A vulnerability scanner is basically a banner and version grabber with a few bells on
(complex ones though!), that
utilises this information and comes up with an extremely decent analysis of the
state of the system. This may seem a little simplistic explanation (and it is) but the
majority of the tests performed are just that; banner grabbing and obtaining
version information, once these details are known, the version is then compared
with any common vulnerabilities and exploits (CVE) that have been reported, the
really neat stuff then happens, the potential holes in the system may then are tested to see if they are
exploitable and the results are reported in a number of disparate formats (html, xml or pdf).
includes mounting and listing contents of shares (NFS etc.), issuing the finger
command (if found running) and obtaining a list of valid usernames etc. and a
plethora of other tests.
The first scanner that should spring to mind is Tenable Nessus, an
open source predominately Linux based scanner configured in two parts with
disparate client and server portions to the application. Nessus has
currently been compiled to work
on BSD, Suse, Fedora Core, Red Hat Enterprise Linux, Solaris and MAC OS X and Windows.
Of course there are more free scanners
than just Nessus, but it has almost become the defacto standard.
The following are also freely available:
- GFI Languard Security
- SAINT (Free edition)
- NStalker et al