haven't used any of these -- but if you scan a couple class B's of popular hosting providers like aws, rackspace, etc. -- you'd be surprised at the % of things like memcached/redisd/hbase/etc.. that don't even have the most basic auth -- and people store all sorts of craziness in there
it's 2012 and everyone still cares not at all about security
http://nmap.org/nsedoc/
Also, we released a new version of Nmap today with 51 new scripts and many other improvements:
5.61TEST4 Release Notes: http://seclists.org/nmap-dev/2012/q1/23
Download Page: http://nmap.org/download.html