Slashdot Mirror

← Back to Stories (view on slashdot.org)

Review of 12 Vulnerability Scanners

Posted by kdawson on from the poking-for-holes dept.

produke points us to a review of security vulnerability scanners. It's light on detail and not terribly well organized, but might provide a starting point for more research. From the article: "A few months back I did some intense testing of all the best vulnerability scanners out there... I had a couple nix boxes hooked up, as well as some dozers, and figured I could add clients to a 'once-a-week' scanning contract. So naturally, I wanted to use the scanner that was the best for my purpose... Better to use firewalk, hping3 (now with scripting!), nmap, etc., and leave these crutch-like tools alone."

5 of 55 comments (clear)

  1. Only 11 by nacturation · · Score: 4, Informative

    Am I missing something? If you RTFA it's only 11 scanners, conveniently listed as 1 through 11:

          1. ISS Internet Security Systems
          2. SSS Shadow Security Scanner
          3. Retina eEye
          4. Nessus
          5. GFI Languard Network Security Scanner
          6. Qualys www.qualys.com
          7. Nstealth Security Scanner www.nstalker.com
          8. Nikto
          9. Whisker
        10. Infiltrator infiltration-systems.com
        11. Nscan

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  2. Am I wrong? by flyneye · · Score: 2, Informative

    Am I wrong to think that vulnerability could be tested from the Backtrack Live cd?
    http://www.remote-exploit.org/index.php/BackTrack
    If I'm wrong I apologize,If not,well,it's a free download fulla' tools.
    maybe I'm missing something here,maybe not.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  3. Re:Core Security by Anonymous Coward · · Score: 2, Informative

    Core's not a vulnerability scanner.

    Don't get me wrong, it's a great product, but Core Impact and Immunity's Canvas are in a class of their own (well, along with Metasploit of course). Different focus for the product, so an entirely different set of requirements you'd compare them against. They're built specifically for penetration testing. They don't just look for vulnerabilities, they actually try to exploit those vulnerabilities and use them to exploit other vulnerabilities.

    So if, for example, you were to compare the above three products with the 12 (11?) in the review, they'd look pathetic in terms of total number of exploit checks. That's a pretty important comparison for VA products, but not so much for pen-testing. For pen-testing, you want checks that you know you can actually use. For VA, you don't really care, you just want checks for things that someone might be able to use, even if you can't.

    Of course, for the attacks they do have pen-test products can do much more with them, but again, just a different focus for the products.

  4. Iv'e played with a few of these. by Victor+Fors · · Score: 4, Informative

    Granted, i don't consider myself to be in a proper position to write a review of them. However, a few points:

    * Most of these are completely outdated, and easily miss newer security holes. (maybe apart from CORE, which is a commercial and expensive scanner).
    * They are loud and noisy, and due to using well-known shellcode and attack patterns extremely prone to setting off IDS systems.
    * They are, in comparison to Nmap + version scan + personal archive of public exploits, very slow.

    Simply spidering public exploits off archive sites (milw0rm, packetstorm, etc...) and using custom shellcode (even without using tricks like polymorphism) would in my opinion result in much, much higher efficiency compared to using any of these programs.

  5. Strangely, he links to a proper review by bcmm · · Score: 4, Informative

    Here is the link, for those who don't want to give him any ad revenue.

    --
    # cat /dev/mem | strings | grep -i llama
    Damn, my RAM is full of llamas.