The industry-standard network mapper. Discovers open TCP and UDP ports, identifies running services and versions, and detects operating systems. Best for initial reconnaissance and attack surface mapping.

Fast SSL/TLS configuration analyser. Checks certificate validity, expiry dates, cipher suite strength, and protocol support. Catches common misconfigurations like expired certs or weak protocols.

Template-based vulnerability scanner from ProjectDiscovery. Uses a community-maintained library of thousands of detection templates covering CVEs, misconfigurations, default credentials, and exposed panels.

Comprehensive web application security scanner. Spiders your application, then performs active testing for the OWASP Top 10 including XSS, SQL injection, CSRF, and more. Supports authenticated scanning.

Full-featured network vulnerability scanner with a database of over 100,000 vulnerability tests. Performs deep, authenticated scanning of network infrastructure for known CVEs and misconfigurations.

Specialised WordPress vulnerability scanner. Detects vulnerabilities in WordPress core, plugins, and themes using the WPScan vulnerability database. Enumerates users, plugins, and themes.