NeWT

Category: Vulnerability Scanners
Website: http://www.tenablesecurity.com/
Manufacturer: Tenable
Operating System: Windows

Description:
The Windows version of the very powerful Nessus scanner is quite a piece of software in its own right. Like most scanners on the market it looks for common vulnerabilities and provides a detailed report about what it finds. NeWT differs from the competition by providing an extra set of tests called "Dangerous Tests" which contain common DOS attacks. These attacks can kill almost any machine but provide excellent information on the stability of the server in question. NeWT is probably more powerful than GFI LANgaurd but also considerably slower. Reports are presented as HTML pages, but stored as XML files for easy comparison or custom parsing.

Strengths:
Scans EVERYTHING. Probably more powerful than GFI LANguard. Scans for DOS attacks in addition to the standard set of tests. Is able to determine if a server is running on a different port than is standard (ie you could run http off of port 6541 instead of 80 and it would find it). XML results file allows for custom reporting. Creates nice HTML report. Compares reports. Step-by-step instructions for fixing most problems right in the report.

Weaknesses:
Slow, though this is understandable considering the number of tests ran, but GFI would present common exploits much quicker. Only able to scan class C networks using NeWT. NeWT PRO allows for all networks to be scanned.

Target:
Any machine that has a public IP

Mitigation/Recommendation:
patched and updated machine

Price:
NeWT: freeware
NeWT PRO: $6000

Penetration (8):
Due to it's relation to Nessus, a very popular Linux based scanner, it has a fairly large user base

Simplicity (4-8):
Skilled to beginner Easy point and click interface. Simple to understand reports. Module management can be a bit tricky though.

Damage Potential (6):
Has the potential to run a number of different DOS attacks on a server, potentially causing it to hang or reset