vulnerability scan report

youssefz · 2014-07-16T20:49:06.000Z

I need to do a vulnerability scan report for my company, does anyone know the tools I should use and a template?

chamele0n · 2014-07-16T21:17:30.000Z

A good place to start would be the Nesus vulnerability scanner We use it here to scan hundreds of servers and workstations for vulnerabilities. Nessus Vulnerability Scanner: Network Security Solution | Tenable® Works awesome. But may be pricey for you.

youssefz · 2014-07-16T22:05:00.000Z

yeah, my company is small and I was thinking about something that I could do myself.

chamele0n · 2014-07-16T22:08:41.000Z

You could also look into GFI Languard. GFI is has Green Guy/Gals here in the community.

marcinozga · 2014-07-17T00:34:52.000Z

Beyondtrust Retina, Rapid7 Nexpose, Nmap, OpenVAS is a free fork of Nessus, or get a trial of Core Impact from Core Security. Core Impact is widely considered as the most powerful exploitation and vulnerability management solution available but it’s probably the most expensive too.

thetj · 2014-07-17T00:39:58.000Z

http://www.rapidfiretools.com/nd_overview.shtml

I haven’t used their security scans yet, but their network scanning is really nice. It produces nice reports that you can modify to meet your business and present them to management. The tools are free, but to generate a report costs $50. You can also buy unlimited for a small amount annually.

I can’t vouch for the tools mentioned in above comments, but if you’re looking for reporting I can tell you this will provide good results.

gerardwalsh5576 · 2014-07-17T00:57:16.000Z

Kali includes OpenVas and a tonne of other tools, just take an old server or workstation and install or if the memory is available use the live version.

jakevandelaare · 2014-07-17T10:18:58.000Z

On the note of using Kali and OpenVas I used these videos to get started with doing some scans

YouTube

NetSecNow

Check out our online school at www.PentesterUniversity.org A Channel focused on teaching Network Security and Penetration Testing, and other Random Technolust stuff.

garyadkins4385 · 2014-07-17T13:32:38.000Z

Ive used Nessus, I really liked it. the license for a year is about what youd pay a company to do a scan 2 times (the first scan to find problems then the next to make sure they were fixed) so if you buy the license for Nessus you can run it all year long if you like.

chamele0n · 2014-07-17T14:18:14.000Z

I didn’t even think to check Kali packages. I haven’t used Kali yet since Backtrack moved over to Kali. But I downloaded the ISO the other day.

garyadkins4385 · 2014-07-17T15:13:28.000Z

Hey, i checked out that OpenVAS and it looks pretty cool and straightforward. I think im going to install this on my nagios server and give it a go.

found this tutorial for OpenVAS if anyones interested.

matthew-b · 2014-07-21T00:11:58.000Z

Set up an OpenVAS box?

youssefz · 2015-03-31T19:07:26.000Z

Thank you guys for all your help, I ended up using Nessus, and I like it a lot. It was perfect for all our audits.