Vulnerability scanner does automated search for security weaknesses in web applications, computers and theirs services and reports them in details about possible vulnerabilities and probable defense or ways to prevent it.
This is a list of both commecial and free scanners out there. It is hard to rate which is better than other so there will be no ratings or comparisons but only listing of vulnerability scanners:
Acunetix Web Vulnerability Scanner
Acunetix has pioneered the the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection. Acunetix Web Vulnerability Scanner includes many innovative features:
- Industries’ most advanced and in-depth SQL injection and Cross site scripting testing
- Visual macro recorder makes testing web forms and password protected areas easy
- Extensive reporting facilities including VISA PCI compliance reports
- Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
- Intelligent crawler detects web server type and application language
- Acunetix crawls and analyzes websites including flash content, SOAP and AJAX
GFI LANguard Network Security Scanner
GFI LANguard Network Security Scanner (N.S.S.) checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. With this information (displayed in customizable reports), you can easily lock down your network against hackers. GFI LANguard N.S.S. can also remotely deploy missing patches and service packs in applications and OS.
As an administrator, you often have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LANguard N.S.S., these three pillars of vulnerability management are addressed in one package. Using a single console with extensive reporting functionality, GFI LANguard N.S.S.’s integrated solution helps you address these issues faster and more effectively
GFI LANguard N.S.S. makes use of state of the art vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network is scanned. GFI LANguard N.S.S. gives you the information and tools you need to perform multi-platform scans across all environments, to analyze your network’s security health and effectively install and manage patches on all machines across different operating systems and in different languages.
Nessus™ vulnerability scanner
Nessus is a comprehensive vulnerability scanning program. Its goal is to detect potential or confirmed weaknesses on the tested machines. For example:
- Vulnerabilities that allow a remote cracker to control the machine or access sensitive data (eg reading confidential files), denial of service…
- Misconfiguration (e.g. open mail relay).
- Unapplied security patches, even if the fixed flaws are not exploitable in the tested configuration.
- Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
- Denials of service against the TCP/IP stack.
On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. For Windows, Nessus 3 installs as an executable and has a self contained scanning, reporting and management system.
Retina Network Security Scanner
Retina Network Security Scanner, the industry and government standard for multi-platform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits.
SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:
- Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
- Anticipate and prevent common system vulnerabilities.
- Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA.
Qualys is the first company to deliver an on demand solution for security risk and compliance management. QualysGuard is the widest deployed security on demand platform in the world, performing over 150 million IP audits per year – with no software to install and maintain
N-Stalker Web Application Security Scanner
N-Stalker Web Application Security Scanner 2006 is a web security assessment solution developed by N-Stalker. By incorporating the well-known N-Stealth HTTP Security Scanner and its 35,000 Web Attack Signature database, along with a patent-pending Component-oriented Web Application Security Assessment technology, N-Stalker is capable of sweeping your Web Application for a large number of vulnerabilities common to this environment, including Cross-site Scripting and SQL injection, Buffer Overflow and Parameter Tampering attacks and much more.
Other notable security scanners/ penetration testing tools / vulnerability assesment softwares:
Core Impact : An automated, comprehensive penetration testing product
ISS Internet Scanner : Application-level vulnerability assessment
MBSA : Microsoft Baseline Security Analyzer
Nikto : A more comprehensive web scanner
Hailstorm : Security assessment scanner
WebInspect : Web Application Scanning
NTOSpider : Web application vulnerability scanner
Grabber : Web application scanner. Basically it detects some kind of vulnerabilities in your website.
Paros : Web application security assessment
Wapiti : Web application vulnerability scanner / security auditor
I am sure there are many more that I might have missed. Feel free to mention them in comments.
Thanks for reading, and please take some time to subscribe to my RSS feed.
pavsVulnerability Scanner Windows Hacking Tools