Vulnerability scanning tools

[conspiracy565]

Hi all, i'm undertaking a project to determine which vulnerability scanning tools within Kali Linux are best suited for the job, there were three tools tested and these were, Nikto, Sparta and OpenVAS.

The results that these scans returned when scanning metasploitable 2 with a Kali linux machine are as follows:

                                  Metasploitable 2

• Nikto                          15  
• Sparta                       46
• OpenVAS                 144

These results are solely the number of vulnerabilities that were returned, OpenVAS seems to be the right choice but im looking for feedback to back up these results of whether this is accurate? or maybe whether the other tools have features that may give them an advantage over the other.

Any feedback would be most welcome.

Thanks.

[digip]

Personally, I stick with things like unicorn scan(fast UDP/TCP port scanner), nmap --script vuln and gobuster for bruting directories to find worth investigating. From there, if I get a foot hold on a system with a low priv shell, its searchsploit and google for the rest to gain root. Nikto is def useful, but often lots of false positives. Even directory brute forcing can be noisy, but I'm only doing these on CTF Virtual machines, so I'm not so much concerned with what is on the access logs. Sparta is def a nice tool for covering the basic recon though and having it all organized in one interface, but it's automating other tools you can run(or script) on your own.

Edited May 1, 2017 by digip

[digininja]

It all depends on what you are looking at testing. Nikto is a web app scanner that looks for known issues, OpenVAS is a vulnerability scanner and I've never heard of Sparta. I'd suggest playing with all the common tools, learn what they test for, learn what their limitations are when to use them.

If you want to try to pop network vulns then OpenVAS is worth running, if all you have is a web app then you are more likely to get info out of Nikto. If you want a basic port scan then nmap, if you want a fast scan against a large number of machines then Unicorn Scan.

[digip]

7 minutes ago, digininja said:

It all depends on what you are looking at testing. Nikto is a web app scanner that looks for known issues, OpenVAS is a vulnerability scanner and I've never heard of Sparta. I'd suggest playing with all the common tools, learn what they test for, learn what their limitations are when to use them.

If you want to try to pop network vulns then OpenVAS is worth running, if all you have is a web app then you are more likely to get info out of Nikto. If you want a basic port scan then nmap, if you want a fast scan against a large number of machines then Unicorn Scan.

Sparta takes an argument of an ip or subnet, scans with nmap and various tools and will help automate hydra attacks and such against targets, under one gui interface for gathering info and saving. It includes dirbuster and I think sqlmap attacks as well.

[digininja]

In which case, I'd suggest learn how to use all the individual tools that it automates and then look to using it if you need to. I'd never go for automation without understanding the underlying tools.