Penetration Testing mailing list archives

RE: Vuln Scanner

From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Mon, 31 Oct 2005 13:06:43 -0600

Nstealth isn't really any different from Nikto or Sandcat.

They are mostly known-file checkers, though Nikto has some
URL-based xss and sqli checks, though by default you will
likely get false positives unless you tune them (if you can)
for custom error messages.

None of those are like Nessus; in fact Nessus can use Nikto
for webby stuff.

So, for a network vuln scanner that is cost-effective and
has checks like Nessus:

Talisker has a list of Scanners:

http://www.networkintrusion.co.uk/N_scan.htm

Shadow was a reverse-engineered version of Retina, which is
why it disappeared if I remember correctly.

Others not on Talisker's list (some are under "distributed
scanners"; I don't understand the distinction but...):

-Qualys Qualysguard
-McAfee Foundstone Enterprise
-nCircle IP360
-NGS Typhon

Typhon is fast and usually more cost effective than the
above three scanners.

Another option is to explain to the client that if the
reason they want two scanners is really for validation
of the results, then you should look at an exploitation
tool like:

-Metasploit (free)
-CANVAS (inexpensive)
-Core Impact (varies)
-Visionael (no idea cost; looked at a year or two ago and it
was definitely not ready for prime time, and support was
sub-optimal. It appeared to be a ripoff of Nessus code
rebuilt into a combo vuln-scanner/exploitation tool)

There have been some free scanner projects that have come
and gone but I can't think of any that are still under
active development or have current vulnerability checks.


-ae

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins () key2it com au] 
Sent: Saturday, October 29, 2005 1:27 AM
To: 'Michael Gargiullo'; pen-test () securityfocus com
Subject: RE: Vuln Scanner

Hmm. 
C rules out Newt!

Nstealth looks Ok.
I've trialled SandCat, but found way too many false positives 
(about 4 for
every actual issue).

Nikto is helpful, but only works at the http layer.

Lyal

-----Original Message-----
From: Michael Gargiullo [mailto:mgargiullo () pvtpt com] 
Sent: Saturday, 29 October 2005 4:43 AM
To: pen-test () securityfocus com
Subject: Vuln Scanner

I have a client that states in his RFP that we run nessus, 
and at least one
other vulnerability scanner to compare the output.

Does anyone here know of an inexpensive vulnerability scanner, that:

A)      Is as effective as nessus.

B)      Doesn't cost nearly as much as say ISS or SAINT (free would be
good).

C)      Doesn't use nessus plugins (like x-scan).

-Mike

--------------------------------------------------------------
--------------
--
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking 
applications on your 
website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and 
locked-down servers are

futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks 
before hackers
do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
--------------
---

--------------------------------------------------------------
----------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking 
applications on your 
website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and 
locked-down servers are 
futile against web application hacking. Check your website 
for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks 
before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------
-----------------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Vuln Scanner Michael Gargiullo (Oct 28)
- RE: Vuln Scanner Lyal Collins (Oct 29)
- RE: Vuln Scanner Omar A. Herrera (Oct 29)
- Re: Vuln Scanner Frederic Charpentier (Oct 29)
- RE: Vuln Scanner Richard Zaluski (Oct 29)
- <Possible follow-ups>
- RE: Vuln Scanner Jarmon, Don R (Oct 29)
- RE: Vuln Scanner Evans, Arian (Oct 31)
- Re: RE: Vuln Scanner chingshiong (Oct 31)