Infiltrator Posted June 6, 2010 Share Posted June 6, 2010 Hi All, I have been reading, researching and now in seek for a good and effective network vulnerability scanning tool. Yes I have found the popular ones and would like to know from the community if there are any other good ones you know of or have used before that is effective enough to track down any security flaws within your network. The two most popular tools I found were: http://www.nessus.org/download/ http://www.gfi.com/lannetscan Thank you in advance. Regards, Infiltrator Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 7, 2010 Share Posted June 7, 2010 (edited) I ran across this one before while looking for an alternative to the popular. It's a web-scanner not a network, my bad. Netsparker http://www.mavitunasecurity.com/communityedition/ http://sectools.org/vuln-scanners.html This one is the company that now owns metasploit. Metasploit is Rapid7's open source project. http://www.rapid7.com/vulnerability-scanner.jsp Edited June 7, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 7, 2010 Author Share Posted June 7, 2010 I also run some web services at my network, so I will give Netsparker a fair go too. Quote Link to comment Share on other sites More sharing options...
oxley Posted July 3, 2010 Share Posted July 3, 2010 I have done some side by side comparisons and found GFI wasn’t very good and finding and detailing vulnerabilities like Nessus, but did list what patches where missing. For example to show management why my WSUS server and the bandwidth it uses, and why people should reboot and install the updates, no matter how much they complain about the annoying little icon and reminders, are a necessary part of the infrastructure. </rant> I found Nessus gave me an enough information on any vulnerability to quickly (as PHB’s have the attention span of a 5 year old on crack) find an exploit in metasploit to pwn the general managers PC, dump the hashes, crack his password with rainbow tables (that’s not your wife’s name?) and then pass the hash onto the domain controller. Big props go out to Hak5 and Mubix for giving me the knowledge to justify my job. Sorry if I’m preaching to the choir. Now if only I could convince the PHB’s to upgrade some of the handheld devices so I didn’t have wireless access points with no encryption. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 4, 2010 Author Share Posted July 4, 2010 I have done some side by side comparisons and found GFI wasn’t very good and finding and detailing vulnerabilities like Nessus, but did list what patches where missing. Yeah that's true, I've also read on other forums users suggesting Nessus as the most popular and effective tool for network vulnerability scanning. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.