Security audit

I have done an audit to our IT infrastructure (windows 2008, exchenge, sql Server, Citrix, cisco routers/switches, hp printers, hp servers with insight manager, vmware, BB BES)
They have detected diferent vulnerabilities:
- Null sessions active: It allow to get all usernames and passwords
- Updates patch not update
- Vulnerability on vmware vcenter. They can manage the console without username
- SNMP default communities (servers, switches, ...)
- Access to BB BES without username/password
- Mcaffee OPE no nell configured
- It can be possible to identify SQL Server 2005 version

Could you recomend me a free or not free utility or precedure that allow me to check my it infraestructure periodically to discover vulnerabilities just to work on them.

Best regards
Who is Participating?
@gorhon: Nessus is not freeware for a business. Only for educational or personal use.

@soporteorbit: Follow the list provided by madunix.

Please use Nessus security scanner. This is PCI compliance. And freeware. (Free version is only one time 25 ip's scan, but seperate full scan.)

please register home user and give serial number. (or 1200 $ professional)
btanExec ConsultantCommented:
It will be a life cycle of document review, system verification and validation to have a more complete security assessment. Focus on critical services first. The link has a good summary of the procedure and tools relevant to sieve out as many gaps and esp low hanging fruits. Importantly, hardenkng guide from vendor is essential for health check too, CIS, STIG and NIST has many guidance, if interested.
Look at Nessus; NeXpose; Qualys Guard; Retina Network Security Scanner; Saintbox; Shadow Security Scanner; Automated Scanning; FS 1000; Internet Scanner; LANguard 

look @

1.      Nikto (Linux)
2.      Paros proxy (Linux if you can)
3.      Ike-scan (Linux)
4.      SARA (Security Auditor's Research Assistant) (Linux)
5.      MBSA (discutable)
6.      AppScan from IBM

Also look at

Commercial Tools:
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN

Software-as-a-Service Providers:
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG

Free / Open Source Tools:
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.