VULNERABILITY ASSESSMENT TOOLS

Vulnerability scanning tools
Vulnerability assessment tools

1. Nessus (https://store.tenable.com)
Nessus provides the largest collection of network security checks, extensive configuration and compliance auditing, and automatic post-scan analysis and monitoring.

• Scan an unlimited number of IPs, as often as needed
• Nearly 60,000 vulnerability and configuration checks (plugins) – new plugins updated daily
• Audit your systems for secure configurations and compliance – PCI DSS, HIPAA/HITECH, DISA STIGs, and more!
• Detects malware and botnets
• Perform vulnerability assessments against a wide variety of SCADA systems
• Find sensitive and confidential data violations
• Apple, Microsoft, IBM, Red Hat, and VMware integration
• Download Tenable's Virtual Appliance (supports VMware and Microsoft Hyper-V)
• Deploy Nessus on premises or the Nessus AMI in the Amazon Web Services (AWS) Cloud
• Email/live chat support and access to the Tenable Support Portal and Nessus knowledge base

2. CoreImpact (http://www.coresecurity.com)

CORE Impact Pro is the most comprehensive, commercial-grade penetration testing product available, enabling you to conduct real-world assessments across a broad spectrum of risk areas, including:

End-User Security Awareness Testing

End-User Security Awareness Testing with CORE Impact Pro determines the susceptibility of email users to social engineering attacks, assesses the overall security of their systems, and depicts how individual client-side exposures can be linked to large-scale breaches of backend servers. 

Endpoint Penetration Testing

CORE Impact Pro enables you to penetration test standard desktop images prior to deployment in your live environment. 

Mobile Device Penetration Testing

Mobile device penetration testing with Impact Pro pinpoints and addresses gaps in end-user awareness and security exposures in their devices before attackers do. With CORE Impact Pro’s Mobile Device Penetration Testing capabilities, you can demonstrate the exploitability of iPhone®, Android™ and BlackBerry® smart phones using the same attack techniques employed by criminals today. 

Network Device Penetration Testing

Impact Pro is the first commercial-grade penetration testing software that can specifically target network devices and prove how a single intrusion could escalate into a widespread data breach. 

Network Penetration Testing

Network Penetration Testing with CORE Impact Pro replicates the actions of an attacker taking advantage of OS, service and application weaknesses across network systems, revealing where exploitable vulnerabilities are, how they can be linked to traverse your network, how defenses react, and what remediation steps are necessary. 

Password and Identity Cracking

CloudCypher, a new online service from CORE, works with Windows NTLM Hashes discovered by Impact Pro during testing and attempts to determine plaintext passwords for those hashes. Any passwords that are determined will be passed back to the Impact Pro workspace that requested them. This is done through the use of modules, the original module that submitted the hashes will be used to retrieve the resulting passwords. These obtained passwords can then be used for additional security testing. CloudCypher was created and is managed by CORE and held within Amazon Web Services. 

Web Application Penetration Testing

Web Application Penetration Testing with CORE Impact Pro allows you to pinpoint exploitable Cross-Site Scripting, SQL Injection and all other OWASP Top 10 vulnerabilities in your web applications, not only giving visibility into where application weaknesses exist, but also  determining how they can open the door to subsequent network-based attacks. 

Wireless Network Penetration Testing

Wireless Penetration Testing with CORE Impact Pro allows IT security managers to identify at-risk wireless networks, crack encryption codes, and trace attack paths from initial points of wireless exposure to backend resources housing critical data -- gaining actionable data at each step for efficient remediation. 

Testing the Efficacy of IPS/IDS, Firewalls and Other Defenses

Using CORE Impact software solutions, you can proactively test the efficacy of their network, endpoint, web application, wireless, and email defenses both to ensure that these technologies are working properly, and to aid in the process of evaluating products to determine ROI and influence future buying decisions.

Validating Vulnerabilities Identified by Scanners

CORE Impact integrates with the most widely-used network and web vulnerability scanners, allowing you to import scan results and run exploits to test identified vulnerabilities.

SCADA Security Testing

CORE Security is partnering with ExCraft labs, a CORE Secured Partner, that has created numerous exploits specifically for SCADA systems, that are utilized in CORE Impact Pro. 

3. QualysGuard (http://www.qualys.com)

Core Services enable integrated workflows, management and real-time analysis and reporting across all of our IT security and compliance solutions.

Asset Tagging and Management

Enables your organization to easily identify, categorize and manage large numbers of assets in highly dynamic IT environments and automates the process of inventory management and hierarchical organization of IT assets.

Reporting and Dashboards

A highly configurable reporting engine that provides your organization with reports and dashboards based on user roles and access privileges.

Questionnaires and Collaboration

A configurable questionnaire engine enables your organization to easily capture existing business processes and workflows to evaluate controls and gather evidence to validate and document compliance.

Remediation and Workflow

An integrated workflow engine allows your organization to automatically generate helpdesk tickets for remediation and to manage compliance exceptions based on organizational policies, enabling subsequent review, commentary, tracking and escalation. This engine automatically distributes remediation tasks to IT administrators upon scan completion, tracks remediation progress and closes open tickets once patches are applied and remediation is verified in subsequent scans.

Big Data Correlation and Analytics Engine

An analytics engine indexes, searches and correlates petabytes of security and compliance data with other security incidents and third-party security intelligence data. Embedded workflows enable your organization to quickly assess risk and access information for remediation, incident analysis and forensic investigations.

Alerts and Notifications

An alert engine creates email notifications to alert team members of new vulnerabilities, malware infections, scan completion, open trouble tickets and system updates.

4. NEXPOSE (http://www.rapid7.com/products/nexpose)

proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks. Experience the power of Nexpose vulnerability management solutions by:

• Knowing the security risk of your entire IT environment including networks, operating systems, web applications, databases, and virtualization.
• Exposing security threats including vulnerabilities, misconfigurations and malware.
• Prioritizing threats and getting specific remediation guidance for each issue.
• Integrating with Metasploit to validate security risk in your environment.

5. SAINT (http://www.saintcorporation.com/index.html) 

Examine your network with the SAINT vulnerability scanner, and expose where an attacker could breach your network.

• Friendly Integrated Interface
• Intuitive and Direct Workflows
• Easy Scan Set-up with The SAINT 8 Wizard
• Data Drill Down and Analysis
• Vulnerability, Exploit & Configuration Audit Integration
• Dedicated SCAP Module
• Risk Management

NOTE: Not supporting Windows

6. MBSA (http://technet.microsoft.com/en-us/security/cc184923)

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week.

7. GFI LanGuard (http://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard)

GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits, and vulnerability assessments. The price is based on the number of IP addresses you wish to scan. A free trial version (up to 5 IP addresses) is available.

Patch management: Fix vulnerabilities before an attack

Patch management is vital to your business. Network security breaches are most commonly caused by missing network patches. GFI LanGuard scans and detects network vulnerabilities before they are exposed, reducing the time required to patch machines on your network. GFI LanGuard patches Microsoft ®, Mac® OS X®, Linux® and more than 50 third-party operating systems and applications, and deploys both security and non-security patches.

Vulnerability assessment: Discover security threats early

More than 50,000 vulnerability assessments are carried out across your networks, including virtual environments. GFI LanGuard scans your operating systems, virtual environments and installed applications through vulnerability check databases such as OVAL and SANS Top 20. GFI LanGuard enables you to analyze the state of your network security, identify risks to the network, determine its degree of exposure, and address how to take action before it is compromised.

Network auditing: Analyze your network centrally

GFI LanGuard provides a detailed analysis of the state of your network. This includes applications or default configurations posing a security risk. GFI LanGuard also gives you a complete picture of installed applications; hardware on your network; mobile devices that connect to the Exchange servers; the state of security applications (antivirus, anti-spam, firewalls, etc.); open ports; and any existing shares and services running on your machines.