Eric1929
(Eric1929)
1
Hey Guys,
My boss wants me to look into vulnerability scanners. Now unfortunately i have never used one, but i am familiar with them in general. Does anyone have a preference?
Thanks guys
6 Spice ups
nicball
(Nic Ball)
2
It really will depend on what you’re looking to test against. Do you have something specific? What’s the target?
Eric1929
(Eric1929)
3
Nic;
Mainly my own network here at work is what i have to target.
Bud-G
(Bud G.)
4
Yeah, the more information that you can provide us, the better off we can try to help you 
For instance, if you are looking for a good all around scanner, I’m going to say Nessus.
nicball
(Nic Ball)
5
Nessus if you’re willing to pay.
There’s always Nmap/Angry IP scanner etc in the free zone. Boot backtrack and run some test. Just don’t kill your network in the process.
2 Spice ups
Bud-G
(Bud G.)
6
To be fair, he didn’t say free
You could download Kali Linux (successor to Backtrack) and try out the various packages included in that.
dabeast
(da Beast)
7
This is kind of like me asking you for help with my truck - what is the best thing for that noise?
Unless you have heard it, I will have to describe it for you…since we don’t know your network, you will have to describe it for us.
Since this is scanning for vulnerabilities - you are going to have to say what kind? Zero day? Patches that are not applied? Network ports opened? Software versions?? All the above?
2 Spice ups
stevez
(Steve Zemanek)
8
Having a network scanner is nice, it’s good to be able to detect network exploitable vulnerabilities. However, I think that most of your real security holes won’t be detected via network scanner because most systems are firewalled anyway. The big risks IMO tend to be client side. Is all the software on your desktop patched, are there any Adobe Acrobat vulnerabilities? Vulnerabilities like Adobe Acrobat won’t get picked up by a simple network scan.
Agreed, Nessus is good if you’re willing to pay. You might want to check out OpenVAS which is a fork of an earlier version of Nessus when it was still open source.
1 Spice up
kris-k
(Kris_K)
9
take a look at Nexpose as well.
3 Spice ups
chaynes
(CHaynes2013)
10
I’m a big fan of Kali Linux. Tons of different scanners available, very configurable to suit your needs, and you can run either wide-ranges of tests or stick to something specific. I love it, and it’s kind of my go-to for pen testing.
How many IP do you need to scan? There are several very good commercial product that are free but have a limited number of IP you can scan. Nexpose, Retina, GFI, are a few of the ones that you can use with limited IPs. Nessus is good but lacks reporting, but Retina has a package for $1200 per year and you can scan an unlimited number of addresses. Their free version will do 256 IPs (http://www.beyondtrust.com/Resources/compareproducts/). Nexpose will only do 32 IPs (http://www.rapid7.com/products/nexpose/compare-downloads.jsp). OpenVAS is another good freebie (openvas.org).
There are a lot of great scanners out there just need to consider what you budget is, how many IPs you need to scan, what do you need to scan (operating systems, applications, data base, etc) and what type of reporting you will need. I have used Nessus for years but have recently start working with Retina because I spend so much time creating reports with Nessus and now that Retina is cheaper and creates usable reports it just makes sense.
If you can provide additional information we can scope something out better.
I do agree that Kali (Backtrack) is an excellent product but for an inexperienced user you could really do some damage. So tread lightly and take your time if you go this route.
I’m biased, but Nexpose is pretty excellent.
If you want to talk directly to someone about it - I’m available. No sales pitch, just info.
mseiberg
(MSEIBERG)
15
We currently use Nexpose for vulnerability scanning. It works great, plenty of bells and whistles to adapt the scanning to your environment.
However, with WSUS and efficient use of group policy to push application updates and manage policies, our scan results come back very clean for our environment which begs the question if its all that necessary given the expense.
If you could approve vulnerability patches/fixes with Nexpose and have it fix the vulnerabilities on its own after the scan, it would be well worth the yearly expense.
Would you be willing to discuss this, probably in depth, with a few of our engineers? We’re always looking for feedback like this, because we try to balance what we want the product to do, with what the people using the product wish it would do.
Send me a private message, and lets chat further.
