Category:Vulnerability Scanning

From SecurityForest


To get started on Vulnerability Assessment and the different tools available, see this Article: A closer look at all-purpose vulnerability scanners (http://www.vulnerability-assessment.de/doku.php?id=comparison_of_10_va_tools).

  • Nessus Image:Lin.jpg Image:Bsd.jpg: The premier Open Source vulnerability assessment tool
Nessus is a remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based, has a GTK interface, and performs over 1200 remote security checks. It allows for reports to be generated in HTML, XML, LaTeX, and ASCII text, and suggests solutions for security problems.
http://www.nessus.org
  • nikto Image:Win.jpg Image:Lin.jpg Image:Bsd.jpg: Nikto Web Scanner
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2600 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).
http://www.cirt.net
  • GFI LANguard Image:Win.jpg: A commercial network security scanner for Windows
LANguard scans networks and reports information such as service pack level of each machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are outputted to an HTML report, which can be customized/queried. Apparently a limited free version is available for non-commercial/trial use.
http://www.gfi.com/lannetscan
  • ISS Image:win.jpg: Internet Security Systems
Internet Scanner started off in '92 as a tiny Open Source scanner by Christopher Klaus. Now he has grown ISS into a billion-dollar company with a myriad of security products.
http://www.iss.net
  • Retina Image:win.jpg : Commertial vulnerability assessment scanner by eEye
Retina identifies known security vulnerabilities and assists in prioritizing threats for remediation. Featuring fast, accurate, and non-intrusive scanning and the industry's most comprehensive vulnerability database, users are able to secure their networks against even the most recent of discovered vulnerabilities. Users can also leverage Retina to enforce internal security policies and standards-based registry settings through custom policy audits.
http://www.eeye.com
  • SAINT Image:Lin.jpg Image:Bsd.jpg : Security Administrator's Integrated Network Tool
Saint is another commercial vulnerability assessment tool (like ISS Internet Scanner or eEye Retina). Unlike those Windows-only tools, SAINT runs exclusively on UNIX. Saint used to be free and open source, but is now a commercial product.
http://www.saintcorporation.com/saint
  • SARA Image:Lin.jpg Image:Bsd.jpg : Security Auditor's Research Assistant
SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner. They try to release updates twice a month and try to leverage other software created by the open source community (such as Nmap and Samba).
http://www-arc.com/sara
N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but do take their web site with a grain of salt. The claims of "20,000 vulnerabilities and exploits" and "Dozens of vulnerability checks are added every day" are highly questionable. Also note that essentially all general VA tools such as nessus, ISS, Retina, SAINT, and SARA include web scanning components. They may not all be as up-to-date or flexible though. n-stealth is Windows only and no source code is provided.
http://www.nstalker.com/nstealth
  • hfnetchk Image:Win.jpg : Microsoft tool for checking the patch status
Microsoft tool for checking the patch status of all the Windows machines on a network from a central location
Microsoft Link (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/hfnetchk.asp)
  • Xscan: Vulnerability Scanner coded by Xfocus Group and use Nessus NASL Plugins
http://www.xfocus.net
  • Attack Tool Kit Image:Win.jpg: - Vulnerability Scanner and Exploitation Framework for Windows
Attack Tool Kit (ATK) was first developed to provide a very small and handy tool for Windows to perform fast checks for dedicated vulnerabilities. The special thing about ATK is that the tool is able to do the work without great interaction. But there is also always the possibility to vary and change the behavior of the software. This concern the plugins, checking, enumeration and reporting. The user is not dependent of the ideas of the developers - If needed because of the modularity nearly every change can be done within a few seconds. ATK is absolutely free to use and distribute. The software is written in Visual Basic and underlies the General Public License (GPL). The most important changes in ATK 3.0 are the introduction of a dedicated exploiting routine and the Plugin AutoUpdate (over HTTP).
http://www.computec.ch/projekte/atk/download/index.html
The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier. Even during the planning and development stages, our target was to achieve an excellent user-friendliness combined with an optimal toolset. Professional open-source programs offer you a complete toolset to analyse your safety, byte for byte. In order to become quickly proficient within the Auditor security collection, the menu structure is supported by recognised phases of a security check. (Foot-printing, analysis, scanning, wireless, brute-forcing, cracking). By this means, you instinctively find the right tool for the appropriate task. In addition to the approx. 300 tools, the Auditor security collection contains further background information regarding the standard configuration and passwords, as well as word lists from many different areas and languages with approx. 64 million entries. Current productivity tools such as web browser, editors and graphic tools allow you to create or edit texts and pictures for reports, directly within the Auditor security platform.
Many tools were adapted, newly developed or converted from other system platforms, in order to make as many current auditing tools available as possible on one CD-ROM. Tools like Wellenreiter and Kismet were equipped with an automatic hardware identification, thus avoiding irritating and annoying configuration of the wireless cards.
http://remote-exploit.org/?page=auditor

Articles in category "Vulnerability Scanning"

There are 0 articles in this category.
Retrieved from "http://www.securityforest.com/wiki/index.php/Category:Vulnerability_Scanning"
Advertisement