20 Security Assessment Tools

Security Assessment Tools

Microsoft security assessment tool (Windows)

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.


Nessus ($,  Linux, Windows)

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks.


Retina (Windows)

Retina Network Security Scanner, the industry and government standard for multiplatform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits.


IBM Internet scanner

Internet Scanner can identify more than 1,300 types of networked devices on your network, including desktops, servers, routers/switches, firewalls, security devices and application routers. Once all of your networked devices are identified, Internet Scanner analyzes the configurations, patch levels, operating systems and installed applications to find vulnerabilities that could be exploited by hackers trying to gain unauthorized access.

Patch link vulnerability assessment tool

Reduce corporate risk through the timely, proactive elimination of operating system and application vulnerabilities.

  • Decrease IT costs and improve productivity with a highly automated, subscription-based patch management solution.
  • Eliminate recurring risks through 'patch drift'
  • Demonstrate compliance with security policies and government regulations through continuous patch monitoring and comprehensive reporting.


Qualys guard ( Linux & Windows)

Free Scan allows you to quickly and accurately scan your server for thousands of vulnerabilities that could be exploited by an attacker. If vulnerabilities exist on the IP address provided, Free Scan will find them and provide detailed information on each risk - including its severity, associated threat, and potential impact. It even provides links to give you more information about the vulnerability and how to correct it.


GFI LAN guard (Windows)

GFI LAN guard Network Security Scanner (N.S.S.) is an award-winning solution that allows you to scan, detect, assess and rectify any security vulnerabilities on your network. As an administrator, you often have to deal separately with problems related to vulnerability issues, patch management and network auditing, at times using multiple products. However, with GFI LAN guard N.S.S., these three pillars of vulnerability management are addressed in one package. Using a single console with extensive reporting functionality, GFI LAN guard N.S.S.’s integrated solution helps you address these issues faster and more effectively.


Core Impact (Windows)

Core Impact is commercial penetration testing application developed by Core Security Technologies which allows the user to probe for and exploit security vulnerabilities in a computer network. The interface is designed to be usable by individuals without specialized training in computer security, and includes functions for generating reports from the gathered information. It is used by over 600 companies and government entities.


ISS Internet scanner ( Windows)

Minimum purchase quantity, 10 IP's. ISS Internet Scanner is installed on one computer on the network, and scans computers and routers for security vulnerabilities in the operating system, key applications and configuration, using ISS's database of known vulnerabilities. The perpetual license requires annual support and maintenance. This version includes Site Protector Management for licenses up to 500 IP's.

Nikto (Linux)

A more comprehensive web scanner Nikto is an open source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired). It uses Whisker/libwhisker for much of its underlying functionality. It is a great tool, but the value is limited by its infrequent updates. The newest and most critical vulnerabilities are often not detected.


X-scan (Windows)

X-Scan is a basic network vulnerability scanner utilizing a multi-threading scan approach. The scanner can be utilized both at the command line and has an easy to use GUI front-end. The following items can be scanned:

  • Remote OS type and version detection
  • Standard port status and banner information
  • SNMP information
  • CGI vulnerability detection
  • IIS vulnerability detection
  • RPC vulnerability detection
  • SSL vulnerability detection
  • SQL-server
  • FTP-server
  • SMTP-server
  • POP3-server
  • NT-server weak user/password pairs authentication module
  • NT server NETBIOS information
  • Remote Register information, etc.

Sara (Linux, Windows, Open source)

In its simplest (and default) mode, it gathers as much information about remote hosts and networks as possible by examining such network services as finger, NFS, NIS, ftp and tftp, rexd, and other services. The information gathered includes the presence of various network information services as well as potential security flaws -- usually in the form of incorrectly setup or configured network services, well-known bugs in system or network utilities, or poor or ignorant policy decisions. It can then either report on this data or use a simple rule-based system to investigate any potential security problems. Users can then examine, query, and analyze the output with an HTML browser, such as Mosaic or Netscape. While the program is primarily geared towards analyzing the security implications of the results, a great deal of general network information can be gained when using the tool - network topology, network services running, types of hardware and software being used on the network, etc.


SAINT ((Linux & Open source)

SAINT, or the Security Administrator's Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

  • Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
  • Anticipate and prevent common system vulnerabilities.
  • Demonstrate compliance with current government regulations such as FISMA,SOX, GLBA, HIPAA, and COPPA and with industry regulations such as PCIDSS.
  • The SAINT® scanning engine is the ideal cornerstone for your vulnerability assessmentprogram. SAINT features a graphical user interface that is intuitive and easy to use.

MBSA (Windows)

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM). Apparently MBSA on average scans over 3 million computers each week.

Paros Proxy (Linux, Windows, Open source)

We wrote a program called "Paros" for people who need to evaluate the security of their web applications. It is free of charge and completely written in Java. Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified.

Web Scarab (Linux, Windows, Open source)

Web Scarab is a framework for analyzing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plug-ins.

In its most common usage, Web Scarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.


Web Inspect ( Windows)

Web Inspect application security assessment tool ensures your organization’s web security and the security of your most critical information by identifying known and unknown vulnerabilities within the Web application layer. Web Inspect also helps you ensure Web server security by including checks that validate that the Web server is configured properly. With Web Inspect, auditors, compliance officers, and security experts can perform security assessments on Web applications and Web services.

Whisker/Libwhisker (Linux, Windows, Open source)

Libwhisker is a Perl module geared towards HTTP testing. It provides functions for testing HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Whisker is a scanner that used libwhisker but is now deprecated in favour of Nikto which also uses libwhisker.

Burp suite (Linux, Windows, Open source)

Burp Suite is an integrated platform for attacking web applications. It contains the entire Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyze, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.


Wikto (Windows, Open source)

Wikto is a tool that checks for flaws in web servers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code.


Acunetix Web Vulnerability Scanner ( Windows)

Out of the 100,000 websites scanned by Acunetix WVS, 42% were found to be vulnerable to Cross Site Scripting. XSS is extremely dangerous and the number of the attacks is on the rise. Hackers are manipulating these vulnerabilities to steal organizations’ sensitive data. Can you afford to be next? Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. Exploited Cross Site Scripting is commonly used to achieve the following malicious results:

  • Identity theft
  • Accessing sensitive or restricted information
  • Gaining free access to otherwise paid for content
  • Spying on user’s web browsing habits
  • Altering browser functionality
  • Public defamation of an individual or corporation
  • Web application defacement
  • Denial of Service attacks


Watchfire AppScan ( Windows)

Watchfire® AppScan® automates web application security audits to help ensure the security and compliance of websites. Named the worldwide market-share leader according to Gartner and IDC, our AppScan product suite offers a solution for all types of web application security testing needs - outsourced, individual scans and enterprise-wide analysis - and for all types of users - application developers, quality assurance teams,penetration testers, security auditors and senior management.

N-Stealth (Windows)

N-Stealth is a comprehensive web server security-auditing tool that scans for over 30,000 vulnerabilities. It is ideal for system administrators, security consultant and IT professionals.



Metasploit is a fantastic, powerful open source framework that performs rigorous scans against a set of IP addresses.
Unlike many other frameworks, it can also be used for anti-forensics. Expert programmers can write a piece of code exploiting a particular vulnerability, and test it with Metasploit to see if it gets detected. This process can be reversed technically — when a virus attacks using some unknown vulnerability, Metasploit can be used to test the patch for it.



The Nessus scanner is a famous commercial utility, from which OpenVAS branched out a few years back to remain open source. Though Metasploit and OpenVAS are very similar, there is still a distinct difference.

OpenVAS is split into two major components — a scanner and a manager. A scanner may reside on the target to be scanned and feed vulnerability findings to the manager. The manager collects inputs from multiple scanners and applies its own intelligence to create a report.

In the security world, OpenVAS is believed to be very stable and reliable for detecting the latest security loopholes, and for providing reports and inputs to fix them. A built-in Greenbone security assistant provides a GUI dashboard to list all vulnerabilities and the impacted machines on the network.

Creating detailed reports is one thing that makes OpenVAS a tool favoured by infrastructure security managers.


Samurai framework

Once a baseline check is performed by Nikto, the next step is to take the “deep-dive” approach. Samurai is a framework — a bunch of powerful utilities, each one targeted for a specific set of vulnerabilities.


Safe3 scanner

While the first two tools are good for static websites, for portals needing user ID and password, we need something that can deal with HTTP sessions and cookies. Safe3 scanner is a fantastic open source project, which has gained momentum and fame because it can handle almost all types of authentication, including NTLM.

It contains a Web crawler (a spider like that of search engines) capable of ignoring duplicate page scans and yet detect client-side JavaScript vulnerabilities. Safe3 scans also detect the possibility of the latest AJAX-based attacks and even report vulnerable script libraries. It comes with a user-friendly GUI and is capable of creating nice management reports.



Though very similar to Samurai, Websecurity also brings application-level assessment into play. In case of a large Web farm where code is maintained by a team of developers, following standards can sometimes yield insecure code like passwords mentioned in code, physical file paths in libraries, etc. Websecurity can traverse code and find such loopholes swiftly.

A nice feature is that it allows you to create screenshots of the problem areas automatically, which helps in preparing audit reports. It is one of the very few platform-independent tools and also supports mobile coding, which is helping it get more popular in the cyber-security assessment world.


SQLmap is capable of not just exploiting SQL-injection faults, but can also take over the database server. Since it focuses on a specific task, it works at great speed to fingerprint databases, find out the underlying file system and OS, and eventually fetch data from the server. It supports almost all well-known database engines, and can also perform password-guessing attacks. This tool can be combined with the other four tools mentioned above to scan a website aggressively.

A vulnerability assessment tool should include network scanning as well as website vulnerability exploitation. Open source software is prone to attacks too; hence, network administrators must know about the reputed scanners and use them in their daily tasks to make their infrastructure secure and stable.



IPLocks Armour provides the industry’s most robust solution for detecting and repairing database weaknesses. No other vendor can match the combination of scalability, customizability, and cost-effectiveness of IPLocks. Companies around the world use IPLocks Armour to support critical initiatives such as:

  • User Privilege Reporting
  • Internal Security
  • SOX Compliance
  • PCI Compliance
  • Risk Management


App Detective

A network-based, vulnerability assessment scanner, App Detective Pro discovers database applications within your infrastructure and assesses their security strength. In contrast to piecemeal solutions, App Detective Pro modules allow enterprises to assess two primary application tiers - application / middleware, and back-end databases - through a single interface. Backed by a proven security methodology and extensive knowledge of application-level vulnerabilities, App Detective Pro locates, examines, reports, and fixes security holes and misconfigurations. As a result, enterprises can proactively harden their database applications while at the same time improving and simplifying routine audits.

Watch fire

Watch fire® App Scan® automates web application security audits to help ensure the security and compliance of websites. Named the worldwide market-share leader according to Gartner and IDC, our App Scan product suite offers a solution for all types of web application security testing needs - outsourced, individual scans and enterprisewide analysis - and for all types of users - application developers, quality assurance teams, penetration testers, security auditors and senior management.



N-Stalker Web Application Security Scanner 2006 is a web security assessment solution developed by N-Stalker. By incorporating the well-known N-Stealth HTTP Security Scanner and its 35,000 Web Attack Signature database, along with a patent-pending Component-oriented Web Application Security Assessment technology, N-Stalker is capable of sweeping your Web Application for a large number of vulnerabilities common to this environment, including Cross-site Scripting and SQL injection, Buffer Overflow and Parameter Tampering attacks and much more.


Sprajax (for AJAX)

Sprajax is an open source black box security scanner used to assess the security of AJAX-enabled applications. By detecting the specific AJAX frameworks in use, Sprajax is able to better formulate test requests and identify potential vulnerabilities.


Pixy (for PHP)

Pixy is an Open-Source Vulnerability Scanner that identifies SQL, XSS problems in PHPapplications


However, in order to share files on your computer and sometimes in order for you to access files on other computers within a P2P network such as Bit Torrent, you must open a specific TCP port through the firewall for the P2P software to communicate. In effect, once you open the port you are no longer protected from malicious traffic coming through it.It may cause confusion for novice users in much the same way personal firewall software such as Zone Alarm does because simply allowing or banning actions wholesale would result in either allowing a large amount of suspicious activity to go undetected or banning a large amount of benign actions such as the user trying to install their own software, so Prevx asks the user how it should treat the activity.Any time that an application attempts to access system memory or critical files or alter the registry the Prevx Home software detects the activity and either blocks it completely or asks the user how to proceed. According to Prevx the software will detect and prevent buffer overflows and overruns, modification of critical files and directories, unauthorized changes to critical areas of the system registry and more.I removed my antivirus and firewall software for an entire week during my test and still ran into no viruses or other malicious code or spyware. A scan with Ad-Aware found a handful of tracking cookies, but nothing malicious.

Honey trap

Honey trap is a network security tool written to observe attacks against network services. As a low-interactive honey pot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information.


Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005


Phone: 040-23737124/25
Mobile: 040-23737124/25


1800 425 6235

Email Address