• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7725
  • Last Modified:

Free scanning tools to check OS & network security hardening / compliance

I know Nessus used to be free but not anymore but I don't mind getting
an old free copy of Nessus just for some refreshing to familiarize.  let
me know if where I can download

Also looking for non-intrusive tools (ie those that don't make changes
to the OS / apps / DB) that collects info like password strength, password
locking is enabled, non-recommended services like ftp & telnet servers
are disabled, when was the last security patch updates for Windows
2003/2008/2012 & MS SQL, Linux, Solaris

For network switches/routers, looking for tools that ensure hardenings
are done, eg: on Cisco switches, we want to verify if "no ip http-server",
"icmp unreachables" etc are implemented.  Let me know any free tools
I can get to do these
  • 2
4 Solutions
btanExec ConsultantCommented:
Q1 - Nessus is still free for evaluation and home users but limited. You can still use it for scanning just that the compliance checks excluded.
Also the open-source version of Nessus was forked by a group of users who still develop it under the OpenVAS name. The latter came with a virtual appliance (ova) for quick deployment and demo try out

There is a old article on the comparison bwt nessus and openvas, the former wins in the plugin support but capability will be of par

Q2 - I was thinking OpenVAS supporting OVAL may help though not intensively tested and I am not certain as not seen it in action. The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of OVAL Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file.

can catch its old compendium as read first. It is using NVT and probably the Network Vulnerability Tests (NVTs) will lead to compliance checks

Another on OpenSCAP which validate SCAP scheme based info with XCCDF language which most NIST DISA STIG and Checklist Program list may provide. XCCDF is a standard way of expressing checklist content.

Also there is a OVAL based tool that

Microsoft Security compliance Mgr uses MS guidance and documentation—including the previously stand-alone product-specific security guides—and incorporates it into one tool, enabling you to access and automate all of your organization’s security baselines in a centralized location.
Article (old) - http://technet.microsoft.com/en-us/magazine/hh489604.aspx
Latest - http://technet.microsoft.com/en-us/library/cc677002.aspx
FAQ - http://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx

Network Hotfix Scanner (almost like MBSA) -  free hotfix check utility that scans network computers for missing hotfixes and patches.

Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting. http://www.seccubus.com/

Q3 - I was thinking of nipper studio (limited one called "nipper")
... and firewall mgr (free one called "Firewall Browser", Solarwinda has quite a list)

More commonly, the use of CIS benmark and audit tool

e.g. CIS Configuration Assessment Tool (CIS-CAT)—A Java-based tool that compares the configuration of target IT systems to CIS Benchmarks and reports conformance scores on a scale of 0-100.

e.g. Router Assessment Tool (RAT) - CIS RAT assesses target devices for conformance with the CIS Benchmarks for Cisco Router IOS and Cisco PIX firewalls.

e.g. others include Apache Benchmark Tool,  and UNIX Assessment Tools
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP and CCIPCommented:
Nessus is not freeware for a business. Only for educational or personal use.  I would also check others:


 See also the following links:
1.      Nikto (Linux) http://www.cirt.net/nikto2
2.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
3.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
4.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
5.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
6.      AppScan from IBM http://www-01.ibm.com/software/awdtools/appscan/
7.      BT http://www.backtrack-linux.org/
8.      Meta http://www.metasploit.com/
9.      SEC http://sectools.org/
10.    PEN http://www.pentest-standard.org/
11.    Hak http://hakin9.org/
12.    Lab http://labmice.techtarget.com/security/penetration.htm


Commercial Tools:
Acunetix WVS by Acunetix
AppScan by IBM
Burp Suite Professional by PortSwigger
Hailstorm by Cenzic
N-Stalker by N-Stalker
Nessus by Tenable Network Security
NetSparker by Mavituna Security
NeXpose by Rapid7
NTOSpider by NTObjectives
ParosPro by MileSCAN Technologies
Retina Web Security Scanner by eEye Digital Security
WebApp360 by nCircle
WebInspect by HP
WebKing by Parasoft
Websecurify by GNUCITIZEN

Software-as-a-Service Providers:
AppScan OnDemand by IBM
ClickToSecure by Cenzic
QualysGuard Web Application Scanning by Qualys
Sentinel by WhiteHat
Veracode Web Application Security by Veracode
VUPEN Web Application Security Scanner by VUPEN Security
WebInspect by HP
WebScanService by Elanize KG

Free / Open Source Tools:
Arachni by Tasos Laskos
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Paros by Chinotec
Zed Attack Proxy
Powerfuzzer by Marcin Kozlowski
SecurityQA Toolbar by iSEC Partners
Skipfish by Michal Zalewski
W3AF by Andres Riancho
Wapiti by Nicolas Surribas
Watcher by Casaba Security
WATOBO by siberas
Websecurify by GNUCITIZEN
Zero Day Scan
btanExec ConsultantCommented:
Q3 - adding specific to CISCO

Nessus plugin (ID 46689) named “Cisco IOS Compliance Checks” (also based on CIS benchmark set for CISCO),  Cisco RAT from CIS may only provide rudimentary auditing capability so Nessus still win a par above

This may not be totally useful in config but at least targeted patches are covered by Cisco IOS Software Checker tool to search for Cisco Security Advisories that address specific Cisco IOS Software releases

Not free but worth catching it the CISCO scanning demo by QualysGuard Policy Compliance (using QualysGuard Express type)
(if interested, catch the comparison btw subscription types)
Sudeep SharmaTechnical DesignerCommented:
Aren't we missing  NMAP for scanning open ports and also vulnerability scans?


All the other tools are also listed on the above site:

Vulnerabilit scanners:

Web Scanners:

Wireless Tools:

Packer Sniffers:

Password Crackers:

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now