• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 272
  • Last Modified:

Vulnerability scanning tools!

Hi All,

We look for tools to scan vulnerabilities on our system, tools can free or license, please give us your advice.

Thanks so much,

HNN.
0
ldvhai
Asked:
ldvhai
2 Solutions
 
rindiCommented:
Not sure what OS or system you want to scan. But Kali is a live distro that is very good for scanning your network and for auditing:

https://www.kali.org/

As for scanning a Windows PC for malware, MBAM is the best tool:

https://www.malwarebytes.com/
0
 
ldvhaiAuthor Commented:
Thanks so much Rindi
0
 
btanExec ConsultantCommented:
Come to penetration test will be much more desired to level up just vulnerability scan. There is no one silverbullet tool that does the scan holistically. You will likely need a couple tools for the scan effort. This may be of interest whereby the suggested tools are listed for achieving specific scan objective (you can also find " Vulnerability Assessment" and "Vulnerability Analysis" section for the two links respectively)
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis
Some tools to consider
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. OpenVAS is a fork of Nessus that allows free development of a non-proprietary tool.
http://www.openvas.org/download.html
The Nexpose Community edition includes:
Scans 32 IPs
Scans networks, OS and DBs
Deployment option: software
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
http://w3af.org/download
Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates. It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction.
http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/

for licensed one, see
Passive Vulnerability Scanner (PVS), PVS v5.0 enables you to increase visibility of devices, services, applications, and vulnerabilities active on a network.
https://www.tenable.com/products/passive-vulnerability-scanner/download, or collectively from Nessus offering
he free Nessus Home for your private non-commercial use, download an evaluation of Nessus Professional, the most widely deployed vulnerability scanning solution in the world, or request an evaluation of Nessus Manager or Nessus Cloud, our vulnerability management solutions for enterprise security teams.
https://www.tenable.com/products/nessus/select-your-operating-system
or Acunetix collection
Acunetix has integrated the popular OpenVAS scanner within Acunetix Online Vulnerability Scanner to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service.
http://www.acunetix.com/vulnerability-scanner/network-security-scanner/
0
 
madunixCommented:
Some BASIC; Vulnerability absence of safeguard;  Vulnerability assessments identify weaknesses; Penetration testing exploits weaknesses.
Rapid7, is the best tool for performing a vulnerability assessment. It will scan  data bases, web servers, platforms, network devices, operating systems, and applications etc..
https://www.rapid7.com/
http://sectools.org/
http://iase.disa.mil/Pages/index.aspx
https://www.experts-exchange.com/questions/24973651/Vulnerability-Penetration-testing.html
https://www.experts-exchange.com/questions/28509131/critical-web-application-security-controls.html
0
 
dbruntonCommented:
For local computers rindi has recommended MBAM https://www.malwarebytes.com/mwb-download/

I'll add to that:

AdwCleaner  http://www.bleepingcomputer.com/download/adwcleaner/

Combofix  http://www.bleepingcomputer.com/download/combofix/

Between those three you've got a good range for cleaning an infected computer.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now