The host-based vulnerability assessment works on a client-server model where the client performs the scan and sends the report back to the server/manager. A host-based scanner is installed on every host on the system that you want to monitor. Host-based vulnerability assessment tools can provide an insight into the potential damage that can be done by insiders and outsiders once some level of access is granted or taken on a system. They are generally useful for discovering weaknesses behind an initial access control setting. Network-based scanners cannot perform a deep low-level security check because they do not have direct access to the file system on the target host. A few famous open source tools include OSSEC, Prelude ...