Nessus

http://www.nessus.org/mini_tnp.jpg

http://www.nessus.org/intro.html

The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner.

A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way.

Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.

http://www.nessus.org/demo/

Here are the features of the Nessus Security Scanner :

* Plug-in architecture. Each security test is written as an external plugin. This way, you can easily add your own tests without having to read the code of the nessusd engine. The complete list of the Nessus plugins is here

* NASL. The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. (security checks can also be written in C)

* Up-to-date security vulnerability database. We mostly focus on the developement of security checks for recent security holes. Our security checks database is updated on a daily basis, and all the newest security checks are available here and on your FTP servers and mirrors.

* Client-server architecture. The Nessus Security Scanner is made up of two parts : a server, which performs the attacks, and a client which is the frontend. You can run the server and the client on different systems. That is, you can audit your whole network from your personnal computer, whereas the server performs its attacks from the main frame which is upstairs. There are several clients : one for X11, one for Win32 and one written in Java

* Can test an unlimited amount of hosts at the same time. Depending of the power of the station you run the Nessus server onto, you can test two, ten or forty hosts at the same time

* Smart service recognition. Nessus does not believe that the target hosts will respect the IANA assigned port numbers. This means that it will recognize a FTP server running on a non-standard port (31337 say), or a web server running on port 8080

* Multiples services. Imagine that you run two web servers (or more) on your host, one on port 80 and another on port 8080. When it will come to testing their security, Nessus will test both of them

* Tests cooperation. The security tests performed by Nessus cooperate so that nothing useless is made. If your FTP server does not offer anonymous logins, then anonymous-related security checks will not be performed.

* Complete reports : Nessus will not only tell you what's wrong on your network, but will, most of the time, tell you how to prevent crackers from exploiting the security holes found and will give you the risk level of each problem found (from Low to Very High)

* Exportable reports : The Unix client can export Nessus reports as ASCII text, LaTeX, HTML, "spiffy" HTML (with pies and graphs) and an easy-to-parse file format.

* Full SSL support : Nessus has the ability to test SSLized services such as https, smtps, imaps, and more. You can even supply Nessus with a certificate so that it can integrates into a PKI-fied environement

* Smart plugins (optional) : Nessus will determine which plugins should or should not be launched against the remote host (for instance, this prevents the testing of Sendmail vulnerabilities against Postfix). (this option is called "optimizations")

* Non-destructive (optional) : If you don't want to take the risk to bring down services on your network, you can enable the "safe checks" option of Nessus, which will make Nessus rely on banners rather than exploiting real flaws to determine if a vulnerability is present

* Independent developers. The Nessus developers are independent from the rest of the world, so we will not hide a security vulnerability in the program XYZ because we have a contract with them.

* Easy-to-reach developers. You feel that there is a missing feature ? Just contact us here. We reply and implement what makes sense.