Security Scanning Software - Free
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Security Scanning Software - Free

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    172

    Security Scanning Software - Free

    I am looking for a network security scanning software much like Retina (What I use now) to replace it. The company doesn't want to pay for it next year. So the verdict is .... no money, find something that does the same thing, and is free. I know there are some Unix tools out there, but I'm not much of a unix person so I need something that runs on windows and will pretty much the same thing Retina will. Any Ideas?

  2. #2
    My first peice of advice is completely free:

    1. Scan the network by hand. Even if you port scan everything first run by hand checks.


    Of course, for automation here's a brief list of free software for your purposes (Granted, none of them are going to be an all-in-one, so mix them as needed to get the same benefit of retina:

    packet sniffer: http://www.ethereal.com/
    CGI scanner: http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2
    General Information gathering: http://www.samspade.org/ssw/
    Port scanner: http://www.insecure.org OR http://www.foundstone.com/index.htm?.../superscan.htm


    Thats the limit of automation tools I know for Windows that would suit your current needs the best, merely because it's easier in my eyes to do it by hand. However, if at all possible, having one workstation specifically setup to run these network tests would increase the amount of comprehensive scanning tools by a LOT.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    There are more then a few alternatives out there but two quite good alternatives I would recomend in addition to 'poohsuntzu' suggestions are Nessus and NeWT.

    Signed ~Micael

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    181
    I would also say Nessus, but I wonder how long it will stay completely free? They are already charging for getting plugin updates, before anyone else! I know the people at nessus are fed up with people making money off their back!

    SittingDuck
    I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"

  5. #5
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    I am developing a security scanner that runs on windows operating system.Its functions are as follows:
    1)port scanning
    2)OS detection
    3)CGI and PHP based bugs checking
    3)FTP bugs checking
    4)SMTP based bugs checking

    I am including vulnerabilities specific to IIS 4.0/5.0/6.0 APACHE,OpenBSD too.It is basically My school project i will complete its initial working code in next 45 days and i will surely post that initial code on antionline(if not the full versions code).It is going to be developed in vc++.
    If you don't want to pay for any security scanner you can develop your own.It is not that difficult
    you can get unix based security scanners code from packetstormsecurity analyse them.
    You will get a list of files which are vulnerabile.use that information to make your own security scanner it won't take more then 2 months.If you develop it for personal use you don't have to provide features like multithreading and special looks to ur windows.
    Or you can contact me 4 months later for a exe of my security scanner.....Stick to antionline iwill post that final exe on antionline if possible.
    nobody is perfect i am nobody

  6. #6
    1. Scan the network by hand. Even if you port scan everything first run by hand checks.
    Is there a way one might talk you into writing a tut on that?

  7. #7
    Is there a way one might talk you into writing a tut on that?
    For Windows or Linux? Either way, I'll consider it

  8. #8
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    Originally posted here by poohsuntzu
    My first peice of advice is completely free:

    1. Scan the network by hand. Even if you port scan everything first run by hand checks.

    It looks highly impractical.How about port scanning what you plan to do?go on and try to connect to each and every port individually?
    what about scanning a system for recently discovered jpeg vulnerability for which microsoft has released a scanner in octomber?
    what about trying to find whether a perticular cgi vulnerability exist or not?how you plan to do that?
    here is my guess:
    1) try to find all default locations for that file(on different server and sometimes on same server)
    2)craft a http request for all those default locations send them monitor response and see how it goes right?
    what about OS detection?Ok i won't argue about that there are ways to do that.
    3)what about webserver specific vulnerability like Webdav how you plan to detect that?

    Plz correct me if i am wrong there is surely ways of doing these things by hand but all those mathod are highly impractical and time consuming.....IMHO
    nobody is perfect i am nobody

  9. #9
    Senior Member Cope57's Avatar
    Join Date
    Nov 2003
    Posts
    186
    I do not know how many network scanners there are available that you are looking for that will satisfy your needs, especially when you are looking for a free version. There is GFI LANguard Network Security Scanner which I have used before and was pretty happy with it. There is a 30 day trial version which you can download for free that becomes a limited freeware version after the trial period. The good thing I liked about it was that it was a full version for 30 days. I used it for about a week and realized it was a bit much for me to play with for just the 5 PC's I have at home. Since I do not work with a actual network of 10 to hundreds of PC's I did not see the use of me using it much. But it is a nice product to use though. Don't take my word on it though, my word is just a opinion and it varies from each individual.
    Computers do not have problems, they have users.
    ~Cope57

  10. #10
    It looks highly impractical.How about port scanning what you plan to do?go on and try to connect to each and every port individually?
    The key to any sort of information security is to first understand the tools you are using, and how they work. What good is a port scanner if you've never at least once done a computer by hand on the most commonly used ports? Anyways, I was referring moreso to doing each method by hand than using a single automated solution. For port scanning I do a use of nmap to first collect the possible vunerabilites my network has. Now, because there is margin of error when port scanning (false positives on open ports) I go in by hand and check the ports it says is open.

    I wouldn't want it any other way. When you have your job on the line, you don't half trust tools, you double check the results of those tools by hand.

    what about scanning a system for recently discovered jpeg vulnerability for which microsoft has released a scanner in octomber?
    That's great. Sadly, yet again scanning is something that can already be done manually. And again, I was referring to an all in one solution versus singluar tools that you can compare results with. I would still run that singular jpeg scanner, and not only verify that the results were accurate, but run a by-hand scan to catch anything they missed.

    what about trying to find whether a perticular cgi vulnerability exist or not?how you plan to do that?
    I would write a CGI file to test it against that vulnerability against said input. This is why programming is so important, and a fact I think you are missing. Those automated tools are doing nothing different nor special that a single person can't do by hand. Be it through a manual telnet, a quick CGI file, or manual packet injection/manipulation. The reason why those scanners can exist automagically IS because it can already be done by hand. That's just logic.

    1) try to find all default locations for that file(on different server and sometimes on same server)
    That's something you should have learned in "how to secure a network 101". I don't care what adaware finds or doesn't find, I'm still going to check my system manually in the common locations that may have slipped by the scanner.

    2)craft a http request for all those default locations send them monitor response and see how it goes right?
    Correct. Jotting down results.

    what about OS detection?Ok i won't argue about that there are ways to do that.
    Okay, it may just be me. But I'm seeing this from a greyhat "I was hired to secure the company's network" rather than "I am hacking because it's cool and they don't know about it". So in my case, the easiest way for me to find out what the operating system is running.. is to ask them. In your case, well... we won't get into grey hat tactics but NMAP's OS detector is a redflag giveaway to most firewalls and IDSes.

    3)what about webserver specific vulnerability like Webdav how you plan to detect that?
    The exact same way the scanner detects it automagically. By hand. Be it a small C program, be it checking version number update release.

    Sure, it takes a bit more time. Sure, the methods aren't as practical for black-bag-defacing-websites jobs. But it does two major things:

    1. It teaches you "The Way Things Work". Thus seperating you as a security admin from a highschooler computer geek in the same way it seperates a hacker and a script kiddie. One knows how it works, how to improve upon it, and how to do it by hand if ever needed. The other has no clue, and just clicks "Start!".

    2. The programing in scanners was coded by everyday people, like you and me. And thus, there is room for false positives and faults. Nmap is notorious for this, especially if the scanning speed is bumped up. You can have a scanner say that something is wide open, but until you check it by hand to make sure with your own processing eyes, you're trusting on encapsulation versus first hand "I know it is".


    Just two ways to get the job done, and since we are talking about legal hacking and security improvement from a grey/whitehat perspective rather than oldschool underground hacking... it's just safer sometimes for your job and the company to know how to do those manual checks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •