SCAP
I find it strange that nobody has mentioned SCAP in the aftermath of WannaCry. The Linux implementation is, to paraphrase Agent Cooper, a "damn fine tool." Dunno about the Windows version because the only recommendation it gives is to "format the disk and install Linux."
BTW, the documentation claims that it should be pronounced as either "S-CAP" (ess cap) or "S C A P" (ess see ay pee). I consider that constraint to be total c-rap.