Each assessment tool works on the same basic premise: scan computers connected to a network and run a series of tests to see which hosts are vulnerable to a known set of flaws. The speed, feature set, and pricing of vulnerability assessment tools set them apart from the competition. Every vulnerability assessment product on the market today has features that allows for a more thorough asset examination and asset definition. The purpose of vulnerability assessment software, whether device-based, single-node, or multi-perspective, is to assess and report vulnerability. The programme also employs processes to condense the data into a more manageable scope, resulting in improved presentation. Example: For versatile reporting, Qualys offers centralised reporting and readily customised reports. The tools we might employ for our VA are listed below.
The Foundstone Scanner Appliance, a turnkey network vulnerability hardware solution. The Foundstone’s scanning engine is impressive, but the most valuable aspects of the unit are its reporting and threat correlation capabilities. After running a vulnerability assessment, the device generates data that is presented in multiple ways, ranging from very-high-level overviews to extremely detailed reports
A web-based vulnerability scanner delivered as a service over the Web, QualysGuard eliminates the burden of deploying, maintaining, and updating vulnerability management software or implementing ad-hoc security applications. Clients securely access QualysGuard through an easy-to-use Web interface. QualysGuard features 5,000+ unique vulnerability checks, and Inference-based scanning engine, and automated daily updates to the QualysGuard vulnerability Knowledgebase.
NESSUS:
Nessus is the world’s most popular vulnerability scanner. It is proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. It begins by doing a port scan with one of its four internal port scanners, to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction. Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 can also audit systems to make sure they have been configured per a specific policy, such as the NSA’s guide for hardening Windows servers.
NMAP:
Nmap is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
NIKTO:
Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs and problems on over 200 servers. It uses LibWhisker but is generally updated more frequently than Whisker itself.
SQL MAP:
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
ICROSOFT BASELINE SECURITY ANALYZER
Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
GFI LANGUARD:
A commercial network security scanner for Windows, LANguard scans networks and reports information such as service pack level of each machine, missing security patches, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more. Scan results are outputted to an HTML report, which can be customized/queried. Apparently a limited free version is available for non- commercial/trial use.
KISMET:
A powerful wireless sniffer-Kismet is an 802.11b network sniffer and network dissector. It is capable of sniffing using most wireless cards, automatic network IP block detection via UDP, ARP, and DHCP packets, Cisco equipment lists via Cisco Discovery Protocol, weak cryptographic packet logging, and Ethereal and tcpdump compatible packet dump files. It also includes the ability to plot detected networks and estimated network ranges on downloaded maps or user supplied image files. Windows support is currently preliminary, so those users may want to look at Netstumbler if they run into trouble. Linux (and Linux PDAs like Zaurus) users may wish to also look at the Wellenreiter wireless scanner.
CAIN & ABEL:
Cain & Abel is a free password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Source code is not provided.
BRUTUS:
A network brute-force authentication cracker. This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NTP, and more. No source code is available. UNIX users should take a look at THC-Hydra.
NETSPARKER:
Netsparker can find and report security issues such as SQL Injection and Cross-site Scripting (XSS) in all web applications regardless of the platform and the technology they are built on. Netsparker’s unique detection and exploitation technique allows it to be dead accurate in reporting hence it’s the first and the only False Positive Free web application security scanner.
BURP SUITE:
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities.
W3AF:
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
PAROS PROXY:
It is used to evaluate the security of web applications. It is free of charge and completely written in Java. Through Paros’s proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.
WEBSCARAB:
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
SKIPFISH:
A fully automated, active web application security reconnaissance tool
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.Ease of use: heuristics to support
a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.Cutting-edge security
logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
ACUNETIX:
The Acunetix Web Vulnerability Scanner is an automated black box scanner that checks websites and web applications for vulnerabilities such as SQL injection, cross-site scripting and other vulnerabilities., An automatic client script analyzer allowing for security testing of Ajax and Web 2.0 applications,SQL injection and cross-site scripting testing, Penetration testing tools, such as the HTTP Editor and the HTTP Fuzzer, Visual macro recorder to test web forms and password protected areas, Ability to test pages with CAPTCHA, single sign-on and two-factor authentication mechanisms, Reporting facilities
APPSCAN:
IBM Rational AppScan is a leading application security testing suite designed to help manage vulnerability testing throughout the software development life cycle. The IBM Rational AppScan automates vulnerability assessments and scans and tests for all common Web application vulnerabilities including SQL-injection, cross-site scripting, buffer overflow, and new flash/flex application and Web 2.0 exposure scans.
HP WEB-INSPECT:
HP Web Inspect is the industry leading Web application security assessment solution designed to Thoroughly analyze today‗s complex Web applications. It delivers broad technology coverage, fast scanning capabilities, extensive vulnerability knowledge, and accurate Web application scanning results. HP Web Inspect is an integral part of the HP integrated security testing technologies that uncover real and relevant security vulnerabilities in a way that siloed security testing cannot. HP Web Inspect easily tackles today‗s most complex Web application technologies—including JavaScript, Adobe Flash, Ajax and SOAP, utilizing HP‗s break-through testing innovations, for fast and accurate application security tests. HP WebInspect‗s intuitive interface and interactive Test results enable areas of an organization new to application security to leverage security testing automation to cover more applications.
FIREBUG:
Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
COMMVIEW VOIP ANALYZER:
VoIP analysis module for CommView that is suited for real-time capturing and analyzing Internet telephony (VoIP) events, such as call flow, signaling sessions, registrations, media streams, errors, etc.
ASTEROID:
Asteroid is a SIP security testing tool which creates a denial of service attack which affected Asterisk Open Source PBX and may affect other PBX‗s running the SIP protocol. There are a few custom (mis)crafted SIP packets which can be sent to a VoIP server that can cause errors to unpatched/vulnerable servers. The packets were crafted based on packetdumps from Wireshark with flags set for pseudo-spoofing, ranDUMBized extensions, etc.
INFY TOOLS:
Infy tools are the custom made proprietary tools and scripts developed in-house at Prime to meet the client requirement.
The tools used for PT will be belonging to the following categories:
• Brute force password cracking
• Critical OS issues
• Daemons
• Denial of service
• DNS
• Email
• Firewalls
• FTP
• IP spoofing
• NFS
• Port scans
• RPC
• Web browser vulnerabilities