Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Vulnerability scanning tools!

Posted on 2016-07-30
5
Medium Priority
?
225 Views
Last Modified: 2016-08-09
Hi All,

We look for tools to scan vulnerabilities on our system, tools can free or license, please give us your advice.

Thanks so much,

HNN.
0
Comment
Question by:ldvhai
5 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 41735693
Not sure what OS or system you want to scan. But Kali is a live distro that is very good for scanning your network and for auditing:

https://www.kali.org/

As for scanning a Windows PC for malware, MBAM is the best tool:

https://www.malwarebytes.com/
0
 
LVL 2

Author Comment

by:ldvhai
ID: 41735709
Thanks so much Rindi
0
 
LVL 65

Assisted Solution

by:btan
btan earned 800 total points
ID: 41735749
Come to penetration test will be much more desired to level up just vulnerability scan. There is no one silverbullet tool that does the scan holistically. You will likely need a couple tools for the scan effort. This may be of interest whereby the suggested tools are listed for achieving specific scan objective (you can also find " Vulnerability Assessment" and "Vulnerability Analysis" section for the two links respectively)
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis
Some tools to consider
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. OpenVAS is a fork of Nessus that allows free development of a non-proprietary tool.
http://www.openvas.org/download.html
The Nexpose Community edition includes:
Scans 32 IPs
Scans networks, OS and DBs
Deployment option: software
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
http://w3af.org/download
Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates. It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction.
http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/

for licensed one, see
Passive Vulnerability Scanner (PVS), PVS v5.0 enables you to increase visibility of devices, services, applications, and vulnerabilities active on a network.
https://www.tenable.com/products/passive-vulnerability-scanner/download, or collectively from Nessus offering
he free Nessus Home for your private non-commercial use, download an evaluation of Nessus Professional, the most widely deployed vulnerability scanning solution in the world, or request an evaluation of Nessus Manager or Nessus Cloud, our vulnerability management solutions for enterprise security teams.
https://www.tenable.com/products/nessus/select-your-operating-system
or Acunetix collection
Acunetix has integrated the popular OpenVAS scanner within Acunetix Online Vulnerability Scanner to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service.
http://www.acunetix.com/vulnerability-scanner/network-security-scanner/
0
 
LVL 25

Accepted Solution

by:
madunix earned 1200 total points
ID: 41735964
Some BASIC; Vulnerability absence of safeguard;  Vulnerability assessments identify weaknesses; Penetration testing exploits weaknesses.
Rapid7, is the best tool for performing a vulnerability assessment. It will scan  data bases, web servers, platforms, network devices, operating systems, and applications etc..
https://www.rapid7.com/
http://sectools.org/
http://iase.disa.mil/Pages/index.aspx
https://www.experts-exchange.com/questions/24973651/Vulnerability-Penetration-testing.html
https://www.experts-exchange.com/questions/28509131/critical-web-application-security-controls.html
0
 
LVL 50

Expert Comment

by:dbrunton
ID: 41736872
For local computers rindi has recommended MBAM https://www.malwarebytes.com/mwb-download/

I'll add to that:

AdwCleaner  http://www.bleepingcomputer.com/download/adwcleaner/

Combofix  http://www.bleepingcomputer.com/download/combofix/

Between those three you've got a good range for cleaning an infected computer.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question