Phenquestions
There are a lot of Open source and Proprietary vulnerability scanners in the market but we'll discuss some popular and capable vulnerability scanners available.
Nessus
Nessus is the most famous and effective cross-platform vulnerability scanner. It has a Graphical User Interface and is compatible with almost every operating system including Windows, MAC and Unix like Operating systems. It was a freeware and open source product initially, but then in 2005 it was close sourced and removed from open source projects. Now, its professional version costs around $2,190 per year according to their website, which is still much cheaper that as compared to its competitors' products. A limited freeware 'Nessus Home' version is also available, but this version doesn't have all of its features and can be used only for home networks.
It has continuous commercial and community support and is update regularly. It can automatically scan remote/local servers and web application for vulnerabilities. It has its own scripting language which can be used to write plugins and extensions. Its freeware can be downloaded from https://www.tenable.com/downloads/nessus
We'll try nessus on Ubuntu, for that we'll download .deb package from the website. After that, type this in your terminal
[email protected]:~$ cd Downloads/ubuntu@ubuntu:~/Downloads$ sudo dpkg -i Nessus-8.1.2-debian6_amd64.deb
Then type
[email protected]:~$ sudo /etc/init.d/nessusd start
This will start a nessus service on port 8834. Now go to https://127.0.0.1:8834/ to access Nessus Web UI.
This will warn you for insecure connection but click on “Advanced” and confirm security exception. Now create a user and sign up for Nessus to generate a key to Use its Trial.
Nmap
Nmap is the most flexible and comprehensive open source tool that is used for network discovery and security scanning. It can do everything from port scanning to fingerprinting Operating systems and vulnerability scanning. Nmap has both CLI and GUI interfaces, the Graphical User Interface is called Zenmap. It has its own scripting engine and comes with pre-written .nse scripts used for vulnerability scanning. It has a lot of varying options to do quick and effective scans. Here's how to install Nmap in Linux.
[email protected]:~$ sudo apt-get update[email protected]:~$ sudo apt-get upgrade -y
[email protected]:~$ sudo apt-get install nmap -y
Now we'll use Nmap to scan a server (hackme.org) for open ports and to list services available on those ports, its really easy. Just type nmap and the server address.
$ nmap hackme.org
To scan for UDP ports, include -sU option with sudo because it requires root privileges.
$ sudo nmap -sU hackme.org
Nmap has its own scripting engine “nse” in which you can write your own vulnerability scanning scripts. Nmap comes pre-installed with a lot of vulnerability scanning scripts which can be used using “-script” command.
There are a lot of other options available in Nmap such as:
-p- : Scan for all 65535 ports
-sT : TCP connect scan
-O : Scans for operating system running
-v : verbose scan
-A : Aggressive scan, scans for everything
-T[1-5] : To set the scanning speed
-Pn : Incase the server blocks ping
-sC : Scan using all default scripts
Nikto
Nikto is a simple, free and Open Source Scanner which is able to perform scanning for more than 6400 potentials threats and files. It also scans Web Server's version to check for version related problems. It scans Web Server's configurations such as HTTP allowed methods, default directories and files. It also supports plugins, proxies, different output formats and multiple scan options.
To install Nikto in Debian Linux, type
[email protected]:~$ sudo apt-get update && sudo apt-get upgrade[email protected]:~$ sudo apt -y install nikto
Usage Example:
[email protected]:~$ nikto -h http://canyouhack.usOPENVAS
OpenVAS is a forked version of last free Nessus on github after it was close sourced in 2005. For its plugins, it still uses the same NASL Language of Nessus. It's a free, Open Source and powerful network vulnerability scanner.
To install OpenVAS in Ubuntu or any debian Linux distro, you'll need Kali Linux repositories, execute this in your terminal.
[email protected]:~$ sudo apt-key adv --keyserver pgp.mit.edu --recv-keys ED444FF07D8D0BF6[email protected]:~$ sudo echo '# Kali linux repositories \ndeb
http://http.kali.org/kali kali-rolling main contrib non-free' >>
/etc/apt/sources.list
[email protected]:~$ sudo apt-get update
[NOTE] Don't run apt upgrade with Kali repositories
[email protected]:~$ sudo apt install openvas -y
Now, auto-configure it using the following command. It'll configure openvas service and generate a user and its password.
[email protected]:~$ sudo openvas-setup
Go to the web GUI link and login with the username and password. To run a scan on your network, go to Scans > Tasks and Click on Wizard button.
Nexpose
Nexpose is an amazing vulnerability scanner, analyzer and management software that uses the power of Metasploit Framework to scan and exploit vulnerabilities. It offers a standalone product that could be a VM, container or a piece of software. It has a Graphical User Interface based on web. It offers all-in-one package for all needs of vulnerability scanning, exploitation and mitigation.
You can download Trial Version of Nexpose here at https://www.rapid7.com/products/nexpose/
Conclusion
Vulnerability scanning is necessary for both home and corporate networks to deal with vulnerability threats. There is a wide range of scanners that are available in the market. How you choose one it depends upon your usage. If you want to scan your home network, OpenVAS might be the best but if you want to scan and manage a large corporate sector, you should look for some commercial vulnerability scanners.
