Vulnerability Assessment or Vulnerability Scanner Software help security professionals automate security auditing and help find vulnerabilities in your systems. The software can scan hundreds or thousands of computers on an network and list out the security vulnerabilities or risks, describe them and list solutions or remedies. Though there are many vulnerability assessment software out there, many of them costs several hundreds of dollars. Below are a list of four of the free or open source ones.
(“Tasks“, Greenbone Networks GmbH).
OpenVAS is a framework of several services and tools that provide vulnerability scanning and management. The core service is the OpenVAS Scanner which executes the actually Network Vulnerability Tests. OpenVAS Manager is the central service that consolidates the vulnerability scanning into a full vulnerability management solution, providing user management and feed management. There are two clients for the service, the Greenbone Security Assistant which offers a web-based GUI or OpenVAS CLI which offers a command line interface. The main services are available as Linux packages, so they require Linux to run, however the Greenbone Security Assistant can be run on Windows clients. (2016, “About OpenVAS Software“). (Geier, E., April 29, 2014).
Retina CS Community
(Lyon, G., 2013).
Retina CS Community is the free version of BeyondTrust’s vulnerability scanner. Retina CS Community allows scanning for up to 256 IPs and features identification of vulnerabilities, configuration issues and out of date patches for operating systems (including virtual enviornments), applications and devices. Scanning can quickly be done based on preset templates within an easy to use web GUI. (2016, “Retina Network Community“). (Geier, E., April 29, 2014).
Microsoft Baseline Security Analyzer (MBSA)
(Nov. 29, 2009, “MS Baseline Security Analyzer Screenshot“).
Microsoft Baseline Security Analyzer (MBSA) is the only scanner on this list that operates solely on the Windows family of operating systems and as such it only scans for missing Windows patches and Window components, including Microsoft Data Access Components, Microsoft XML Parser, .NET Framework, and SQL Server. It also scans for insecure Windows settings which are assessed based on a hard-coded set of registry and file checks. Interface is either through the application or commandline. While MBSA is a great tool for securing your Windows deployment, it should be used in combination with another vulnerability scanner to make sure you have full coverage, as only windows components are scanned for vulnerabilities and not any other applications. (June 2007, “How To: Use the Microsoft Baseline Security Analyzer”). (Geier, E., April 29, 2014).
Nexpose Community Edition
Nexpose Community Edition allows scanning of operating systems, applications and databases, though it is limited to 32 IPs and requires the license to be renewed yearly. Nexpose has a web GUI from which you can easily select the range of IPs to scan, select the preferences and scan immediately or schedule it for later (2016, “Nexpose: Vulnerability Management Solutions“). (2016, “Nexpose Product Brief“). (Geier, E., April 29, 2014).
Geier, E. (April 29, 2014). “6 free network vulnerability scanners“. Retrieved from http://www.networkworld.com/article/2176429/security/security-6-free-network-vulnerability-scanners.html
(2016). “About OpenVAS Software“. Greenbone Networks GmbH. Retrieved from http://www.openvas.org/software.html
(2016). “Retina Network Community“. BeyondTrust, Inc. Retrieved from https://info.beyondtrust.com/community.html
(June 2007). “How To: Use the Microsoft Baseline Security Analyzer”. Microsoft Corp. Retrieved from https://msdn.microsoft.com/en-us/library/ff647642.aspx
(2016). “Nexpose: Vulnerability Management Solutions“. Rapid7. Retrieved from https://www.rapid7.com/products/nexpose/editions.jsp
(2016). “Nexpose Product Brief“. Rapid7. Retrieved from https://www.rapid7.com/docs/rapid7-nexpose-product-brief.pdf
Lyon, G. (Creator). (2013). “RetinaCS-Assets“. Insecure.Com LLC. [Screenshot]. Retrieved from http://sectools.org/images/screenshots/RetinaCS-Assets.png
“Tasks“. Greenbone Networks GmbH. [Screenshot]. Retrieved from http://www.openvas.org/screenshots/tasks.png
(Nov. 29, 2009). “MS Baseline Security Analyzer Screenshot“. Wikipedia. [Screenshot]. Retrieved from https://en.wikipedia.org/wiki/File:MS_Baseline_Security_Analyzer_Screenshot.PNG
“dash-options_Attacker-awareness“. Rapid7. [Screenshot]. Retrieved from https://www.rapid7.com/products/nexpose/images/big/4_dash%20options_Attacker-awareness-dash.png