Security

Best Vulnerability Scanning Tools

The process of recognition, categorization and mitigation of vulnerabilities present in a network or application is called vulnerability scanning or assessment. A vulnerability refers to as a threat that can result into system compromise or data loss. Vulnerability scanning tools automate the process of vulnerability scanning. They maintain a database of vulnerabilities to scan for potential exploits in a system or application. These are used by companies that have large corporate networks and web applications which normally can’t be tested manually.

There are a lot of Open source and Proprietary vulnerability scanners in the market but we’ll discuss some popular and capable vulnerability scanners available.

Nessus

Nessus is the most famous and effective cross-platform vulnerability scanner. It has a Graphical User Interface and is compatible with almost every operating system including Windows, MAC and Unix like Operating systems. It was a freeware and open source product initially, but then in 2005 it was close sourced and removed from open source projects. Now, its professional version costs around $2,190 per year according to their website, which is still much cheaper that as compared to its competitors’ products. A limited freeware ‘Nessus Home’ version is also available, but this version doesn’t have all of its features and can be used only for home networks.

It has continuous commercial and community support and is update regularly. It can automatically scan remote/local servers and web application for vulnerabilities. It has its own scripting language which can be used to write plugins and extensions. Its freeware can be downloaded from https://www.tenable.com/downloads/nessus

We’ll try nessus on Ubuntu, for that we’ll download .deb package from the website. After that, type this in your terminal

ubuntu@ubuntu:~$ cd Downloads/
ubuntu@ubuntu:~/Downloads$ sudo dpkg -i Nessus-8.1.2-debian6_amd64.deb

Then type

ubuntu@ubuntu:~$ sudo /etc/init.d/nessusd start

This will start a nessus service on port 8834. Now go to https://127.0.0.1:8834/ to access Nessus Web UI.

This will warn you for insecure connection but click on “Advanced” and confirm security exception. Now create a user and sign up for Nessus to generate a key to Use its Trial.

Nmap

Nmap is the most flexible and comprehensive open source tool that is used for network discovery and security scanning. It can do everything from port scanning to fingerprinting Operating systems and vulnerability scanning. Nmap has both CLI and GUI interfaces, the Graphical User Interface is called Zenmap. It has its own scripting engine and comes with pre-written .nse scripts used for vulnerability scanning. It has a lot of varying options to do quick and effective scans. Here’s how to install Nmap in Linux.

ubuntu@ubuntu:~$ sudo apt-get update
ubuntu@ubuntu:~$ sudo apt-get upgrade -y
ubuntu@ubuntu:~$ sudo apt-get install nmap -y

Now we’ll use Nmap to scan a server (hackme.org) for open ports and to list services available on those ports, its really easy. Just type nmap and the server address.

$ nmap hackme.org

To scan for UDP ports, include -sU option with sudo because it requires root privileges.

$ sudo nmap -sU hackme.org

Nmap has its own scripting engine “nse” in which you can write your own vulnerability scanning scripts. Nmap comes pre-installed with a lot of vulnerability scanning scripts which can be used using “–script” command.

There are a lot of other options available in Nmap such as:
-p- : Scan for all 65535 ports
-sT : TCP connect scan
-O : Scans for operating system running
-v : verbose scan
-A : Aggressive scan, scans for everything
-T[1-5] : To set the scanning speed
-Pn : Incase the server blocks ping
-sC : Scan using all default scripts

Nikto

Nikto is a simple, free and Open Source Scanner which is able to perform scanning for more than 6400 potentials threats and files. It also scans Web Server’s version to check for version related problems. It scans Web Server’s configurations such as HTTP allowed methods, default directories and files. It also supports plugins, proxies, different output formats and multiple scan options.

To install Nikto in Debian Linux, type

ubuntu@ubuntu:~$ sudo apt-get update && sudo apt-get upgrade
ubuntu@ubuntu:~$ sudo apt -y install nikto

Usage Example:

ubuntu@ubuntu:~$ nikto -h http://canyouhack.us

OPENVAS

OpenVAS is a forked version of last free Nessus on github after it was close sourced in 2005. For its plugins, it still uses the same NASL Language of Nessus. It’s a free, Open Source and powerful network vulnerability scanner.

To install OpenVAS in Ubuntu or any debian Linux distro, you’ll need Kali Linux repositories, execute this in your terminal.

ubuntu@ubuntu:~$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6
ubuntu@ubuntu:~$ sudo echo '# Kali linux repositories \ndeb
http://http.kali.org/kali kali-rolling main contrib non-free' >>
/etc/apt/sources.list
ubuntu@ubuntu:~$ sudo apt-get update

[NOTE] Don’t run apt upgrade with Kali repositories

ubuntu@ubuntu:~$ sudo apt install openvas -y

Now, auto-configure it using the following command. It’ll configure openvas service and generate a user and its password.

ubuntu@ubuntu:~$ sudo openvas-setup

Go to the web GUI link and login with the username and password. To run a scan on your network, go to Scans > Tasks and Click on Wizard button.

Nexpose

Nexpose is an amazing vulnerability scanner, analyzer and management software that uses the power of Metasploit Framework to scan and exploit vulnerabilities. It offers a standalone product that could be a VM, container or a piece of software. It has a Graphical User Interface based on web. It offers all-in-one package for all needs of vulnerability scanning, exploitation and mitigation.

You can download Trial Version of Nexpose here at https://www.rapid7.com/products/nexpose/

Scan by OnSecurity

Scan by OnSecurity is a vulnerability scanning tool designed to uncover system weaknesses in your internet-facing infrastructure in real-time. Its round-the-clock protection will make you sleep better at night. Scan carries out over 40,000 checks for things like default passwords and dangerous services in order to reduce harmful security gaps that can be easily exploited by hackers. It’s important to not underestimate the power of frequent scanning as this will significantly reduce the window of opportunity. Scan by OnSecurity ensures vulnerabilities are addressed immediately so you can be one step ahead of hackers.

Conclusion

Vulnerability scanning is necessary for both home and corporate networks to deal with vulnerability threats. There is a wide range of scanners that are available in the market. How you choose one it depends upon your usage. If you want to scan your home network, OpenVAS might be the best but if you want to scan and manage a large corporate sector, you should look for some commercial vulnerability scanners.

About the author

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14