How do you deal with vulnerability scanning and configuration auditing? How do you find IT asset vulnerabilities and sensitive data across detersive environments? This article will answer all of your questions related to network scanning utilities.

CCNA Training – Resources (Intense)

To choose a network scanning tool, network administrators must know about scanning capabilities and functional areas to cover advanced vulnerabilities detection in a network with comprehensive port scanning, auditing and website vulnerability exploitation as well. This article reviews the top ten network scanning tools for different functional areas.

1. Nessus

Widely used network scanning utility

Nessus is an ultimate network scanning tool developed by Tenable Network Security. This software offers a variety of functionalities such as vulnerability scanning, system configurations auditing, malware detection, and web application scanning.

Nessus supports the widest range of systems and devices and includes the latest security tests for available security patches, disclosed vulnerabilities, and common worms. This software enhances network inventory with its advanced features like asset discovery, multi-network scanning support, and automated scans.

Following are the available editions of Nessus for different types of users:

  • Nessus Home – For personal use.
  • Nessus Professional – Vulnerability scanning solution for commercial use. Starts from $2,190.
  • Nessus Manager or Nessus Cloud – Vulnerability management solutions for enterprise security teams. Starts from $2,920.

Nessus can be installed on a variety of OS such as Debian (6 & 7), Fedora (20 & 21), Free BSD, MacOS, RedHat, Ubuntu, and Windows. To know the hardware and system requirements for installing, check the Nessus Installation and Configuration Guide here.

Try Nessus:
http://www.tenable.com/products/nessus/select-your-operating-system

More Features:
http://www.tenable.com/products/nessus/features

Website: http://www.tenable.com/products/nessus-vulnerability-scanner

Pros

  • Advanced vulnerability scanning and configuration auditing
  • Detection of known or suspicious malicious processes and common worms
  • Multiple network scanning (IP, IPv6 and hybrid)
  • Automated scan scheduling and analysis
  • Customized reports and notifications

Cons

  • Hard to find any particular issue

2. Nmap

Best freeware utility for network inventory and security auditing

Nmap is a freeware utility for network inventory and security auditing. Nmap examines raw IP packets to determine host availability, host services (application name and version information), running operating systems details, and many other features.

Nmap comes in both GUI and CLI versions. The Nmap suite includes the following utilities:

  • Zenmap – An advanced GUI and results viewer.
  • Ncat – A flexible data transfer, redirection, and debugging tool.
  • Ndiff – A utility for comparing scan results.
  • Nping – A packet generation and response analysis tool.

Nmap can be installed on most operating systems including Linux, Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS, and more.

Download link:
https://nmap.org/download.html

Website:
https://nmap.org/

Pros

  • Network inventory and mapping
  • Exploit vulnerabilities detection in a network
  • Port scanning and auditing
  • Easy to use

Cons

  • Hard to find any issue, fine in almost every functional area

3. OpenVAS

An open source tool for comprehensive vulnerability scanning and solution management

OpenVAS is an open source tool for delivering comprehensive vulnerability scanning and solution management. With this utility you will be able to test even Internet connected servers, firewalls and listening services for configuration errors and known vulnerabilities. Its unique feature to compare results from two or more different solutions can reveal false positives and false negatives. And in case of false positives, you will be able to determine why the vulnerability was flagged.

It supports multiple options for scanning such as Full Scan for a full test of network, server and web application vulnerabilities, Web Server Scan for a comprehensive scan for web servers and web application vulnerabilities and WordPress Scan testing for known WordPress vulnerabilities and web server issues.

Visit the following link to know the required system and hardware specifications.

Website:
http://www.openvas.org/

Download Link: http://www.openvas.org/download.html

Pros

  • Powerful vulnerability scanning and solution management
  • Intelligent custom scans
  • Detailed reporting for risk assessment and re-mediation

Cons

  • Was not able to find any major issue


4. Core Impact Pro

Ultimate utility with advanced vulnerabilities management

Core Impact Pro allows you to determine your security stance by simulating and authorising a “Think Like An Attacker” approach to reach your most critical business assets.

Using Core Impact Pro, you will be able to force multi-vector testing capabilities across all local, remote, web and wireless assets and also validate proper patch management to ensure the suitable remediation of the vulnerabilities. This tool enables you to visualise the effectiveness of your endpoint protection and exposes the most persistent risks throughout the network. Additionally, its wireless penetration testing abilities helps you to protect from real-world attacks over Wi-Fi networks.

Click the following link to know more about pricing and the required system and hardware specifications to install this application.

Website: http://www.coresecurity.com/core-impact-pro

For Trial and Demo: http://ws.coresecurity.com/core-impact-trial-request-2015.html
Pros

  • Multi-vector testing
  • Advanced patch management for remediation
  • Comprehensive library of CVEs (Common Vulnerability Exploits)

Cons

  • Takes time to understand its features

5. BeyondTrust’s Retina Network Security Scanner

Develops vulnerability assessments in detersive environments

BeyondTrust’s Retina Network Security Scanner is a vulnerability assessment solution program. It offers continuous observation to strengthen enterprise security by identifying IT asset vulnerability and sensitive data across detersive environments. It also covers priority based risk assessment from small to large environments by realizing optimal network performance and scanning network devices, operating systems, applications, and databases, without impacting the network availability or performance.

Retina NSS can be deployed as a standalone vulnerability scanner or distributed throughout an environment. It can also be integrated with Retina CS for enterprise deployments. To know the required system and hardware specs to run this tool, visit the following web links.

To download free trial:
http://www.beyondtrust.com/Modal/trial/retina-network-security-scanner/

For online quotation visit:
http://www.beyondtrust.com/Modal/quote/retina-network-security-scanner/

Website: http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/

Pros

  • Comprehensive vulnerability database
  • Flexible deployment options (such as standalone or distributed)
  • Rapid non-intrusive vulnerability scanning
  • Discover all local, remote, web and virtual assets in your environment

Cons

  • Takes time to understand
  • .NET Framework/STIG issues with previous editions

6. Qualys FreeScan

An alternate option for up to 10 free scans

Qualys FreeScan is a freeware network scanning utility. This tool provides up to ten free scans of URLs, Internet facing IPs, local servers or machines for accurate examination of security vulnerabilities. You can access it from its webpage https://www.qualys.com/forms/freescan/ and then later download a virtual machine software if you want to perform scanning over an internal network.

Qualys FreeScan supports the following scan types:

  • Vulnerability checks for hidden malware, SSL issues, and other network-related vulnerabilities.
  • OWASP for auditing vulnerabilities of web applications.
  • SCAP checks for computer settings compliance against the SCAP (Security Content Automation Protocol) benchmark provided by the National Institute of Standards and Technology (NIST).

This utility is not recommended for regular use; you can use it as an alternate option or for random scanning.

Website:
https://www.qualys.com/forms/freescan/

Pros

  • Detailed vulnerability checks
  • Web application auditing

Cons

  • Less options for customisations and scanning
  • It could be an alternate option, but not permanent

7. SoftPerfect Network Scanner

Good for multi-protocol environments

SoftPerfect Network Scanner is a freeware application with advanced scanning features such as multi-threaded IPv4/IPv6 scanning, scans for listening TCP/UDP ports and network inventory (including system, hidden and shared folders).

It also provides some relevant information about network hosts via WMI, SNMP, HTTP, NetBios, etc., and exports scan results to HTML, XML, CSV and TXT formats. With this utility, administrators can also resolve host names, collect information about local and external IP address ranges, and keep updated with remote shutdown and Wake-On-LAN as well.

SoftPerfect Network Scanner enhances the performance and availability of a network by identifying live devices with their uptime, hardware MAC-addresses (even across routers), live users and much more. To know the required system and hardware specifications to use this tool, visit the following web links.

Download Link: https://www.softperfect.com/download/

Website: https://www.softperfect.com/products/networkscanner/

Pros

  • Scans for listening TCP/UDP ports
  • Detects hidden folders including system and shared
  • Retrieves information from WMI, SNMP, HTTP, NetBios, etc.
  • Identifies internal and external IP address ranges

Cons

  • Limited options for scanning and customisation

8. Nikto

An open source web server scanner

How can I forget to include a web server scanner? Nikto is an Open Source (GPL) web server scanner used for rapid testing against various suspicious files/programs and outdated server versions, and also checks for server configuration objects such as the presence of multiple index files, HTTP server options, etc.

Apart from the above functionalities, Nikto also offers:

  • Full HTTP proxy support and customised reporting
  • Various formats for reporting such as XML, HTML, NBE or CSV
  • Multi-port/server scanning via input file (including Nmap output)
  • Host authentication with Basic and NTLM
  • Scan tuning to include/exclude entire classes of vulnerability checks
  • False positive reduction with headers, page content, and content hashing
  • Reports “unusual” headers seen

To know more, visit its official website: https://cirt.net/Nikto2

Download Link: https://codeload.github.com/sullo/nikto/zip/master

Pros

  • Scans tuning for vulnerability checks
  • Full HTTP proxy support
  • Customized reports

Cons

  • Limited options for scanning and customization (expect it from freeware)

9. Angry IP Scanner

A must have utility for IP and port scanning

Angry IP scanner is an installation free open source utility used for quick IP address and port scanning of various IP address ranges. The scanning result consists of detailed information about hosts such as hostname, MAC address, NetBIOS information (computer name, workgroup name, and online Windows user), favourite IP address ranges, web server detection, customizable openers, etc.

Scanning results can be saved to CSV, TXT, XML or IP-Port list files. It uses a multithreaded approach (a separate scanning thread for each scanned IP address) to increase scanning speed. To check more functionalities and its system requirements, visit the following web page.

Website: http://angryip.org/

Download Link: http://angryip.org/download/

Pros

  • Rapid IP address and port scanning
  • Multithreaded scans
  • Exports results in CSV, TXT, XML formats

Cons

  • No in-depth examination of vulnerabilities

10. Advanced IP Scanner

Fast and easy IP based network scanning in Windows environments

Advanced IP Scanner is a freeware utility used for fast and easy network scanning in Windows environments. This tool can scan and detect all computers in a network within seconds and performs many activities like remote access, device information (such as MAC, manufacturer, etc.) and remote Wake-On-LAN and Shut down. This tiny utility also provides access to “run commands” and details various resources such as shared folders, HTTP, HTTPS, FTP, RDP, etc., on remote machines.

Visit this website for further details:
http://www.advanced-ip-scanner.com/

Pros

  • Easy to use
  • Run command access on remote devices

Cons

  • Very limited features
  • Domain specific application

Conclusion:

Every network has some loopholes, bugs, and misconfigurations which can invite an attacker to play with the vulnerabilities of critical infrastructure components. After scrutinizing all of the above utilities, it will be a tough decision for a network administrator to select the right tool but here I would suggest that you go with a scanner which can provide advanced exploit vulnerabilities detection in a network with comprehensive port scanning, auditing and website vulnerability exploitation in your network’s environment.

I hope this article will be appreciated so that I will be able to offer more in this segment. You can write me at the comments section below for any query/feedback; I will try my best to resolve your queries.

And don’t forget to share this article on your Facebook, Twitter, and LinkedIn accounts so that more people can find this helpful information.

Keep reading @Intenseschool and join our Facebook group, to get updates on new posts and technologies.

References:

Apart from my experience, my team, corporate clients and colleagues helped me a lot to write this article, and the following web pages provided me all the latest functionalities of these tools.

https://en.wikipedia.org/wiki/Nessus_(software)

http://www.tenable.com/products/nessus-vulnerability-scanner

https://en.wikipedia.org/wiki/Nmap

https://nmap.org/

http://www.openvas.org/

http://www.openvas.org/download.html

https://www.qualys.com/forms/freescan/

https://en.wikipedia.org/wiki/Qualys

http://www.beyondtrust.com/Products/RetinaNetworkSecurityScanner/

https://www.softperfect.com/products/networkscanner/

http://angryip.org/

https://cirt.net/Nikto2

http://www.advanced-ip-scanner.com/