Scanners

Three scanners. One hosted workflow.

VulnScanners runs Nmap, Nuclei, and OWASP ZAP on our infrastructure so you can pick the right tool for the target and get a PDF report per scan — no install, no maintenance, credits never expire.

Start scanning →See pricing

Nmap

Network

Port and service inventory

TCP / UDP port scanning, service and version detection, OS fingerprinting, and the Nmap Scripting Engine — the foundation of any external assessment.

TCP & UDP scanning
Version detection
NSE scripts

Learn more about hosted Nmap →

Nuclei

CVE

Template-based CVE detection

Thousands of community-contributed YAML templates covering CVEs, misconfigurations, default credentials, and exposures across HTTP, DNS, TCP, SSL, and more.

CVE detection
Multi-protocol
Low false-positives

Learn more about hosted Nuclei →

OWASP ZAP

Web

Dynamic web app scanning

The open-source DAST tool — active and passive scan rules, traditional and AJAX spider, authentication support, and anti-CSRF token handling.

Active + passive scan
AJAX spider
Auth support

Learn more about hosted OWASP ZAP →

How they work together

Run them in order. Each builds on the last.

Nmap — map the surface. Ports, services, versions.
Nuclei — sweep the discovered services for known CVEs, misconfigurations, and exposures.
OWASP ZAP — go deep on the web applications, including authenticated surfaces.

More on this layering in our Nmap vs Nuclei vs ZAP guide.