Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Vulnerability Scanner

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Vulnerability Scanner

    Hello all. I would like some information on some good vulnerability scanners for the Windows environment to evaluate my machines. I think it would be good for penetration testing and the like. Any help or information is appreciated. I have begun a preliminary search on google and found an http stealth scanner from astalavista, who knows what else I will find, but some direction would be helpful. Thanks.

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Guus pointed me to a program yesterday call Nessus. I didn't install it, but the doc's on it sound like it might be something you might want to look at. You can find it HERE


    Cheers:
    DjM

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    All the ones that I have seen and used for windows are extremely expensive.

    NAI's cybercop (I think it may be end of life now)

    ISS's Internet Scanner.

    ISS is a very nice scanner; however, it is uber expensive. If you got the dough (to get an unlimited travelling license), it is quite good...otherwise, you get an annoyance of only being able to scan certain things a certain number of times in a year...

    If you are not talking about too many devices or if you have a little more time, nessus is a great freeware scanning tool that can do a great deal of the things that the commercial scanners do and tends to stay a little more up to date with the vulnerabilities (however it isn't windows).

    There have been other miscelleanous scanners (for example STAT) for windows, but in general they weren't nearly as diverse as say ISS or nessus...

    Hope this points you in the right direction...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    Cisco has one that can scan 5 hosts at a time for free.

    http://www.cisco.com/go/scanner

    Make sure you download both the scanner and 5 host license file
    Work... Some days it's just not worth chewing through the restraints...

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Vuln. Scanner

    Thanks to all for the information and direction.

  6. #6
    I have found a very nice shareware program called AATools. It has many, many functions and is very user friendly. Check it out here!
    It runs on all windoze platforms...
    .::nataS is WaTchiNg::.

  7. #7
    Senior Member
    Join Date
    Apr 2002
    Posts
    126
    http://www.gfi.com/lannetscan/index.htm

    Try the above Gem, I use it when I need to know which machine to beat the Windows Admins over the head with.

    in all seriousness the previous version (V2) was invaluable for helping us rid ourselves of a serious Nimda infection

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    371
    Try LANGuard for standard basic vulnerabilities. I quite like it.

    Also, grab Typhon I, which is free, and I also think that you can get Typhon II demo now.

    Both these are on windows platforms.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  9. #9
    Junior Member
    Join Date
    Aug 2002
    Posts
    27
    Just Go To www.sygate.com and do there test for your comp its a good one
    [shadow]I Have Not Failed I Have Just Fond 10,000 Ways It Will Not Work[/shadow][

  10. #10
    Junior Member
    Join Date
    Aug 2002
    Posts
    1
    I have used Nessus for several years now, both internally and with clients that have over 500 servers. I like Nessus for several reasons:

    1: It is free
    2: Vulnerability updates tend to come out within a few hours of an alert compared to weeks if not months from other vendors.
    3: It can be as comprehensive or as unobtrusive as you like, you decide how you want it to run. I would recommend NOT doing DOS attacks on a live network as you will likely loose your job because of it.

    There are 2 parts to Nessus, the server and the client. Both can run on the same machine if you like BUT the server only runs on a Unix, Solaris or Linux box at this time so if you don't have access to one of these systems you need to consider another product. I have run it without any probles over FreeBSD, Redhat and Solars. Netrecon is OK but expensive and has crashed more than one Netware server if it is way out of date on the patches and upgrades.

    Best of luck,

    Jon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •