Vulnerability Scanners

Vulnerability Scanners are software or hardware tools used to diagnose and monitor network computers, which allows you to scan networks, computers and applications to detect possible security problems, and to evaluate and fix vulnerabilities.

Vulnerability scanners allow you to test various applications in the system for the presence of "holes" that can be exploited by intruders. Low-level tools, such as the port scanner, can also be used to identify and analyze the possible applications and protocols that are running on the system.

Types of Vulnerability Scanners

The vulnerability scanner can be divided into 4 steps:

Usually, the scanner first detects active IP addresses, open ports, the running operating system and applications.
A safety report is generated (optional step).
Attempt to determine the level of possible interference in the operating system or application (may cause a failure).
At the final stage, the scanner can exploit the vulnerability by causing the operating system or application to crash.

Scanners can be malicious or "friendly". The latter usually stop in their actions in step 2 or 3, but they never reach step 4.

Among the vulnerability scanners are:

Port Scanner
Scanners investigating the topology of a computer network
Scanners investigating the vulnerabilities of network services
Network worms
CGI scanners ("friendly" - help to find vulnerable scripts)

Software

The top ten in the opinion of insecure.org vulnerability scanners (2006):

Nessus: Vulnerability assessment for UNIX
GFI LANguard: A commercial network vulnerability scanner for Windows
Retina: Commercial scanner for vulnerability assessment
Core Impact: Automated product for testing unauthorized intrusion into the system
ISS Internet Scanner: Application-Level Vulnerability Assessment
X-scan: Scanner for researching network vulnerabilities
Sara: Security Auditor's Research Assistant
QualysGuard: Vulnerability Scanner (web service)
SAINT: Security Administrator's Integrated Network Tool
MBSA: Microsoft Baseline Security Analyzer

Other known vulnerability scanners:

XSpider
OpenVAS
ERPScan SAP Security Scanner
SurfPatrol

Liked? Subscribe to RSS news!
You can also support shram.kiev.ua, press:

It will not be superfluous for your friends to learn this information, share their article with them!

Expand / Collapse

Comments

When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.