6 Popular Vulnerability Scanners
IT department teams use vulnerability scanners to discover vulnerabilities and other potential security issues within their networks, computer devices, applications, and other interconnected IT systems. Vulnerability scanners offer a unique insight for security teams to discover security vulnerabilities, measure the risk weight for each vulnerability, and suggest remediation recommendations for them.
A vulnerability scan can run from an internal or external network. An internal vulnerability scan identifies weak points on the internal network and suggests countermeasures (e.g. patch management). An internal scan is also used to discover planted malware (e.g. rootkits, Trojans, and backdoors) in the internal network. An external scan is conducted from outside of the network. This is for testing and targeting external IP addresses and detecting vulnerabilities in IT infrastructure facing the internet (e.g. web applications, open ports, and email and web servers).
We can differentiate between six types of vulnerability scanners:
- Cloud-Based scanners: This type finds vulnerabilities in cloud systems such as web applications. Cloud-based vulnerability scanner works from the cloud and need not be installed on-premise.
- Host-Based scanners: Scan for vulnerabilities on individual devices such as workstations and servers, a host-based scanner is installed locally and gives reports on the update history and current configurations of the scanned systems.
- Network-Based scanners: This type of scanner can scan the entire network to discover vulnerable systems and identify possible network security attacks.
- Wireless-Based scanners: Wireless scanners are used to locate rogue access points and identify misconfigurations of any wireless device on the network.
- Application vulnerability scanners: This type of scanner scans installed applications and operating systems for known security vulnerabilities or misconfigurations.
- Database vulnerability scanners: This type of scanner scans databases for security vulnerabilities and identifies misconfigurations that can lead to a security breach. Database scanners also test the internal functions of databases for any exploitable vulnerabilities such as weak passwords, inappropriate roles assignment, missing updates, and unneeded services, to name a few.
There are different vulnerability scanning tools with different capabilities. In this article, we will mention the 6 popular vulnerability scanning tools.
Nessus Nessus is one of the most popular and capable web and network vulnerability scanners. Originally it was developed as a free, open-source project; however, its source code was closed in 2005 and registered as a commercial program. There is a free version (Essential) with limited functionality that can scan up to 16 IP addresses and is intended for home and small business networks.
Nessus has more than 146,000 plugins with 100 new plugins released weekly. It also has the lowest false positive rate in addition to the deepest and broadest vulnerability coverage in the industry, with more than 59,000 CVEs (Common Vulnerabilities and Exposures) in its vulnerability database.
OpenVAS The Open Vulnerability Assessment System (OpenVAS) is an important security scanner for discovering security vulnerabilities and configuration errors in networking equipment, computer devices, servers, and web applications. OpenVAS was forked from the last free version of Nessus after that tool went proprietary in 2005.
Nmap This is a popular free open-source program for network discovery and auditing. The classic command-line Nmap executable runs on all major operating systems while the suite version includes additional utilities such as advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). Nmap is commonly used in different contexts by network administrators for host discovery, operating system detection, version detection, port scanning, and running service detection in addition to detecting the type of firewall used. Nmap functionality can be extended by scripts (written using the embedded Lua programming language) that automate a wide array of networking tasks. Nmap is well documented and is considered a powerful security scanner as it can scan huge networks with hundreds of thousands of devices.
Nikto2 Nikto is a free open source web vulnerability scanner, it focuses on scanning web servers for vulnerabilities and exploits using its database that includes 6700 potentially dangerous files/programs signature. Nikto2 can detect outdated web server components and identifies installed software versions, in addition to discovering misconfiguration issues in web servers.
Acunetix This is a commercial web application and network security scanner (open source version is also available). Acunetix can detect more than 6500 vulnerabilities and has many rich features, such as the ability to prevent potential attacks, scan automation, detection of SQL Injection and application-layer denial of service attacks, integration with an organizations Software Development Lifecycle (SDLC), and can be used to create detailed technical reports about captured vulnerabilities.
Aircrack-ng This is a suite of command-line tools -that works on all major operating systems- to assess WiFi network security. It provides the following four security auditing functionalities for WiFi networks:
- Monitor and capture WiFi packets and store them in text files so it can later be imported to other third-party tools for further processing.
- Attack WiFi networks using different techniques (Replay attacks, deauthentication, and fake access points) to assess its security.
- Crack Wifi passwords: Test the security of your WiFi password by attacking it.
- Testing WiFi networks (e.g. testing drivers and network cards).
Vulnerability scanning allows security teams to discover vulnerable systems and keep them secure from attacks. Additionally, vulnerability scanners offer a range of advantages to businesses, such as:
- Cost-effective: Many reputable vulnerability scanners are free and even open source.
- Fast: A complete scan may take only a few hours and discover serious security flaws.
- Automatic: A scanner does not require human intervention, a system administrator can configure it to run periodically and send scan results via email.