Penetration Testing mailing list archives

RE: Vuln Scanner

From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Wed, 2 Nov 2005 12:12:57 -0600

1. You mean "control" of the scan engine; that
distinction makes sense Andy.

2. I was thinking you meant "aggregation" of scan
data, in which case most any scanner out there can
be centrally aggregated by use of a SEM product.

<blurriness>
And then there are tools like eEye Retina that are
NOT distributed-control, but really "aggregated" 
(unless they've recently changed Retina/REM). You
have to go to each distribution point to issue
commands, but have a central console to aggregate
*events* the scans produce.

So yes, it would be valuable to some break out who
does and who doesn't have a native console that
can *control* distributed installs.

That would require emailing a lot of vendors and
trying to sort out the technobafflegab between who
sells or partners with a SEM product and calls that
"centralized console for distributed scanning",
and who can actually control distributed installs.
</blurry>


3. Another one for your list is StillSecure VAM.

It's one of the many Nessus rip-offs, but has a slick
GUI and nice trending features, and they claim to
create new or rewrite the vuln tests for QA.

We looked at it a year or two ago, had a lot of
maturity but you couldn't get under the hood and
tune any of the nmap/nessus parameters. They may
have fixed this limitation by now...

Thanks for maintaining a great list.

-ae

-----Original Message-----
From: Talisker [mailto:lists () securitywizardry com] 
Sent: Wednesday, November 02, 2005 11:37 AM
To: Evans, Arian; pen-test () securityfocus com
Cc: lists () securitywizardry com
Subject: RE: Vuln Scanner


Arlan
Thanks for the feedback

scanners"; I don't understand the distinction as most commercial
vuln scanners today can be "distributed" but...):

By distributed I mean that the management console will 
delegate scanning
tasks to scanners around the network and report centrally.  The former
requirement is essential when you have an excessive number of 
scanners to
manage. 

I will revisit the scanner category's if you still feel that 
the products
should be merged.

Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://www.securitywizardry.com

07010 709014

-----Original Message-----
From: Evans, Arian [mailto:Arian.Evans () fishnetsecurity com]
Sent: 01 November 2005 16:43
To: pen-test () securityfocus com
Cc: lists () securitywizardry com
Subject: RE: Vuln Scanner

::condensed resend::

Talisker has a list of Scanners:

http://www.networkintrusion.co.uk/N_scan.htm

Others not on Talisker's list (some are under "distributed
scanners"; I don't understand the distinction as most commercial
vuln scanners today can be "distributed" but...):

-Qualys Qualysguard
-McAfee Foundstone Enterprise
-nCircle IP360
-Maxpatrol
-NGS Typhon

Typhon IME is fast and comparatively inexpensive, though
light on reporting, but may fit your cost needs.

Another option is to explain to the client that if the
reason they want two scanners is really for validation
of the results, then you should look at an exploitation
tool instead of a second scanner:

-Metasploit (free)
-CANVAS (inexpensive)
-Core Impact (varies)
-Visionael (no idea cost; appears to be taken from Nessus
code and rebuilt into a combo vuln-scanner/exploitation tool.

There have been some free scanner projects that have come
and gone but I can't think of any that are still under
active development or have current vulnerability checks.

Other mentions include Nstealth, Nikto, and Sandcat, which
IMO are all the same (http known-file scanners with some
primitive URI XSS/SQLi checks).

-ae

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins () key2it com au]
Sent: Saturday, October 29, 2005 1:27 AM
To: 'Michael Gargiullo'; pen-test () securityfocus com
Subject: RE: Vuln Scanner

Hmm.
C rules out Newt!

Nstealth looks Ok.
I've trialled SandCat, but found way too many false positives
(about 4 for
every actual issue).

Nikto is helpful, but only works at the http layer.

Lyal

-----Original Message-----
From: Michael Gargiullo [mailto:mgargiullo () pvtpt com]
Sent: Saturday, 29 October 2005 4:43 AM
To: pen-test () securityfocus com
Subject: Vuln Scanner

I have a client that states in his RFP that we run nessus,
and at least one
other vulnerability scanner to compare the output.

Does anyone here know of an inexpensive vulnerability

scanner, that:




A)      Is as effective as nessus.

B)      Doesn't cost nearly as much as say ISS or SAINT

(free would be

good).

C)      Doesn't use nessus plugins (like x-scan).



-Mike




--------------------------------------------------------------
--------------
--
Audit your website security with Acunetix Web Vulnerability

Scanner:


Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on shopping
carts, forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks
before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
--------------
---



--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability

Scanner:


Hackers are concentrating their efforts on attacking
applications on your
website. Up to 75% of cyber attacks are launched on shopping
carts, forms,
login pages, dynamic content etc. Firewalls, SSL and
locked-down servers are
futile against web application hacking. Check your website
for vulnerabilities
to SQL injection, Cross site scripting and other web attacks
before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------

--------------------------------------------------------------
------------

----
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking

applications on your

website. Up to 75% of cyber attacks are launched on

shopping carts, forms,

login pages, dynamic content etc. Firewalls, SSL and

locked-down servers

are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831

--------------------------------------------------------------
------------

-----


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

RE: RE: Vuln Scanner Michael Gargiullo (Nov 01)
- <Possible follow-ups>
- RE: Vuln Scanner Evans, Arian (Nov 01)
  - RE: Vuln Scanner Talisker (Nov 03)
- RE: Vuln Scanner Evans, Arian (Nov 03)
- RE: Vuln Scanner Marc Maiffret (Nov 14)