Open Source Scanner Public Beta Coming Soon

Network Vulnerability Scanning, Open Source

An automated network vulnerability scanner built by practitioners, for practitioners. From host discovery to remediation playbook, netvuln-tool delivers comprehensive assessments with zero manual overhead — and the scanning engine is going open source.

See a Sample Report → Join the Beta Waitlist

Why netvuln-tool?

Built by security engineers who got tired of stitching together five tools to produce one report. One scanner, one workflow, complete results.

Open Source Scanner

The scanning engine, report generator, and CLI tools are free and open source. Run it on your own infrastructure, inspect every line of code, contribute back to the community.

Managed Portal

The collection portal is a managed SaaS platform by Bullium Consulting. Multi-tenant dashboards, trend analytics, compliance tracking, and webhook integrations — all hosted and maintained for you.

Professional Remediation

Need expert help fixing what the scanner found? Bullium's security team provides guided remediation engagements with retesting to confirm vulnerabilities are resolved.

How It Works

Four automated stages from target scope to remediation playbook. No manual overhead.

Discovery

Host detection, DNS enumeration, WHOIS lookups, and OSINT gathering across your entire target scope.

Assessment

Port scanning, service fingerprinting, and vulnerability analysis using NSE scripts and CVE correlation.

Scoring

CVSS-based severity mapping plus the Bullium Risk Score (0–100) with letter grading from A+ through F.

Remediation

Prioritized remediation playbook with step-by-step guidance, split into self-service and professional tracks.

Two Components, One Platform

The scanner is free and open source. The portal is a managed commercial service. Use one or both.

Free & Open Source

Scanning Engine

Run it yourself, audit the code, contribute improvements. The scanner is yours.

CLI scanning engine with full network discovery
Branded HTML report generation
CVSS scoring & Bullium Risk Score
Compliance mapping (CIS, NIST, PCI-DSS, SOC 2)
Remediation playbook generation
Network topology mapping

Managed by Bullium

Collection Portal

Centralized vulnerability management with multi-tenant dashboards, hosted and maintained by Bullium Consulting.

Multi-tenant session management with client scoping
Security posture trend dashboards
Webhook integrations for PSA/RMM tools
Bulk export (CSV, PDF, JSON)
Secure token-based report sharing
Risk register & exception management

netvuln-tool branded Network Vulnerability Assessment Report showing executive summary with host, port, and finding counts by severity

Comprehensive Assessment Reports

Every scan produces a professionally branded Network Vulnerability Assessment Report. The executive summary gives leadership an immediate picture of scope and risk, while granular per-host findings give your technical team exactly what they need to act.

Reports include host discovery, open port enumeration, CVSS-scored findings, the Bullium Risk Score, and a prioritized remediation playbook — all exportable and shareable via secure link.

Acme Manufacturing Corp

15 Hosts | 42 Open Ports | 87 Findings

3 Critical 8 High 28 Medium 18 Low 30 Info

Risk Score: 62/100 — Grade: D

View Full Sample Report →

Built for Security Teams

Every feature designed to reduce time-to-remediation and communicate risk to stakeholders.

CVSS Scoring

Every finding mapped to CVSS severity with color-coded badges. Instantly see which vulnerabilities demand immediate attention.

Bullium Risk Score

A 0–100 composite risk score with letter grading from A+ through F. A single metric that communicates overall security posture to leadership.

Remediation Playbook

Prioritized, step-by-step remediation guidance with self-service items your team can fix immediately and professional items for guided engagements.

Compliance Mapping

Automated mapping to CIS Controls v8, NIST CSF, PCI-DSS v4.0, and SOC 2 frameworks. Export compliance summaries for auditors.

Network Topology

Interactive D3.js force-directed network visualization with subnet clustering and risk-graded host nodes color-coded from A through F.

Dual Risk Scoring

Actual vs. operational risk scores. See the raw risk alongside the post-exception score that reflects accepted risks and mitigating controls.

Scheduled Scanning

Daemon agent for automated recurring scans with cron scheduling. Track scan history, average risk scores, and drift over time per schedule.

Webhook Integrations

Event-driven notifications with HMAC-signed payloads for PSA, RMM, and SIEM integration. Trigger workflows on scan completion, risk thresholds, and new criticals.

Multiple Export Formats

One-click export to PDF, CSV, and JSON for compliance documentation, audit trails, and integration with your existing security workflows.

Secure Report Sharing

Token-protected shareable links for stakeholders and leadership. Reports render in a sandboxed viewer with no data exposure risk.

Industry Benchmarks

Compare your security posture against aggregated cohort data. Percentile rankings for risk score, findings density, and critical-to-high ratio.

Risk Register

Aggregated exception view across sessions with filterable table, approval tracking, expiry management, and CSV export for governance documentation.

Product Roadmap

Where we've been, where we're going, and what's coming next.

Shipped

Core scanning engine & CLI Branded HTML report generation Collection portal with multi-tenancy Compliance mapping (4 frameworks) Network topology visualization Industry benchmarks & percentile ranking Scheduled scanning with daemon agent Webhook integrations (HMAC-signed)

In Progress

Open-source packaging & licensing Public documentation & setup guides Public beta preparation

Coming Soon

Public beta launch Community contributions & PRs Plugin & extension system API access for CI/CD pipelines

netvuln-tool collection portal dashboard showing vulnerability assessment sessions with severity breakdowns

Centralized Collection Portal

Every scan session is tracked and stored in the netvuln-tool collection portal. Clients and engineers get full visibility into total findings, severity breakdowns, and session history across all engagements.

The portal aggregates data across multiple scan sessions, giving you a clear picture of how your security posture evolves over time as vulnerabilities are discovered and remediated.

Real-time severity breakdown (Critical, High, Medium, Low, Info)
Remediation dashboard with progress tracking
Compliance panel with framework mapping
Historical trend tracking across multiple engagements
Export to JSON, PDF, and CSV for compliance documentation
Secure token-based report sharing with stakeholders

Get Notified When Beta Launches

Be among the first to try netvuln-tool. Sign up for early access and we'll notify you when the public beta is ready.

No spam. One email when beta launches.

Get Started

Whether you need a managed assessment, want early access, or just want to see what netvuln-tool produces.

Schedule an Assessment

Let Bullium's security team run a managed assessment against your network and deliver a full report with remediation guidance.

Join the Beta Waitlist

Get early access to the open-source scanner before general availability. We'll email you when the public beta is ready.

Join Waitlist →

View a Sample Report

See exactly what a netvuln-tool assessment produces. Browse a full sample report with findings, scores, and remediation guidance.

View Report →

Ready to See What's on Your Network?

Get a clear picture of your vulnerabilities, risk score, and a prioritized remediation plan. Schedule an assessment with our team or sign up for early access to the open-source scanner.