Vulnerability scanner: Difference between revisions
m →Types of Vulnerability Scanners: minor style issue |
Tag: possible conflict of interest |
||
Line 57: | Line 57: | ||
*[http://projects.webappsec.org/Web-Application-Security-Scanner-List The WASC Security Scanner List] |
*[http://projects.webappsec.org/Web-Application-Security-Scanner-List The WASC Security Scanner List] |
||
*[http://sectools.org/vuln-scanners.html List of Vulnerability Scanners] |
*[http://sectools.org/vuln-scanners.html List of Vulnerability Scanners] |
||
*[ |
*[https://mosaicsecurity.com/categories/23-application-security-scanners List of Application Vulnerability Scanners] |
||
*[https://mosaicsecurity.com/categories/25-database-security-scanners List of Database Vulnerability Scanners] |
|||
*[https://mosaicsecurity.com/categories/28-network-security-scanners List of Application Vulnerability Scanners] |
|||
*[https://mosaicsecurity.com/categories/33-webbased-application-security-scanners List of Web-Based Application Vulnerability Scanners] |
|||
[[Category:Computer security software]] |
[[Category:Computer security software]] |
Revision as of 05:35, 6 January 2011
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management.
Types of Vulnerability Scanners
- Port scanner
- Network enumerator
- Network vulnerability scanner
- Web application security scanner
- Computer worm
Friendly types of vulnerability scanners:
- CGI Scanner (usually restricted to banner checking; cgi scanners can find vulnerable scripts but usually don't exploit them)[1]
Network reconnaissance
Part of the server log, showing attempts to find the administration page. | |
---|---|
220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/db/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:09 +0200] "GET /db/myadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/webadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:10 +0200] "GET /db/dbweb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/websql/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:11 +0200] "GET /db/webdb/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/dbadmin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:13 +0200] "GET /db/db-admin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpmyadmin2/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:14 +0200] "GET /db/phpMyAdmin2/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/phpMyAdmin-2/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:15 +0200] "GET /db/php-my-admin/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:17 +0200] "GET /db/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:18 +0200] "GET /db/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 - "-" "-" 220.128.235.XXX - - [26/Aug/2010:03:00:18 +0200] "GET /db/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 - "-" "-" (..)
|
A vulnerability scanner can be used to conduct network reconnaissance, which is typically carried out by a remote attacker attempting to gain information or access to a network on which it is not authorized or allowed. Network reconnaissance is increasingly used to exploit network standards and automated communication methods. The aim is to determine what types of computers are present, along with additional information about those computers—such as the type and version of the operating system. This information can be analyzed for known or recently discovered vulnerabilities that can be exploited to gain access to secure networks and computers. Network reconnaissance is possibly one of the most common applications of passive data analysis. Early generation techniques, such as TCP/IP passive fingerprinting, have accuracy issues that tended to make it ineffective. Today, numerous tools exist to make reconnaissance easier and more effective. [2] [3] [4]
References
- ^ What is a CGI Scanner?
- ^ http://insecure.org/presentations/Shmoo06/shmoo-fyodor-011406.pdf Advanced Network Reconnaissance with Nmap
- ^ http://www.arxceo.com/documents/ISSA_antirecon_article.pdf Network Reconnaissance defense techniques from ISSA
- ^ http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perimeter-firewall.htm XML Port Scanning Attacks
Programs
- Port scanners (Nmap)
- Network scanners (Nessus, SAINT, OpenVAS)
- List of Web Application Security Scanners
- CGI scanners
External links
- What can't a Web Application Scanner find?
- Web Application Vulnerability Scanners - a Benchmark
- The WASC Security Scanner List
- List of Vulnerability Scanners
- List of Application Vulnerability Scanners
- List of Database Vulnerability Scanners
- List of Application Vulnerability Scanners
- List of Web-Based Application Vulnerability Scanners