An entirely free version of runZero... because everyone deserves great security.

Perfect for home use and environments that have fewer than 100 assets, our Community Edition ensures everyone can benefit from runZero regardless of their budget.

Our free Community Edition is great for small businesses & security nerds.

Our free Community Edition is fully functional—yes, really. We want every runZero user to experience the full power of our exposure management platform.

That means you get access to the same advanced fingerprinting and powerful discovery methods as our paid users, so you can uncover every asset, reveal hidden exposures, and zero in on the risks that truly matter—all without spending a dime.

Get Community Edition

We believe in the power of community.

You might know our founder HD Moore as the creator of Metasploit. The open-source Metasploit Framework has been used by professionals around the globe every day for the last 20+ years to help test vulnerabilities and improve security, enabling us to all get better together.

This core value of community and sharing is also part of runZero’s DNA. Since the beginning, the runZero community has been part of our journey by providing feedback, suggesting improvements, and discovering assets beyond our wildest imagination.

So whether you're a SecOps leader with decades of experience, a university researcher, or just want to tinker with your home network, we encourage you to join our tribe by trying runZero.

Platform
Asset limit	Maximum number of assets per license.	100
SaaS console	Access the runZero console in the cloud.
Organizations	Organize your data by business unit, department, or end customer, with RBAC for each organization.	1
Recurring tasks	Maximum number of recurring tasks for passive scans, passive discovery, and integrations.	10
Data retention	Data retention period for audits or investigations (days).	30

Active Scanning
Self-hosted Explorers	Deploy your own scan engines for discovering internal and external attack surfaces.
runZero-hosted Explorers	Scan all your external assets with a runZero-managed Explorer.
Concurrent scans	Conduct concurrent scans on the same Explorer (not available on Windows).	3
Scan range limit	Maximum number of IP addresses per scan.	8,192
Scan rate limit	Maximum number of packets sent from the Explorer per second.	5,000

Passive Discovery
Traffic sampling	Get always-on discovery plus coverage for fragile environments (including OT) through passive traffic sampling.

runZero Integrations
Amazon Web Services	Connect to AWS to merge assets into the inventory.
Azure	Connect to Azure to merge virtual machines into the inventory.
Azure Active Directory	Connect to Azure AD to sync assets, users, and groups in the inventory.
Censys	Connect to Censys to merge externally-facing details of assets into the inventory.
CrowdStrike	Connect to the CrowdStrike Falcon API to merge EDR-protected assets into the inventory.
Google Cloud Platform	Connect to GCP to merge virtual machines into the inventory.
Google Workspace	Connect to Google Workspace to sync assets, users, and groups in the inventory.
Microsoft 365 Defender	Connect to Microsoft 365 Defender to sync assets in the inventory.
Microsoft Active Directory	Connect to Active Directory via LDAP to sync assets, users, and groups in the inventory.
Microsoft Intune	Connect to Microsoft Intune to sync assets in the inventory.
Miradore	Connect to Miradore to merge managed mobile devices into the inventory.
Qualys	Connect to Qualys to enrich your inventory with vulnerability data.
Rapid7	Connect to InsightVM or Nexpose to enrich your inventory with vulnerability data.
SentinelOne	Sync and enrich your asset inventory, as well as gain visibility into the software installed on SentinelOne assets.
ServiceNow ITOM	Update the CMDB with runZero data.
Shodan	Connect to Shodan Search to enrich your asset inventory with external asset data.
Splunk	Bring runZero data into Splunk.
Tenable	Connect to Tenable.io or Nessus to enrich your inventory with vulnerability data.
VMware	Connect to VMware to merge virtual machines into the inventory.

Discovery
External Attack Surface	Discover and monitor public-facing assets, services, and risks across your external perimeter, including cloud-hosted infrastructure and remote access points.
Internal Attack Surface	Gain comprehensive visibility into internal assets, services, and security risks within your on-prem, hybrid, and cloud environments.
IT Services and Assets	Identify, track, and manage all IT assets and services, including endpoints, servers, cloud instances, mobile devices, and network infrastructure.
OT Services and Assets	Safely discover and map OT environments, identifying industrial control systems (ICS), SCADA devices, PLCs, and building automation systems.
IoT Services and Assets	Detect, classify, and assess IoT devices and services, uncovering security gaps across smart devices, access control systems, cameras, and cyber-physical systems.
Shadow IT	Uncover unsanctioned, unmanaged, or rogue IT assets and services, including unauthorized cloud instances, unapproved SaaS applications, personal file-sharing platforms, and hidden Wi-Fi access points.
Unknown and Unmanageable Devices	Identify and track unknown, rogue, or unmanageable devices that evade traditional security tools.

Risk Management
Risk Findings Dashboards	Identify and track specific risks, including aggregated views of affected assets, services, and trends over time.
Contextual Risk Scoring	Prioritize threats with risk scoring based on exploitability, exposure, and asset attributes like location, connectivity, and business criticality.
Easy Query Builder	Easily search, filter, and customize asset queries with intuitive controls and prebuilt options — all without the need for rescanning.
Advanced Reports	Generate advanced security assessment reports, including vulnerabilities, outliers, asset route pathing, site comparisons, and external assets.
Goal Building	Set objectives and track progress towards your security goals.

Automation
Export API	Automate data exports.
Asset ownership	Automatically assign asset owners.

Admin & Security
User limit	Maximum number of users per account.	Unlimited
MFA	Use physical 2FA hardware keys (WebAuthn).
SSO	Integrate with SAML2-compatible single sign on (SSO).
RBAC	Restrict user access by organizations (role-based access control).
Bulk user management	Import and update users in at scale.
Temporary groups	Provide elevated privileges to groups for a limited time.
SSO group mappings	Automatically provision roles based on SSO attributes.

Ready to go?

Get started now and start seeing results in just minutes!

Join us on September 11 for our live webcast with Archaea Energy!