Vulnerability Scanners

A vulnerability scanner is basically a banner and version grabber with a few bells on (complex ones though!), that utilises this information and comes up with an extremely decent analysis of the state of the system.  This may seem a little simplistic explanation (and it is) but the majority of the tests performed are just that; banner grabbing and obtaining version information, once these details are known, the version is then compared with any common vulnerabilities and exploits (CVE) that have been reported, the really neat stuff then happens, the potential holes in the system may then are tested to see if they are indeed exploitable and the results are reported in a number of disparate formats (html, xml or pdf).

Tests carried out includes mounting and listing contents of shares (NFS etc.), issuing the finger command (if found running) and obtaining a list of valid usernames etc. and a plethora of other tests.

The first scanner that should spring to mind is Tenable Nessus, an open source predominately Linux based scanner configured in two parts with disparate client and server portions to the application.  Nessus has currently been compiled to work on BSD, Suse, Fedora Core, Red Hat Enterprise Linux, Solaris and MAC OS X and Windows. 

Of course there are more free scanners than just Nessus, but it has almost become the defacto standard. 

The following are also freely available:

• GFI Languard Security Scanner
• SARA
• Tiger
• SAINT (Free edition)
• NStalker et al