Solved

Vulnerability scanning tools!

Posted on 2016-07-30
5
144 Views
Last Modified: 2016-08-09
Hi All,

We look for tools to scan vulnerabilities on our system, tools can free or license, please give us your advice.

Thanks so much,

HNN.
0
Comment
Question by:ldvhai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 41735693
Not sure what OS or system you want to scan. But Kali is a live distro that is very good for scanning your network and for auditing:

https://www.kali.org/

As for scanning a Windows PC for malware, MBAM is the best tool:

https://www.malwarebytes.com/
0
 
LVL 2

Author Comment

by:ldvhai
ID: 41735709
Thanks so much Rindi
0
 
LVL 63

Assisted Solution

by:btan
btan earned 200 total points
ID: 41735749
Come to penetration test will be much more desired to level up just vulnerability scan. There is no one silverbullet tool that does the scan holistically. You will likely need a couple tools for the scan effort. This may be of interest whereby the suggested tools are listed for achieving specific scan objective (you can also find " Vulnerability Assessment" and "Vulnerability Analysis" section for the two links respectively)
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines#Vulnerability_Analysis
Some tools to consider
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. OpenVAS is a fork of Nessus that allows free development of a non-proprietary tool.
http://www.openvas.org/download.html
The Nexpose Community edition includes:
Scans 32 IPs
Scans networks, OS and DBs
Deployment option: software
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
http://w3af.org/download
Personal Software Inspector is a security scanner which identifies programs that are insecure and need updates. It automates the updating of the majority of these programs, making it a lot easier to maintain a secure PC. It automatically detects insecure programs, downloads the required patches, and installs them accordingly without further user interaction.
http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/

for licensed one, see
Passive Vulnerability Scanner (PVS), PVS v5.0 enables you to increase visibility of devices, services, applications, and vulnerabilities active on a network.
https://www.tenable.com/products/passive-vulnerability-scanner/download, or collectively from Nessus offering
he free Nessus Home for your private non-commercial use, download an evaluation of Nessus Professional, the most widely deployed vulnerability scanning solution in the world, or request an evaluation of Nessus Manager or Nessus Cloud, our vulnerability management solutions for enterprise security teams.
https://www.tenable.com/products/nessus/select-your-operating-system
or Acunetix collection
Acunetix has integrated the popular OpenVAS scanner within Acunetix Online Vulnerability Scanner to provide a comprehensive perimeter network security scan that integrates seamlessly with your web application security testing, all from an easy to use simple cloud-based service.
http://www.acunetix.com/vulnerability-scanner/network-security-scanner/
0
 
LVL 25

Accepted Solution

by:
madunix earned 300 total points
ID: 41735964
Some BASIC; Vulnerability absence of safeguard;  Vulnerability assessments identify weaknesses; Penetration testing exploits weaknesses.
Rapid7, is the best tool for performing a vulnerability assessment. It will scan  data bases, web servers, platforms, network devices, operating systems, and applications etc..
https://www.rapid7.com/
http://sectools.org/
http://iase.disa.mil/Pages/index.aspx
https://www.experts-exchange.com/questions/24973651/Vulnerability-Penetration-testing.html
https://www.experts-exchange.com/questions/28509131/critical-web-application-security-controls.html
0
 
LVL 48

Expert Comment

by:dbrunton
ID: 41736872
For local computers rindi has recommended MBAM https://www.malwarebytes.com/mwb-download/

I'll add to that:

AdwCleaner  http://www.bleepingcomputer.com/download/adwcleaner/

Combofix  http://www.bleepingcomputer.com/download/combofix/

Between those three you've got a good range for cleaning an infected computer.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question