vuln, exploits scanner

dominant · 04-02-2004, 09:52 AM

Do you know any scanner that checks for vulns and expoilts on a given host (all available services)

Capt_Caveman · 04-02-2004, 01:09 PM

For network scanning, I've found nessus to be quite good. SATAN is another alternative. If you are looking for something to check for local miss-configurations/holes checkout COPS and TIGER

www.nessus.org

*As a note, performing un-authorized nessus scans against other hosts is a very bad idea. Try it on your own system and you'll see why.

chort · 04-02-2004, 01:51 PM

Nessus is good, and fairly comprehensive. It's important to note that Nessus run with "safe checks" (which is the default, I believe) will have a lot of false positives, especially on Red Hat because RH back-ports patches w/o bumping version numbers. If you turn off "safe checks" then several of the tests can actually crash the remote machine. You've been warned!

dominant · 04-03-2004, 10:17 AM

What about the links for COPS and TIGER?
I especially want misconfiguration detection tools!

Tenable NeWT does a good job indeed!

Capt_Caveman · 04-03-2004, 11:34 AM

TIGER:
http://www.net.tamu.edu/network/tools/tiger.html

COPS:
http://www.fish.com/cops/
http://www.fish.com/cops/overview.html

Usually most linux security tools can be found via google.

dominant · 04-03-2004, 12:21 PM

any other win32 tools such Tenable NeWT?

darin3200 · 04-03-2004, 09:49 PM

This is LINUXquestions.org but you can get a trial of eEye's Retina

unSpawn · 04-04-2004, 09:26 AM

One correction if I may. The net.tamu.edu version of Tiger should be considered the "old" version. The new, maintained and actively developed version can be found at http://www.tigersecurity.org/ or http://savannah.nongnu.org/projects/tiger/ .

Capt_Caveman · 04-04-2004, 11:56 AM

Thanks unSpawn.