Vulnerability Scanner Tools "Security Threat" Summary:
The Security Innovation Software Security team has researched and reviewed each major vulnerability scanner available. Our research covers Unix, Linux and Windows security tools. Each tool has been reviewed individually to determine how much of a threat it poses to your organization. For each tool we looked at how deeply the tool has penetrated into the hacker community: how easy it is for a hacker to pick up and use, and how much damage the tool can do in the hands of a malicious attacker.
The security threat rating is a combination of these three variables and represents how much attention we believe you should pay to each tool in order to fend off potential attacks to your systems.
Note: Some of these tools can also be used to protect yourself, and we recommend that you do so. This ranking, however, is purely from the perspective of a potential attacker - not a measure of how useful the tool is in securing an enterprise.
| Tool NameClick on a tool name for more information. | Security Threat RatingAn overall rating of how important this tool is to Hackers, taking into consideration penetration, simplicity of use, damage potential, and likelihood of a hacker using this tool. Tools with a high rating should be paid attention to more from a security standpoint. | DescriptionA short description of the tool including information about why an attacker would choose this tool over others, how it works, or other interesting information. | Affected SystemsThe piece of the network that the tool will attack. |
| Nessus | 10 | Nessus is a remote security scanner that uses a rules based system for scanning remote systems. Nessus scans everything using small script based plug-ins which makes updating it with the latest vulnerabilities easy. It is open source so new fixes and features are constantly being added. | Any Exposed Machine |
| NeWT | 10 | The Windows version of the very powerful Nessus scanner is quite a piece of software in its own right. Like most scanners on the market it looks for common vulnerabilities and provides a detailed report about what it finds. | Any Exposed Machine |
| Whisker | 9 | Whisker is a web-server scanner that looks for many typed of vulnerabilities especially dangerous CGI scripts. A perl library, LibWhisker, is included to enable custom scanners to be built into Whisker. Scanning employs character encoding to make it unseen by most IDS solutions . | Webservers |
| Saint5 | 8 | Saint 5 is a non-intrusive network and system scanner. It doesn't require an agent on the client to complete its scan. Saint is option rich but also complex and difficult to understand at first, requiring more expertise and knowledge than some of its competitors. It does, however, offer a more complete reporting solution than any other product on the market with more control over the reports and more detail and helpful references included than anyone else. | any public UNIX or Linux machine |
| GFI LANguard |
8 | GFI LANguard is one of the leading tools on the market for server security scanning. It scans a machine or range of machines for known vulnerabilities, presents a clean report and offers links to help repair any problems. To fully facilitate security scanning it allows for user defined credentials, including NULL sessions, to see what a hacker could learn without having access to the machine. | Firewalls and Servers |
| WebInspect | 7 | WebInspect is a vulnerability scanner that sets itself apart from other scanners by attacking the server at every level. You can specify a number of scans to be run including intrusive scans that should only be run internally to complete external scans that will uncover both known and unknown vulnerabilities on a running production server |
Any exposed machine, IDS systems, firewalls, and web applications. |
| SARA | 7 | SARA is a vulnerability scanner that, like SAINT, is based on the old SATAN scanner. The UI is web-based making the tool not nearly as easy to use as the best of the competition such as Retina. Vulnerability finding is below average as is the reporting capability. However it is free, open source, and easily modifiable all making it attractive to hackers. |
Any Exposed Machine |
| Microsoft Baseline Security Analyzer |
7 | Microsoft's response to GFI and NeWT, not as powerful as either but does provide some data that the others do not, directory structure, share permissions, office patches and others. Since it's Microsoft based all needed patches are easily downloaded and installed. | Any Windows Machine |
| Internet Scanner | 6 | Internet scanner is an agent-less non-intrusive vulnerability scanner. It performs best on Windows machines and Netware servers. Expect more false positives on Unix systems. Vulnerability finding and reporting ability are on par with its competitors. Overall a capable and usable vulnerability scanning solution, though it tends to have more false positives than other scanners. | Any Exposed Machine |
| NScan | 6 | This tool allows you to scan a range of computers for open ports, trace route to a remote computer, do DNS lookup, or gather whois information on the server. They have defined subsets of common ports so you don't have to scan every port on every machine which can take a long for the connection to terminate time if the port has been stealthed. | Firewalls and Servers |
| Nikto | 6 | Nikto is a web-server scanner that looks for many typed of vulnerabilities especially dangerous CGI scripts. It was built on top of Whisker and claims to find more vulnerability types. This is hard to verify, however, especially given that Whisker has many public libraries written for it. | Webservers |
| N-Stealth Security Scanner | 6 | N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems and weaknesses that may allow an attacker to gain privileged access. The software comes with a database of over 30,000 vulnerabilities and exploits. N-Stealth is more actively maintained than many other network security scanners and consequently has a larger database of vulnerabilities. | Webservers |
| Retina | 6 | Retina is an award winning scanner that uses a large fingerprint database to look for common vulnerabilities. The database is updated frequently to include new attacks as they are discovered. It is an integrated part of a larger product suite that includes advanced reporting and remediation technologies, but will work just fine as a stand alone product. | Webservers |
| Scando | 5 | After completion of a complete website scan it goes back and assesses each page for a number of different vulnerabilities including parameter tampering, SQL injection, cookie tampering and a number of other common attacks. |
Any website |
| SandCat Scanner | 5 | Providing more than 25,000 security checks this product seems to not only check known vulnerabilities on a server but also can test intrusion detection systems, and routers. The Scanner the part of the SandCat Suite that can be run from a remote location to identify, exploit and report vulnerabilities in a system. | Servers, firewalls, routers, intrusion detection systems |
| CGIS4 | 4 | A multithreaded quick scanning engine for scanning security vulnerabilities on web servers. | Webservers running CGI |
| NetRecon | 4 | NetRecon is a non-intrusive network scanner that doesn't rely on a client-side agent to assist in the scan process. It can scan for a wide-range of vulnerabilities using a fingerprint database that is update regularly and automatically pushed to be used in future scans. | Any Exposed Machine |
| TyphonIII | 4 | A very full featured scanner. This scanner includes quite a few modules that other commercial solutions do not such as, SSL web checks, intelligent web checks, Overflow checks etc. | Any server |
| BV-Control for Internet Security | 4 | BV-Control (formerly HackerShield) is an agent-less non-intrusive scanning product. It has good scanning results, finding vulnerabilities on par with its competitors. The UI is better than average including its ability to present results in a clear and concise manner. | Any Exposed Machine |
| Twwwscan | 4 | Twwwscan is the application for Windows systems. Arirang is the Unix version. These tools allow the user to specify hosts, networks, and IP address ranges, and to easily customize the CGI checks (through configuration text files). | Any server |
| Cerberus Internet Scanner (CIS) | 4 | CIS is an easy to use tool that scans a remote host for many known vulnerabilities including XSS, Web Service checks, FTP, SMTP, POP3, NT, NetBIOS, and MS SQL checks. Its ease of use makes this tool worth running on any server. | Any server |
| Niloo IIS Scanner | 3 | This application quickly scans for over 750 IIS 4.0/5.0 vulnerabilities | any unpatched IIS 4.0/5.0 server |
| AppScan | 3 | Appscan is another commercial vulnerability scanner which can detect many common server misconfigurations as well as vulnerabilities. | Webservers |
| Vulnerability Manager 5.0 | 1 | NetIQ is a scanner that relies upon agents distributed on all target clients. It can scan for missing patches, as well as a host of common vulnerabilities. It relies on a vulnerability database to look for signatures on the client machine that match to various problems. | Any server |
| CyberCop | 0 | Like Internet Scanner, CyberCop is an agent-less non-intrusive scanner with decent vulnerability finding capability and a problem with false positives. In addition to false positives the CyberCop reports suffer from a verbosity problem, often given multiple warnings for a single problem. | Any server |
| <<Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | Next>> |
Provided by: Security Innovation, The Application Security Company