–OpenVAS: This scanner is daily updated with new vulnerability tests.
–Nexpose Community: It makes more than 163.000 network checks. It doesn’t include web application scanner but it is automatically updated.
–Metasploit Framework: It validates vulnerabilities found by Nexpose and identifies the more dangerous ones in order to fix them first.
–Retina CS Community: It simplifies and centralized vulnerability management and patching. It includes automated vulnerability assessment for servers, workstations, mobile devices, applications…
–Burp Suite Free Edition: It provides all the tools to perform full security analysis for web applications.
–Nikto: It performs tests against web servers to check files and programs. It also looks for outdated versions or versions with specific problems.
–OWASP Zed Attack Proxy (ZAP): Integrated tool to find vulnerabilities affecting web applications.
–Clair: Service specialized in container analysis.
–Moloch: It storages and indexes and network traffic in PCAP standard format, providing quick access.
–Powerfuzzer: Automatic and customizable web fuzzer that identifies cross site scripting (XSS); injections (SQL, LDAP, code, commands, CRLF and XPATH); and HTTP 500 statuses.
More info about these tools at eSecurity Planet.