What is Vulnerability Scan? 😵 Introduction to some Vulnerability Scanner
🉑 Vulnerability scan is definitely one of the most important parts of the penetration testing or ethical hacking.
🉑The vulnerability scanning is an inspection of the potential points/parts of compromising that exist on a computer network in order to identify security holes.
🉑In addition, a vulnerability scan detects and classified system weakness for the computer network and network devices.
🉑It also predict the effectiveness of countermeasures which is an action taken to counteract a danger or threat.
Let’s think about the vulnerability term first which is the two definitions from two important documents:
“Vulnerability — ISO 27005: A weakness of an asset of group of assets that can be exploited by one or more threats”
The first document ISO 27005 is the name of the prime 27000 series standard covering information security risk management. The following standard will provide the guidelines for an information security management system (ISMS) in an organization. It specifically supporting the requirements of an information security management system defined by ISO 27001.
“Vulnerability — NIST: A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised and result in security breach or a violation of the system’s security policy”
The second document is published by NIST. That’s the National Institute of Standards and Technology. NIST is the measurement standards laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. In addition, NIST has a very good guidelines about the cyber-security. Thus, if you are a cyber security personnel, then you should definitely keep your eyes on this.
Basic Vulnerability Detection Methods:
Let’s see the basic vulnerability detection methods:
📍 By observing on an application’s banner information or obtaining the version information of the application, it is possible to know about the potential weakness in that application.
📍 The weakness is found in certain versions of the applications are detected over time and this information is collected in the vulnerability databases. By looking at the databases, you may have information about whether there is a weakness in that application.
📍 New protocols used by the application in communication with the client may have vulnerabilities. In this case, the application can be exploited. A weak encryption algorithm in the communication is an example.
📍 The vulnerability scanners send different types of packets over the network. It examines the behavior of the servers against these packets and examines whether these behaviors are similar to the behaviors of vulnerable services.
📍 Wrong configurations may cause vulnerabilities and weaknesses. For instance, if you configure your web application authentication mechanism to allow three character passwords. It can easily be cracked by attackers.
Types of vulnerability Scanning application/software program:
A vulnerability scanner is a software program designed to assess computer, computer systems, networks or application for known weakness. In plain words, these scanners are used to discover the weak points and the poorly constructed parts. It is also utilized for the identification and detection of vulnerabilities relating to misconfigured assets or flawed software that resides on network based asset. For example firewall, router, web server, application, server etc.
There are lot of vulnerability scanners and some of them are listed in below 👇
🚏 Vulnerability Scanners:
- Nmap NSE: https://nmap.org
🔥Nmap as a network scanner and we also know that with the help of Nmap Scripting Engine(NSE). It’s possible to use nmap as a simple vulnerability scanner.
🔥Nessus is one of the most popular and capable vulnerability.
- Microsoft MBSA: https://www.microsoft.com/en-my/download/details.aspx?id=19892
🔥Microsoft Baseline Security Analyzer provides a streamlined method to identify missing security updates and common security misconfiguration. It’s only for Microsoft systems and not an overall vulnerability scanner. However, no matter what if you have windows system in your network, it would be better if you use Microsoft Baseline Security Analyzer.
🔥Nexpose is a commercial tool developed by Rapid 7 which are the producers of Metasploit framework. It is a vulnerability scanner that aims to support the entire vulnerability management life-cycle. Including the discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Metasploit for vulnerability exploitation.
- OpenVAS: https://www.openvas.org
🔥OpenVas is an open source vulnerability scanned that was forked from last free version of Nessus after that tool went proprietary.
- SAINT: https://www.carson-saint.com
🔥SAINT is a commercial vulnerability assessment tool. Like Nessus where it is used to be free and open source. However, it is now a commercial product. Unlike the Nexpose and QualysGuard, SAINT runs on Linux and Mac OS X. In fact, SAINT is one of the few scanner vendors that don’t have support for Windows OS at all.
🔥GFI LanGuard is a network security and vulnerability scanner designed to help with patch management, network and software audits and vulnerability assessments. The price is based on the number of IP address you wish to scan. A free trial version up to 5 IP addresses is available if not mistaken.
- QualysGuard: https://www.qualys.com
🔥 QualysGuard is a popular code based SaaS (Software as a Service) vulnerability management offering. It’s web based UI offers network discovery and mapping, assets prioritization, vulnerability assessment reporting and remediation tracking according to business risk.
- Secunia PSI: https://download.cnet.com/Secunia-Personal-Software-Inspector/3000-2162_4-10717855.html
🔥 Secunia PSI (Personal Software Inspector) is a free security tool designed to detect vulnerable and outdated programs and plugins that expose your PC to any attacks. Attacks exploiting vulnerable programs and plugin are rarely blocked by traditional anti-virus programs. Therefore, Secunia PSI checks only the machine which it is running on. While its commercial sibling Secunia CSI (Corporate Software inspector) that scans on multiple machines on network.
Vulnerability Databases:
👊Vulnerability database is a platform that are aimed to collecting, maintaining and disseminating information about the discovered vulnerabilities which target real computer systems.
👊The database will customarily describe the identified vulnerability, assess the potential infliction on computer systems and the workaround required to desist a hacker.
Now, here are the most known vulnerability databases:
- NIST National Vulnerability Database: https://nvd.nist.gov
The National Vulnerability Database is the US government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management as well as security measurement and compliance. NVD include databases security checklists, security related software flaws, misconfiguration, product names, and impacts metrics.
- Common Vulnerability and Exposures (CVE) Details: https://www.cvedetails.com
CVE is a free CVE security vulnerability database/information source. You can view vulnerability details, exploits, references, metasploit modules, a full list of vulnerable products and CVSS score reports and vulnerability trends over time. CVE is a system that provides a reference method for publicly known information security vulnerabilities and exposures.
