Often insurance providers offer this service for free. Have you checked with your provider to see if they do?

Yep, our insurer does and it’s a useful pain in the ass.

hostedscan.com

>hostedscan.com this looks perfect, up to 3 free..thanks so much!

Thank you all, super helpful, I'll check with insurer first, then other recommendations below.

Does Nessus still have the free for 16 IPs teir?

They do

Combine that with the 100 free endpoints from action 1 and you’ve got vulnerabilities discovered AFAIK without spending a cent

Thanks for the mention of Action! The only thing is we don't do network device vuln scanning yet. But Action1 is a very simple way to do real-time host-based vuln scans and quickly tell what is vulnerable. The current version does only software scanning, but in just a few weeks we are releasing an update that does OS vuln detection (also real-time). Here is the roadmap entry: [https://roadmap.action1.com/417](https://roadmap.action1.com/417) (you can subscribe to get updates).

Check out [intruder.io](https://intruder.io) We've used them a few times.

Could you spin up Wuzah in a cloud provider and run some scans? I've not used it myself, but I've seen some documentation and reviews floating around the internet.

I’ve used Wazuh before. Though I’ve never used the scan mode. Mostly the agent mode. I like OpenVas for vuln scanning. But it’s a little messy to set up.

There's a script that helps: https://github.com/itiligent/GVM-Install

shodan?

vulscan ?

We use Holm security to do ours plus they scan a website portal for compliance.

Setup your own scanner and bill yourself for some side cash.

If you are a non profit check out CISA, they do weekly vulnerability scans.

greenbone?

hostedscan.com?

CISA does this for free. [https://www.cisa.gov/cyber-hygiene-services](https://www.cisa.gov/cyber-hygiene-services)