Solved

Tools to do periodic security scans

Posted on 2016-08-01
1
57 Views
Last Modified: 2016-08-02
Can anyone suggest security scan tools (under US$3500 each) that does:

a) password cracking (we would like to scan for weak passwords used in our
    servers & network devices (most logins are using https & ssh & a few http)

b) using default passwords (recently we found quite a considerable number
     of printers, scanners, voice recorders, etc on the network that uses default
     factory passwords)

c) those that still use SSL and older versions of TLS

d) tools that could uncover weak coding that give rise to Cross-site scripting,
    (improper input validation), SQL injection, IIS Repeated Parameters &
    common coding weaknesses

e) outdated patches (without the need to login to the servers)
0
Comment
Question by:sunhux
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41737618
Consider for legitimate use only and I do not think there is "All in one", be versatile instead
a) cracking tool does not do discovery typically. I will assume you are referring to cracking tool as-is stated instead. Fr e.g.
> HashCat - https://hashcat.net/hashcat/ (include in Kali, 160+ Hash-types implemented)
> BozoCrack - https://github.com/juuso/BozoCrack (googles the MD5 hash and hopes the plaintext appears somewhere on the first page of results) via google services
> Hashcrack - https://hashcrack.org/ (cloud service to help penetration testers and network auditors identify weak passwords)

b) List of default list
> Router @ http://19216811.mobi/default-router-passwords-list...en13
> Full compilation  via Nikto @ https://cirt.net/passwords and older version @ http://www.defaultpassword.com/
> Cloud service (Shodan for webcam and more) @ http://null-byte.wonderhowto.com/how-to/hack-like-pro-find-vulnerable-targets-using-shodan-the-worlds-most-dangerous-search-engine-0154576/

c) SSLtest is one good online scanner though you need to have your web asset internet accessible. It has CLI version such as "ssllabs-scan" (https://github.com/ssllabs/ssllabs-scan/)
> There is other more common one such as nmap, openSSL, SSL_scan,
https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)
> Another caller sslyze - https://github.com/iSECPartners/sslyze (features as a fast and full-featured SSL scanner)
> Full list of tools
https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_(OTG-CRYPST-001)#Testing_for_Weak_SSL.2FTLS_Cipher_Suites

d) Web scanner will do good in this area (costly one are WebInspect, AppScan)
> It will be a portfolio of tools as it may requires proxy intercept of the request and response from a browser initiated scan perspective. Of course there are also those that is the vulnerability scanner as required (check out Grabber, Vega, Zed Attack Proxy, Wapiti, Arachni and BurpSuite) - https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools

e) Outdated patch scan will be best commonly done by GFI Languard or Nessus Scanner - should have credentialed input configured beforehand. Otherwise it is still semi interactive as below. They may have the credentialed scan too but most will required admin login id/apssword
> OpenVAS (similar to Nessus but is open software),
> Nexpose Community Edition (from Rapid 7 and also metasploit origin but more of exploit checking)
> Tripwire SecureCheq - http://www.tripwire.com/free-tools/securecheq/ (Free Microsoft Windows Configuration Security Check for Desktops and Servers, but may be outdated version though)
> Microsoft Baseline Security Analyzer (MBSA) - default MS recommended
> Corporate Software Inspector Trial -  http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/corporate-software-inspector/ (which in the past called Secunia Personal Software Inspector)
> Qualys free scan (but it is online) - https://www.qualys.com/forms/freescan/ (Detect security vulnerabilities and the patches needed to fix them.)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Recently Amazon announced their entry in the tablet device called the Amazon Kindle Fire. Some of you might have used an Ipad or have considered buying one. While they're similar in form and function in that they both have color displays with multit…
Android SDK is used for creating an android software application. It includes document and tools which are necessary to develop applications with java. In fact Android SDK is harder than other software infrastructure, because there is a virtual devi…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now