NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address.

This program is a successor of a perl script with the same name and does essentially the same thing, being much faster though. NBTscan produces a report like that:

IP address       NetBIOS Name     Server    User             MAC address
------------------------------------------------------------------------------
192.168.1.2      MYCOMPUTER                 JDOE             00-a0-c9-12-34-56
192.168.1.5      WIN98COMP        <server>  RROE             00-a0-c9-78-90-00
192.168.1.123    DPTSERVER        <server>  ADMINISTRATOR    08-00-09-12-34-56

Website: http://www.inetcat.net/software/nbtscan.html

A significantly modified version of pwdump3e, this program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is turned on.
It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.

USAGE:

pwdump [-h][-o][-u][-p][-n] machineName
where -h prints the usage message and exits
where -o specifies a file to which to write the output
where -u specifies the user name used to connect to the target
where -p specifies the password used to connect to the target
where -s specifies the share to be used on the target, rather than searching for one
where -n skips password histories

Website: http://swamp.foofus.net/fizzgig/pwdump/downloads.htm

Vulnerability scanner does automated search for security weaknesses in web applications, computers and theirs services and reports them in details about possible vulnerabilities and probable defense or ways to prevent it.

This is a list of both commecial and free scanners out there. It is hard to rate which is better than other so there will be no ratings or comparisons but only listing of vulnerability scanners:

Acunetix Web Vulnerability Scanner

Acunetix has pioneered the the web application security scanning technology: Its engineers have focused on web security as early as 1997 and developed an engineering lead in web site analysis and vulnerability detection. Acunetix Web Vulnerability Scanner includes many innovative features:

• An automatic Javascript analyzer allowing for security testing of Ajax and Web 2.0 applications
• Industries’ most advanced and in-depth SQL injection and Cross site scripting testing
• Visual macro recorder makes testing web forms and password protected areas easy
• Extensive reporting facilities including VISA PCI compliance reports
• Multi-threaded and lightning fast scanner crawls hundreds of thousands of pages with ease
• Intelligent crawler detects web server type and application language
• Acunetix crawls and analyzes websites including flash content, SOAP and AJAX

Website: http://www.acunetix.com/

GFI LANguard Network Security Scanner

GFI LANguard Network Security Scanner (N.S.S.) checks your network for possible security vulnerabilities by scanning your entire network for missing security patches, service packs, open shares, open ports, unused user accounts and more. With this information (displayed in customizable reports), you can easily lock down your network against hackers. GFI LANguard N.S.S. can also remotely deploy missing patches and service packs in applications and OS.

As an administrator, you often have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LANguard N.S.S., these three pillars of vulnerability management are addressed in one package. Using a single console with extensive reporting functionality, GFI LANguard N.S.S.’s integrated solution helps you address these issues faster and more effectively

GFI LANguard N.S.S. makes use of state of the art vulnerability check databases based on OVAL and SANS Top 20, providing over 15,000 vulnerability assessments when your network is scanned. GFI LANguard N.S.S. gives you the information and tools you need to perform multi-platform scans across all environments, to analyze your network’s security health and effectively install and manage patches on all machines across different operating systems and in different languages.

Website: http://www.gfi.com/languard/

Nessus™ vulnerability scanner

Nessus is a comprehensive vulnerability scanning program. Its goal is to detect potential or confirmed weaknesses on the tested machines. For example:

• Vulnerabilities that allow a remote cracker to control the machine or access sensitive data (eg reading confidential files), denial of service…
• Misconfiguration (e.g. open mail relay).
• Unapplied security patches, even if the fixed flaws are not exploitable in the tested configuration.
• Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
• Denials of service against the TCP/IP stack.

On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. For Windows, Nessus 3 installs as an executable and has a self contained scanning, reporting and management system.

Website: http://www.nessus.org/nessus/

Retina Network Security Scanner

Retina Network Security Scanner, the industry and government standard for multi-platform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits.

Website: http://www.eeye.com/html/Products/Retina/index.html

SAINT

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

• Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
• Anticipate and prevent common system vulnerabilities.
• Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPPA.

Website: http://www.saintcorporation.com/index.html

QualysGuard

Qualys is the first company to deliver an on demand solution for security risk and compliance management. QualysGuard is the widest deployed security on demand platform in the world, performing over 150 million IP audits per year - with no software to install and maintain

Website: http://www.qualys.com/

N-Stalker Web Application Security Scanner

N-Stalker Web Application Security Scanner 2006 is a web security assessment solution developed by N-Stalker. By incorporating the well-known N-Stealth HTTP Security Scanner and its 35,000 Web Attack Signature database, along with a patent-pending Component-oriented Web Application Security Assessment technology, N-Stalker is capable of sweeping your Web Application for a large number of vulnerabilities common to this environment, including Cross-site Scripting and SQL injection, Buffer Overflow and Parameter Tampering attacks and much more.

Website: http://www.nstalker.com/

Other notable security scanners/ penetration testing tools / vulnerability assesment softwares:

Core Impact : An automated, comprehensive penetration testing product
Website: http://www.coresecurity.com/

ISS Internet Scanner : Application-level vulnerability assessment
Website: http://www.iss.net/

MBSA : Microsoft Baseline Security Analyzer
Website: http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nikto : A more comprehensive web scanner
Website: http://www.cirt.net/code/nikto.shtml

Hailstorm : Security assessment scanner
Website: http://www.cenzic.com/products_services/cenzic_hailstorm.php

WebInspect : Web Application Scanning
Website: http://www.spidynamics.com/products/webinspect/index.html

NTOSpider : Web application vulnerability scanner
Website: http://www.ntobjectives.com/products/ntospider.php

Grabber : Web application scanner. Basically it detects some kind of vulnerabilities in your website.
Website: http://rgaucher.info/beta/grabber/

Paros : Web application security assessment
Website: http://parosproxy.org/index.shtml

Wapiti : Web application vulnerability scanner / security auditor
Website: http://wapiti.sourceforge.net/

I am sure there are many more that I might have missed. Feel free to mention them in comments.
Thanks for reading, and please take some time to subscribe to my RSS feed.

pavs