Scanners to test security


NSAT is a robust scanner which is designed for:

* Different kinds of wide-ranging scans, keeping stable for days
* Scanning on multi-user boxes (local stealth and non-priority scanning options)
* Professional-grade penetration testing and comprehensive auditing
* Easy full-scale archiving of vulnerability and version information for further purposes
* Time-less configuration - as a banner scanner for many known services and protocols
* Virtual host support, host/network exclusion support
* Flexibility and configurable scanning
* Distributed scanning (new feature; beta status)

Works on:
All BSD Platforms (FreeBSD/NetBSD/OpenBSD/Apple Mac OS X),
All POSIX (Linux/BSD/UNIX-like OSes),
Linux, Solaris

Net Stumbler

NetStumbler is a Windows Utility for AP Mapping (a.k.a. War Driving, Lan Mapping).

Virustotal Uploader

Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Virus Total Uploader enables you to directly send files from your system using the context menu.

Commview For WiFi

CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n networks. Loaded with many user-friendly features, CommView for WiFi combines performance and flexibility with an ease of use unmatched in the industry.

CommView for WiFi captures every packet on the air to display important information such as the list of access points and stations, per-node and per-channel statistics, signal strength, a list of packets and network connections, protocol distribution charts, etc. By providing this information, CommView for WiFi can help you view and examine packets, pinpoint network problems, perform site surveys, and troubleshoot software and hardware.

Only works with some adapters
adapter test utility can be downloadedHere


Wellenreiter is a GTK/Perl program that makes the discovery, penetration and auditing of 802.11b wireless networks as easy as possible. All three major wireless cards (Prism2 , Lucent, and Cisco) are supported. Usability is one of the main goal.

Net Tools

This suite of utilities covers the gamut from port scanners to DOS (denial of service) Utilities. it has encryption programs, port listening programs, calculators for various network activities, several implementations of Netstat, ping utilities, anonymous mailers, file splitters and mergers, etc.
Needless to say, too many to list all here. visit the link to get full details on the set and to download.


Tiger is a security tool that can be use both as a security audit and intrusion detection system. It supports multiple UNIX platforms and it is free and provided under a GPL license. Unlike other tools, Tiger needs only of POSIX tools and is written entirely in shell language.

Tiger has some interesting features that merit its resurrection, including a modular design that is easy to expand, and its double edge, it can be used as an audit tool and a host intrusion detection system tool. Free Software intrusion detection is currently going many ways, from network IDS (with Snort), to the kernel (LIDS, or SNARE for Linux and Systrace for OpenBSD, for example), not mentioning file integrity checkers (many of these: aide, integrit samhain, tripwire...) and logcheckers (even more of these, check the Log Analysis pages). But few of them focus on the host-side of intrusion detection fully. Tiger complements this tools and also provides a framework in which all of them can work together. Tiger it is not a logchecker, nor it focused in integrity analysis. It does "the other stuff", it checks the system configuration and status. Read the manpage for a full description of checks implemented in Tiger. A good example of what Tiger can do is, for example, check_findelete, a module that can determine which network servers running in a system are using deleted files (because libraries were patched during an upgrade but the server's services not restarted).

Free software Linux/*BSD distributions have a myriad of security tools to do local security checks: Debian's checksecurity, Mandrake's msec, OpenBSD's /etc/security, SUSE's Seccheck... but, even if they do similar checks they have suffered from fragmentation. Tiger is being developed in the hopes that it could substitute them at some point in the future. For a list of system security checks that Tiger provides that others do not you can read this (short) comparison.

Find more information in the project page at Savannah.


AutoScan-Network is a fast graphical network scanner. Useful for detecting unauthorized network access as well mapping known network devices. AutoScan has been ported to run on OSX, Linux, and Windows among other operating systems.

• Fast network scanner
• Automatic network discovery
• TCP/IP scanner
• Wake on lan functionality
• Multi-threaded Scanner
• Port scanner
• Low surcharge on the network
• VNC Client
• Telnet Client
• SNMP scanner
• Simultaneous subnetworks scans without human intervention
• Realtime detection of any connected equipment
• Supervision of any equipment (router, server, firewall...)
• Supervision of any network service (smtp, http, pop, ...)
• Automatic detection of known operatic system (brand and version), you can also add any unknown equipment to the database
• The graphical interface can connect one or more scanner agents (local or remote)
• Scanner agents could be deployed all over the network to scan through any type of equipment (router, NAT, etc)
• Network Intruders detection (in intruders detection mode, all new equipments blacklisted)
• Complete network tree can be saved in a XML file.
• Privileged account is not required

Acunetix Web Vulnerability Scanner (WVS)

Acunetix Web Vulnerability Scanner (WVS) is designed to audit web site security.

There is a free *nix based version as well as a Windows based version which ranges in price from a free trial to thousands of dollars.

// WVS contains a suite of tools designed to assist penetration testers in auditing web sites and also has the ability to output an easy to read summary for clients. What really sets this particular scanner apart from others is their proprietary AcuSensor Technology. By installing the AcuSensor Technology on the target system prior to scanning, one is able to decrease the number of false positives, identify more vulnerabilities, and accurately determine the vulnerable code. This works with closed source applications as well as open source. WVS will definitely work without AcuSensor, but, it is incredibly more accurate when this module is properly deployed on the target system.

// Composition of Acunetix Web Vulnerability Scanner:
Site Crawler - used to map a web site by following links and gathering information in a similar fashion to search engine web crawlers.
Target Finder - used to identify http/https servers from a given IP range.
Domain Scanner - used to enumerate additional sub-domains for use as potential targets.
Blind SQL Injector - automates the process of extracting database information through SQL injection.
HTTP Editor - for constructing custom HTTP/HTTPS requests in order to analyze responses.
HTTP Sniffer - HTTP proxy that allows logging, intercepting, and modifying HTTP/HTTPS traffic on the fly.
HTTP Fuzzer - allows fuzzing of request parameters or headers. Useful for determining buffer overflows or input validation errors.


HP WebInspect performs web application security testing and assessment for today's complex web applications, built on emerging Web 2.0 technologies. HP WebInspect delivers fast scanning capabilities, broad security assessment coverage and accurate web application security scanning results.

HP WebInspect identifies security vulnerabilities that are undetectable by traditional scanners. With innovative assessment technology, such as simultaneous crawl and audit (SCA) and concurrent application scanning, you get fast and accurate automated web application security testing and web services security testing.

Syndicate content