover your online infrastructure, assets and shadow IT. Learn more about FractalScan Surface
FractalScan Surface scans the Internet to discover your online infrastructure, assets and shadow IT. It checks for misconfigurations, security vulnerabilities and exposed data to create a prioritised set of risks with in-built remediation advice. Quickly find & evaluate your own or 3rd parties online attack surface, and continuously monitor it for changes. FractalScan Surface uses non-aggressive, non-intrusive, passive scanning techniques - perform due-diligence on any business! Learn more about FractalScan Surface

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Advanced vulnerability scanning for identifying and remediating security risks across your IT infrastructure. Learn more about Fidelis Elevate
Fidelis Elevate is the only XDR Solution that delivers endpoint security, Network Security, Deception & active Directory protection in a single platform, making it the powerhouse of a cyber-resilient environment. Fidelis Elevate offers advanced vulnerability scanning capabilities, enabling organizations to identify and remediate security vulnerabilities across their infrastructure. By conducting comprehensive vulnerability assessments and prioritizing remediation efforts based on risk severity, Fidelis Elevate helps organizations reduce their attack surface and strengthen their security posture. With Fidelis Elevate, organizations can proactively identify and address vulnerabilities before they can be exploited by cyber attackers, minimizing the risk of security breaches and data loss. Learn more about Fidelis Elevate

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
A prioritization-driven threat and vulnerability management software for enterprises that offers built-in patching. Learn more about ManageEngine Vulnerability Manager Plus
Vulnerability Manager Plus delivers comprehensive coverage, continual visibility, risk-based assessment, and integral remediation of vulnerabilities and misconfigurations from a central console. It offers extensive features including vulnerability assessment, automated patching, CIS compliance management, security configuration management, high-risk software audit, antivirus audit and active port audit. Vulnerability Manager Plus comes with plenty of reports, dashboards, and endless scalability. Learn more about ManageEngine Vulnerability Manager Plus

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Continuous protection for your evolving IT environment, multiplatform cyber risk management and 24/7 ESET expertise on call. Learn more about ESET PROTECT MDR
ESET's MDR service represents the most densely multilayered and effective cybersecurity approach in the world. The MDR service takes ESET's cutting-edge technology and augments it with hands-on expertise, delivered 24/7/365, ensuring antimalware technology and strategy are perfectly aligned. With full XDR capabilities thanks to ESET Inspect, the XDR-enabling component, this is the optimal approach to securing your enterprise. Learn more about ESET PROTECT MDR

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Nessus Pro, the industry leader in vulnerability assessment, helps you quickly and easily identify and fix vulnerabilities.
Built for security practitioners, by security professionals, Nessus Professional is the de-facto industry standard for vulnerability assessment. Nessus performs point-in-time assessments to help security professionals quickly identify and fix vulnerabilities, including software flaws, missing patches, malware, and misconfigurations. With features such as pre-built policies and templates, group snooze functionality, and real-time updates, it makes vulnerability assessment easy and intuitive. Learn more about Nessus

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Syxsense delivers comprehensive vulnerability scanning, including security configurations.
Syxsense delivers comprehensive vulnerability scanning, including security configurations. Syxsense detects OS and third-party software and security configuration vulnerabilities, such as open ports, disabled firewalls, insecure passwords, and more. With Syxsense, you can safeguard your systems with centralized patch updated and security risk detection and resolution through a single agent. Learn more about Syxsense

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Orca Security is the pioneer of agentless cloud security that spans AWS, Azure, Google Cloud and Kubernetes.
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world's most comprehensive coverage and visibility of risks across AWS, Azure, Google Cloud and Kubernetes. Learn more about Orca Security

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Web application penetration testing tool that helps you to identify vulnerabilities on your website before hackers exploit them.
Automate vulnerability assessment, accelerate remediation and secure your web applications from the latest security vulnerabilities. Security tests can be scheduled on a weekly or monthly basis to have regular vulnerability assessments and keep the website security intact. The DevSecOps CI plugins allow one to automate regular vulnerability assessment in the CI/CD pipeline to get real-time updates of an application's security on Slack, JIRA or Trello right during the development phase. Learn more about Beagle Security

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
All-in-one security solution that scans your website, detects vulnerabilities and offers remediation, in three steps: Find-Fix-Prevent.
Acunetix (by Invicti) is an automated application security testing tool that enables small security teams to tackle huge application security challenges. With fast scanning, comprehensive results, and intelligent automation, Acunetix helps organizations to reduce risk across all types of web applications. With Acunetix, security teams can: - Save time and resources by automating manual security processes - Work more seamlessly with developers, or embrace DevSecOps by integrating directly in Learn more about Acunetix

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Monitors the vulnerability management process, tracks remediation and ensures policy compliance.
Security Risk and Compliance Management - On Time, On Budget, On Demand -- Qualys is the first company to deliver an on demand solution for security risk and compliance management. Qualys monitors your company's vulnerability management process, tracks remediation and ensures policy compliance. QualysGuard is also the widest deployed security on demand platform in the world, performing over 150 million IP audits per year - with no software to install and maintain. Learn more about Qualys Cloud Platform

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
The first Click&Play Cyber Security platform. CyLock finds out if your systems are hacker safe in one click!
CyLock Anti-Hacker is a software designed to defend your systems from hacker attacks, identifying weaknesses on your systems and websites, providing information to address vulnerabilities (those used by cyber criminal to access to your computers). Learn more about CyLock Anti-Hacker

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface.
KACE® by Quest supports your unified endpoint management (UEM) strategy by helping you discover and track every device in your environment, automate administrative tasks, keep compliance requirements up-to-date and secure your network from a range of cyberthreats. Discover, manage and secure all your endpoints from one console as you co-manage your traditional and modern endpoints, including Windows, Mac, Linux, ChromeOS, and iOS and Android devices. Learn more about KACE

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
AppTrana monitors web traffic and blocks malicious attacks. It is combined with DDoS, API risk, and Bot mitigation solutions.
Indusface’s AppTrana is a fully managed web application firewall that ensures risk-based protection with its DDoS, API risk, and Bot mitigation services while assuring web acceleration with secure CDN. Combining automated scanning with manual pen-testing, it detects application vulnerabilities. All of this with 24x7 expert support to meet zero false-positive guarantees. Indusface is the only vendor to be named Customers’ Choice for WAAP in all the 7 segments of the Gartner VoC 2022 Report. Learn more about AppTrana

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Hackrate is a bug bounty platform that helps companies reduce cybersecurity risks by using the power of the global hacker community.
Hackrate Bug Bounty platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company. A bug bounty is about using the power of crowdsourced security to secure your business. During a bug bounty program, a company offers rewards to ethical hackers for reporting vulnerabilities. Learn more about Hackrate

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Our Active Directory Audit Tool is free and runs on Windows Server 2008 & later. The audit results are provided in a clickable report.
FREE tool that scans your Active Directory, and detects security-related weaknesses, specifically related to password policies. Collect and display interactive reports containing user and password policy information. This includes checking user account passwords against a list of vulnerable passwords obtained from leaks and ones observed in real attacks. The audit can also help you identify which accounts may be violating your security policy by using the same password across multiple accounts. Learn more about Specops Password Auditor

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Reduce the time required to manage critical changes and repetitive tasks across complex, multi-vendor networks.
SolarWinds Network Configuration Manager (NCM) delivers powerful network configuration and compliance management. Automate config backups, so you can quickly roll back a blown configuration or provision a replacement device. Continuously audit configs and get alerted if a device is out of compliance, then remediate vulnerabilities rapidly through bulk config deployment. Prevent unauthorized network changes through change delegation, monitoring, and alerting. Learn more about SolarWinds Network Configuration Manager

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Security management platform offering fully integrated security controls for threat detection and compliance management.
USM Anywhere delivers a unified, simple and affordable solution for threat detection and compliance. Powered by the latest AlienVault Labs Threat Intelligence and the Open Threat Exchange the largest crowd-sourced threat intelligence exchange, USM enables mid-size organizations to defend against modern threats. Learn more about USM Anywhere

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Probely is a DAST scanner designed to empower Security and DevOps teams working together to reduce the security risk of web apps & APIs
Probely is the premier cloud-based automated application security testing solution designed to empower Security and DevOps teams working efficiently together on a DevSecOps approach built to reduce risk across web applications and RESTful APIs. With over 30 000 vulnerabilities detection capabilities, including SQLi, XSS, Log4j, OS Command Injection, and SSL/TLS issues, Probely reports vulnerabilities that matter, is false-positive free, and includes detailed instructions on fixing them. Learn more about Probely

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
Cyber Chief is a vulnerability scanner & issue management tool that helps you ship software with zero security known vulnerabilities
Cyber Chief gives software teams the power to find and fix thousands of vulnerabilities in their web applications and cloud infrastructure. With its one-click vulnerability scanning and smart vulnerability management features, Cyber Chief will help your software team secure their applications and infrastructure, even if there is zero application security qualifications or experience on your team. Cyber Chief is cloud-based and has military-grade security controls so that your security secret Learn more about Cyber Chief

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API
The Unified Data Platform combines complete IT visibility as well as data enrichment and transformation in one central solution.
IT landscapes are subject to constant change, making it increasingly difficult for companies to maintain transparency. The multitude of hardware and software applications as well as geographically distributed branches ensure that a holistic overview of the IT landscape (internal, hosted and cloud) can‘t be guaranteed. The Unified Data Platform powered by RayVentory collects all relevant data for you and prepares them in a meaningful and targeted way: The central point for all data. Learn more about RayVentory

Features

  • Alerts/Notifications
  • Website Crawling
  • Vulnerability/Threat Prioritization
  • API