Scanning Tools

From: Andy Cuff [Talisker] (lists@securitywizardry.com)
Date: Mon Nov 03 2003 - 13:23:01 EST

• Next message: IndianZ: "Re: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter"
• Previous message: johnadams: "Re: Cisco LEAP"
• Next in thread: TJ O'Grady: "Reporting aspect of pen-testing"
• Reply: TJ O'Grady: "Reporting aspect of pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,
For those that aren't aware I maintain a list of security products
categorising them and providing a few salient details about each tool. The
Site is non-profit making, unbiased and vendor neutral. I'm about to update
all the scanning tools categories but cannot do so without your help. This
part of the site is well out of date due to work commitments and a
motorcycle accident but I'm now recovering and getting back on track, in
order to minimise list noise I've incorporated all the categories in a
single post. Please note that I'm looking for tools NOT managed services or
rebadged scanners that don't extend the functionality over the original
tool. Suggestions regarding categories are welcomed.

Firstly as I'm sure you're all aware it would be impossible to list all such
products on a single page therefore I've divided them up into the following
categories, from the simple upwards:

Network Enumerators/Mappers.
Lightweight scanning tools which discover multiple hosts on a network.
http://www.securitywizardry.com/enum.htm

Fingerprinting tools; Active & Passive.
Tools which will probably include Network Enumerator functionality but
designed to identify the operating system of a host(s) and the services
running on it/them
http://www.securitywizardry.com/osfa.htm
http://www.securitywizardry.com/osfp.htm

Application Scanners. Scanners designed to test applications such as
websites and databases either from the network with no privileges or from
the host with root/admin privileges.
http://www.securitywizardry.com/database.htm
http://www.securitywizardry.com/wscan.htm

Host Scanners.
Scanners which test the hosts operating system for vulnerabilities from a
privileged account, many will also fix the vulnerabilities they find.
http://www.securitywizardry.com/h_scan.htm

Network Vulnerability Scanners.
Nearing the top of the range, these test the host or range of hosts for some
or all of the above scanning hosts remotely for vulnerabilities.
http://www.securitywizardry.com/N_scan.htm

Distributed Vulnerability Scanners.
Getting around firewall and bandwidth issues scanners can be distributed
around a network, reporting to a central location.
http://www.securitywizardry.com/dist.htm

As indicated above functionality increases through the categories therefore
nmap is under active fingerprinters not enumerators, I have changed the menu
on site to reflect the order of the above but cannot upload it until month
end.

Thanks for any help you can offer

take care
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------

• Next message: IndianZ: "Re: @stake tool announcement: RedFang 2.5: The Bluetooth Hunter"
• Previous message: johnadams: "Re: Cisco LEAP"
• Next in thread: TJ O'Grady: "Reporting aspect of pen-testing"
• Reply: TJ O'Grady: "Reporting aspect of pen-testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT