Home Pentest-Tools.com Logo
Infrastructure Testing

Network Vulnerability Scanner

Discover outdated network services, missing security patches, misconfigured servers, and many more critical vulnerabilities.

Our scanner lets you run in-depth scans with proprietary detection to find Log4Shell, OMIGOD, ProxyShell and thousands more critical CVEs and security issues.

Paid plans give you access to its full capabilities, plus other 20+ security testing tools and features.

Scan type
  • Light scan

Network Vulnerability Scanner

About this Network Vulnerability Scanner

Most used tool in 2021

Initially built with OpenVAS, and now featuring proprietary technology, the Network Vulnerability Scanner is our solution for assessing the network perimeter and for evaluating the external security posture of a company.

In its Full version, the scanner uses proprietary vulnerability detection modules (like Sniper: Auto Exploiter) that we added to the main scanning engine based on OpenVAS – the most advanced open-source network security scanner.

You can access all these vulnerability scanning capabilities through a simplified and easy-to-use interface which allows you to start scanning right now .

The Full Scan (paid) version runs in-depth network vulnerability scans using more than 57.000 OpenVAS plugins and custom modules for critical CVEs developed by our security research team.

Want to see the full specifications?

The Light Scan version is a free vulnerability scanner tool optimized for speed. It detects CVEs that affect the network services of a target system, based on their version (e.g. Apache 2.4.10). The scanner starts by detecting open ports and services and continues by querying a database for known vulnerabilities which may affect specific software versions.

Start a Free Light Scan to see a sample output and see how it could improve your vulnerability assessment process.


Sample Network Vulnerability Scanner report

Here is a sample report from our Network Vulnerability Scanner that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Vulnerability summary at a glance

    The report includes a summary of the vulnerabilities found in your network, plus their risk rating and CVSS score.

  • Actionable remediation advice

    Each report provides recommendations and insights on how to apply mitigation steps to the detected security flaws.

  • Sorted by risk rating

    Vulnerabilities are sorted by their risk rating, starting from the highest risk identified. This saves you manual work and time, freeing you up for other tasks.

  • Advanced pentest reporting options available

    Paid plans give you access to our pentest report generator tool which produces customizable .DOCX reports that you can automatically generate with ready-to-use or custom templates.

Network Vulnerability Scanner with OpenVAS Report Sample

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com offers faster pentest reporting and better vulnerability discovery.

Use cases

How security pros use the Network Vulnerability Scanner

This powerful Network Vulnerability Scanner helps you detect a wide range of security issues and misconfigurations in network services, operating systems, and web servers. This makes it one of the strongest tools in any pentester’s arsenal.

  • Infrastructure Penetration Testing

    The Network Vulnerability Scanner gives you a full picture of the 'low hanging fruit' in your engagement, so you can concentrate on more advanced tests. Having it online and preconfigured makes it very easy to use and saves you invaluable time and effort.

  • Internal Network Scanning

    Test internal networks as if you were on-premises without time-consuming scripts and configurations. This pentesting tool allows you to scan internal networks through a ready-to-use VPN and start your work in minutes.

  • Critical CVE Scanner

    Find high-risk vulnerabilities such as Log4Shell, ProxyShell, ProxyLogon, and many others. Our security researchers integrate detection for widespread CVEs under active attack as fast as 48h. We keep adding custom modules that cover vulnerabilities both in the MITRE CVE program and in CISA’s Known Exploited Vulnerabilities catalog .

  • Compliance Security Assessment

    The Network Vulnerability Scanner is also a reliable tool for running vulnerability assessments necessary to comply with standards such as PCI DSS, SOC II, HIPAA, GDPR, ISO, the NIS Directive, and others. It makes auditing a much more effective task and supports security teams in maintaining compliance.

  • Security Self-Assessment

    If you need a thorough infrastructure test, this is the right tool to use. From weak passwords to missing security patches and misconfigured web servers, you can easily detect vulnerabilities that security threats can exploit with our full network vulnerability assessment tool.

  • Third-Party Infrastructure Audit

    If you are an IT services or IT security company, you can use the resulting report to prove to clients that you implemented proper security measures in the infrastructure you are managing. This report includes the full list of network vulnerability tests the tool runs along with pre-filled remediation advice.

Try a free scan now!

The Network Vulnerability Scanner dialog in the logged in area of Pentest-Tools.com

A superb toolbox, not the usual easy online toy

There is a tool for everything, starting from the analysis of the attack surface, to network scanning, and in-depth scans of web application security.

There are dozen different scanning solutions, they cover all the possible network architectures, technology and scheduling to produce professional reports.

Network Vulnerability Scanner

Technical details

What is a Network Vulnerability Scanner?

The network perimeter of a company is the "wall" that secures internal network assets from the outside world. Connecting from outside means accessing internal assets (e.g. a company's website). This way, the network perimeter exposes important network services such as FTP, VPN, DNS, HTTP, and more.

A Network Vulnerability Scanner maps all the services exposed on the network perimeter and checks for potential vulnerabilities.

What makes our Network Vulnerability Scanner different

By default, every scan begins with the host discovery phase, which employs the check alive (if enabled) and port discovery features. At Pentest-Tools.com, we run the check alive mechanism by using a customized version of Nmap's host discovery functionality which sends different types of packets called probes.

If the target is found alive, the port discovery phase scans for open ports and relevant information about them, such as running services, and continues the scan based on the results and on the type of scan you selected.

The Light Scan version – optimized for speed

The free Light version of our Network Vulnerability Scanner performs a very fast network security scan with minimal interaction with the target system.

Based on the results the discovery phase returned, our Network Vulnerability Scanner interrogates a database with known vulnerabilities to check if the specific versions of the services are affected by any cybersecurity issues. Although this detection method is faster, it can return false positives as it relies only on the version reported by the services (which may be inaccurate).

The Full Scan version – proprietary detection combined with OpenVAS

The Full version of the Network Vulnerability Scanner uses a mix of custom Sniper modules for detecting high risk vulnerabilities and the well-known OpenVAS (the most advanced open source vulnerability scanner) as a scanning engine.

It actively detects thousands of vulnerabilities in network services such as SMTP, DNS, VPN, SSH, RDP, VNC, HTTP, and many more. OpenVAS does vulnerability detection by connecting to each network service and sending crafted packets to make them respond in certain ways. Depending on the response, the scanner reports the service as vulnerable or not.

We have pre-configured and fine-tuned OpenVAS on our servers and have also added a very simple interface on top of its complex functionalities. The engine is running in a distributed environment and it can perform multiple parallel scans.

Other options in our cloud platform that boost this tool’s capabilities to detect security vulnerabilities include:

Sniper detection modules built into our Network Vulnerability Scanner

Sniper modules are custom vulnerability checks developed by our research team. They sit on top of the standard OpenVAS scan to provide quick and accurate detection for most critical vulnerabilities in high-profile software.

Software type
Vuln date
CVSSv3 score
Collaboration Software Atlassian Questions for Confluence Jul 2022 - 7.3
Web Framework Django Project Django Jul 2022 - 9.8
Framework VMware Spring Jun 2022 - 9.8
Collaboration Software Atlassian Confluence Jun 2022 - 9.8
Firewall ZyXEL Networks ZyXEL Firewall May 2022 - 9.8
Virtualization VMware Workspace One May 2022 - 9.8
VPN Gateway F5 BIG IP May 2022 - 9.8
Email Server Synacor Zimbra Collaboration Software Apr 2022 - 9.8
Project management Atlassian Jira Apr 2022 - 9.8
API Management WSO2 Platform Apr 2022 - 9.8
Web Framework Apache Struts Apr 2022 S2-062 9.8
Web framework Pivotal Software Spring Framework Mar 2022 - 9.8
Open source CMS DotCMS DotCMS Mar 2022 - 9.8
Library Pivotal Software Spring Cloud Gateway Mar 2022 - 10
Library Pivotal Software Spring Cloud Function Mar 2022 - 9.8
Data store Redis Redis Feb 2022 - 10
eCommerce Adobe Magento Feb 2022 - 9.8
Hypervisor ManageEngine ADSelfService Plus Feb 2022 - 6.1
Monitoring solution Zabbix Zabbix Jan 2022 - 9.8
Web Server Oracle WebLogic Jan 2022 - 7.5
Logging library Apache Log4j Dec 2021 Log4Shell 9
Hypervisor ManageEngine Desktop Central Dec 2021 - 9.8
Web Server Apache Tomcat Dec 2021 Log4Shell 10
Logging library Apache Log4j Dec 2021 Log4Shell 10
Enterprise Search Platform Apache Solr Dec 2021 Log4Shell 10
Enterprise mobility management MobileIron Core Server Dec 2021 Log4Shell 10
Data Stream Apache Flink Dec 2021 Log4Shell 10
Virtualization VMware vCenter Server Dec 2021 Log4Shell 10
Database Apache Druid Dec 2021 Log4Shell 10
Database Elastic Elasticsearch Dec 2021 Log4Shell 10
Web Framework Apache Struts Dec 2021 Log4Shell 10
Hypervisor ManageEngine ServiceDesk, SupportCenter Nov 2021 - 9.8
Monitoring solution Grafana Labs Nov 2021 - 7.5
Web Server Apache Server Oct 2021 - 7.5
Web Server Apache Server Oct 2021 - 7.5
Web Server Apache Server Oct 2021 - 9.8
Web Server Apache Server Oct 2021 - 9.8
Web Server Apache Server Sep 2021 - 9
Azure Cloud Microsoft Open Management Interface (OMI) Sep 2021 OMIGOD 9.8
Virtualization VMWare vCenter Server Sep 2021 - 9.8
Password Management ManageEngine ADSelfService Plus Sep 2021 - 9.8
Email Server Microsoft Exchange Server Sep 2021 - 6.5
Project management Atlassian Jira Aug 2021 - 7.5
Project management Atlassian Jira Aug 2021 - 5.3
Collaboration Software Atlassian Confluence Aug 2021 - 5.3
Email Server Microsoft Exchange Server Aug 2021 ProxyShell 9.8
Collaboration Software Atlassian Confluence Aug 2021 - 9.8
Monitoring System VisualTools DVR Jul 2021 - 9.8
Email Server Microsoft Exchange Server May 2021 ProxyOracle 8.8
Virtualization VMware vCenter Server May 2021 - 9.8
Virtualization VMware Workspace One Apr 2021 - 9.8
Email Server Microsoft Exchange Server Apr 2021 ProxyNotFound 9.8
Collaboration Software GitLab Server Apr 2021 - 10
VPN Gateway F5 BIG IP Mar 2021 - 9.8
Email Server Microsoft Exchange Server Mar 2021 ProxyLogon 9.8
Email Server Microsoft Exchange Server Mar 2021 ProxyLogon Backdoor Webshells 9.8
Wordpress Plugin Webnus Modern Events Calendar Lite Server Mar 2021 - 7.5
Cloud Management VMWare vRealize Operations Manager Server Mar 2021 - 7.5
Planning System Apache OFBiz Mar 2021 - 9.8
Project management Atlassian Jira Feb 2021 - 5.3
Content Management System Emlog Emlog Feb 2021 - 7.5
Web Server Sebastian Hildebrandt System Information Library for Node.JS Feb 2021 - 4.6
Virtualization VMware vCenter Server Feb 2021 - 9.8
Web Server Node Red Jan 2021 - 7.5
Web Framework Laravel Laravel Jan 2021 - 9.8
Web Framework Apache Struts Dec 2020 - 9.8
VPN Gateway Cisco Adaptive Security Appliance (ASA) Oct 2020 - 6.1
Web Server Oracle Weblogic Oct 2020 - 9.8
Web Server Oracle Weblogic Oct 2020 - 7.2
Project management Atlassian Jira Oct 2020 - 9.8
Networking product Netgear Router Oct 2020 - 6.5
Monitoring System Micro Focus Operations Bridge Manager Oct 2020 - 8.8
Project management Atlassian Jira Sep 2020 - 5.3
Firewall Sophos SG UTM Sep 2020 - 9.8
Web Server Apache Server Aug 2020 - 7.5
Web Framework Apache Struts Aug 2020 - 9.8
Firewall Citrix ADC/Gateway Jul 2020 - 6.5
Firewall Citrix ADC/Gateway Jul 2020 - 6.5
VPN Gateway Cisco ASA Jul 2020 - 9.1
VPN Gateway Cisco ASA Jul 2020 - 7.5
VPN Gateway F5 BIG IP Jun 2020 - 9.8
Web Server Apache Tomcat Feb 2020 Ghostcat 9.8
Logging library Apache Log4j Dec 2019 - 9.8
Firewall Citrix ADC Dec 2019 - 9.8
Email service Exim Exim Jul 2019 - 9.8
Web Framework Atlassian Crowd Jun 2019 - 9.8
Operating System Microsoft Windows May 2019 BlueKeep 9.8
VPN Gateway Fortinet FortiGateway SSL VPN May 2019 - 9.8
VPN Gateway Pulse Connect Secure May 2019 - 10
Data visualization Elastic Kibana Mar 2019 - 10
Collaboration Software Microsoft Sharepoint Mar 2019 - 9.8
Content Management System Drupal Community Drupal Core Feb 2019 - 8.1
Web Server Apache Tomcat Oct 2018 - 4.3
Web Server Adobe Coldfusion Sep 2018 - 9.8
Web Framework Apache Struts Aug 2018 - 8.1
Web Server Oracle Weblogic Jul 2018 - 9.8
CMS Drupal Drupal Mar 2018 Drupalgeddon2 9.8
Web Server Apache Tomcat Oct 2017 - 8.1
Web Framework Apache Struts Sep 2017 - 9.8
Web Framework Apache Struts Jul 2017 S2-048 9.8
Operating System Microsoft Windows Mar 2017 EternalBlue 8.1
Utility GNU Project Bash Sep 2014 Shellshock 9.8

OpenVAS scanning capabilities

OpenVAS is a fork of the old Nessus scanner, created in 2005 when Nessus became a commercial product. OpenVAS is currently developed and maintained by Greenbone Networks with support from the community.

OpenVAS implements each test in a plugin called NVT (Network Vulnerability Test). It has more than 57000 active plugins to detect a large number of vulnerabilities for many services and applications.

For example, here is how a simple NVT looks like. It's called fortigate_detect.nasl and shows if the target device is a Fortigate Firewall:

Sniper modules detection capacity

We started to develop custom detection modules in-house because OpenVAS plugins have limited coverage for vulnerabilities in commercial software. So our detection covers weaknesses in software developed by Microsoft, VMware, Oracle, F5, Cisco, MobileIron, and many more.

Sniper detection modules work by sending crafted data to the target system in order to trigger abnormal behavior. We qualify the system as vulnerable only after obtaining solid proof for it (e.g. after having extracted minimal data such as the current username, a system file, etc). A benefit to this method is that Sniper modules have a very low false positive rate.

Since OpenVAS plugins are mostly focused on open-source software, they do not overlap nor conflict with our proprietary Sniper modules. On the contrary, you can amplify the Network Vulnerability Scanner’s functionality with Sniper Auto-Exploiter: you can further exploit each detected vulnerability automatically by clicking the “Exploit with Sniper” button in the Findings section.

Open ports detection efficiency

Through our Network Vulnerability Scanner, we've configured a custom discovery phase to scan for a default list of ports, including the most common 6000 ports (TCP and UDP). However, keep in mind that, by default, the scanner first attempts to detect if the host is alive before doing the port scan.

If the host is not alive (e.g. does not respond to our probing methods), you will get a finding containing the “Host is down” message and the scan will finish. However, if the target is alive, the scanner will further search for open ports and their associated services.

Note: If the scanner does not find any open ports even though you know there are some and the host is alive, we recommend you expand the port range and re-run the scan.

Scanning parameters for paying customers

When you choose a paid plan and log into your Pentest-Tools.com account, you can select and combine the following network scanning parameters:

  • Target: Option to scan a single IP address or a hostname (ex. webmail.mydomain.com).
  • Scan type - Light: Uses a custom-built vulnerability scanning engine which is very fast since it uses service versions to detect vulnerabilities.
  • Scan type - Full: Combines Sniper detection modules and OpenVAS for in-depth network scanning.
  • Scan type - Sniper: Uses only Sniper detection modules to identify critical vulnerabilities in widely used software.
  • Ports to scan - Common: Scans only OpenVAS default ports or the top 10, 100, 1000, or 5000 most common ports. When you choose this, OpenVAS default is the default scan option.
  • Ports to scan - Range: Allows you to specify a range of ports to be scanned. Valid ports are between 1 and 65535.
  • Ports to scan - List: Enables you to specify a comma-separated list of ports to be scanned.
  • Protocol type - TCP: Tells our Network Vulnerability Scanner to only scan TCP ports.
  • Protocol type - UDP: Instructs our engine to scan only UDP ports.
  • Check alive: Enables the check alive mechanism before searching for any open ports during the discovery phase.

What to do after running the Network Vulnerability Scanner

Besides the Network Vulnerability Scanner, you have a full arsenal of vulnerability scanning tools on Pentest-Tools.com to carry out a thorough and effective network vulnerability assessment. You can use the dedicated SSL/TLS Scanner to discover specific SSL and TLS configuration issues or use the TCP Port scan tool and the UDP Port scanner to meticulously map your Attack Surface.

To save even more precious time, try out our ready-to-use scan templates which group multiple tools in one bundle, so you can launch them all at once. Scan templates are also customizable, or you can build your own and reuse them to fine-tune engagements and do your best work.

With your network vulnerability assessment report, you can start digging deeper and pursue the most interesting findings in it while also getting inspiration for lateral movement and ways to abuse business logic in your pentest engagements.

Tools to use after running the Network Vulnerability Scanner

Why I have chosen Pentest-Tools.com!

The Pentest-Tools platform, by far, was the best that I found. Not only for the quality of the built-in tools, but also for the high quality of the technical team behind the platform. Being supported by a quality team is crucial for the professional involved in Pentesting to be successful.


Latest Network Vulnerability Scanner updates

  • Detection for CVE-2022-34265 (SQLi in Django)

    Network Scanner can now detect if a Django application is vulnerable to SQL Injection (CVE-2022-34265).

  • Detection for CVE-2020-9490 (DoS in Apache)

    Network Scanner can now detect if an Apache HTTP Server is vulnerable to Cache-Digest Denial of Service Attack (CVE-2020-9490).

  • Detection for CVE-2020-14179 (Information Disclosure in Jira)

    Network Scanner can now detect if a Jira server is vulnerable to Information Disclosure (CVE-2020-14179).

  • Detection for CVE-2021-3293 (Path Disclosure in Emlog)

    Network Scanner can now detect if an Emlog instance is vulnerable to Path Disclosure (CVE-2021-3293).

  • Detection for CVE-2018-11784 (Open Redirect in Apache Tomcat)

    Network Scanner can now detect if an Apache Tomcat Server is vulnerable to Open Redirect (CVE-2018-11784).

  • Detection for CVE-2020-3580 (XSS in Cisco ASA and Cisco FTD)

    Network Scanner can now detect if the web interfaces of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) are vulnerable to Cross-Site Scripting (CVE-2020-3580).


Common questions about the Network Vulnerability Scanner

If you need a place to start with this tool, we have a quick and straightforward guide with practical scenarios to help you max out the tools and features on Pentest-Tools.com.

This guide will help you get started with your network vulnerability assessment in a few simple steps.