Tool Population For Vulnerability Assessment ~ Hackplanet

A vulnerability assessment tool or scanner is a tool using which we can automate the process of testing loopholes in a network and immunity of security system implemented by an organization.

They can be classified as :

a. Host

b. Service

c. Application

Host based tools performs scanning on the system they resides on, i.e. they do not interact with any other system. Their advantage include having access to all system resources such as logs, etc. They also work a a faster rate as compared to other assessment tools. However they can also take large amount of host machine’s resources and if this was a important node in the network, this can raise worries on network admin’s face.

Service vulnerability scaners includes tools which scans a range of host or particular services which are running on them. These can include simple port scanners (Nmap, angryip, etc) and they can also include completely automated programs (Acunetix, Nessus, GFI Languard) which can detect live hosts and try to fetch data from them. This automation can be in terms of banner grabbing or service identification as well. These automated tools also enable users to create a report on its own once it completes the assessment.

When we talk about current tool population in the industry, there are a number of tools ranging from scanners to automated ones. Some of them which are open source and available free of cost includes :

Ø Microsoft Baseline Security Analyser ( http://microsoft.com/technets/security/tools/mbsahome.mspx)

Ø Winfingerprint (http://winfingerprint.com)

Ø OpenVas (http:/wald.intevation.org/projects/openvas/)

Ø Paros (http://parosproxy.org)

Ø Win Vuln Scan (http://pspl.com/download/winvulnscan.htm)

Ø Nikto (http://www.cirt.net/code/nikto.shtml)

Ø Nessus

Apart from these tools, you must be in touch with latest vlnerbilty informations. For this purpose you can use these advisories :

Ø http://cert.org

Ø http://cve.mitre.org/cve

Ø http://isc.sans.org

Ø http://owasp.org