Category Vulnerability Scanner

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

Conficker, also known as Downup, Downadup and Kido, is a computer worm that surfaced in October 2008 and targets the Microsoft Windows operating system. The worm exploits a previously patched vulnerability in the Windows Server service used by Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta, and Windows Server 2008 R2 Beta. The worm has been unusually difficult for network operators and law enforcement to counter because of its combined use of advanced malware techniques.

The Security Auditor’s Research Assistant (SARA) is a third generation network security analysis tool that is:

• Operates under Unix, Linux, MAC OS/X or Windows (through coLinux) OS’.
• Integrates the National Vulnerability Database (NVD).
• Performs SQL injection tests.
• Performs exhaustive XSS tests
• Can adapt to many firewalled environments.
• Support remote self scan and API facilities.
• Used for CIS benchmark initiatives
• Plug-in facility for third party apps
• CVE standards support
• Enterprise search module
• Standalone or daemon mode
• Free-use open SATAN oriented license
• Updated twice a month (we try)
• User extension support - Based on the SATAN model

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

EnableSecurity VoIPPack for CANVAS is a set of tools that are designed to work with Immunity CANVAS software. The tools target VoIP systems such as PBX servers, IP Phones and SIP gateways

Netifera is a new modular open source platform (OSX and Linux supported) for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools.

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications.

WarVOX is a suite of tools for exploring, classifying, and auditing telephone systems. Unlike normal wardialing tools, WarVOX works with the actual audio from each call and does not use a modem directly. This model allows WarVOX to find and classify a wide range of interesting lines, including modems, faxes, voice mail boxes, PBXs, loops, dial tones, IVRs, and forwarders. WarVOX provides the unique ability to classify all telephone lines in a given range, not just those connected to modems, allowing for a comprehensive audit of a telephone system.

w3af, is a Web Application Attack and Audit Framework. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much

Netifera is a new modular open source platform (OSX and Linux supported) for creating network security tools. This project provides many advantages for both security developers and researchers who want to implement new tools as well as the community of users of these tools.

SEAT (Search Engine Assessment Tool) is the next generation
information digging application geared toward the needs of security
professionals. SEAT uses information stored in search engine databases,
cache repositories, and other public resources to scan a site for potential
vulnerabilities.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

Hyenae is a highly flexible and platform independent network
packet generator. It allows you to reproduce low level ethernet attack
scenarios (such as MITM, DoS and DDoS) to reveal the potential security
vulnerabilities of your network. Besides smart wildcard-based address
randomization and a highly customizable packet generation control, Hyenae comes with a clusterable remote daemon for setting up distributed attack networks

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

The primary goal of Pantera is to combine automated capabilities with complete manual testing to get the best penetration testing results.

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler.

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved