Scanners to test security


The Security Auditor's Research Assistant (SARA) is a third generation network security analysis tool


X-Scan is a general scanner for scanning network vulnerabilities for specific IP address scope or stand-alone computer by multi-threading method, plug-ins are supportable. Which X-Scan feature include in the following: service type, remote OS type and version detection, weak user/password pair, and all of the nessus attack scripts combination.


Retina Network Security Scanner, the industry and government standard for multi-platform vulnerability management, identifies known and zero day vulnerabilities plus provides security risk assessment, enabling security best practices, policy enforcement, and regulatory audits.

GFI LANguard

A network security scanner for Windows, GFI LANguard scans IP networks to detect what machines are running and tries to discern the host OS and what applications are running while also tries to collect Windows machine's service pack level, missing security patches, wireless access points, USB devices, open shares, open ports, services/applications active on the computer, key registry entries, weak passwords, users and groups, and more.

YAPH - Yet Another Proxy Hunter

YAPH is a proxy hunter for the Unix platform. It allows to find public access proxy servers on the Internet and to validate proxy lists. YAPH reveals SOCK4, SOCKS5, and HTTP (CONNECT method) proxies. HTTP proxies are tested for CONNECT method only, since only this method provides ability to tunnel TCP through HTTP proxy. YAPH utilizes the power of Nmap, a network mapper written by Fyodor. Nmap provides to YAPH the capability to find new undiscovered public proxy servers on the Internet.

Core Impact

Core Impact is an enterprise penetration testing suite that is designed to automate exploitation during a test.
Obviously from the word "enterprise" we should all gather that it cost a lot of money and therefore "we" haven't been able to fully test it's feature set and capabilities although it does claim to have a wide array of functions and usage.
Some examples are testing not only applications but also network devices for publicly known vulnerabilities and some unknown but given out only under strict disclosure as an update once you have a service contract.

With IMPACT, you can:

* pinpoint exploitable OS and services vulnerabilities in network and endpoint systems
* measure end-user response to phishing, spear phishing, spam and other email threats
* test web application security and demonstrate the consequences of web-based attacks
* distinguish real threats from false positives to speed and simplify remediation efforts
* configure and test the effectiveness of IPS, IDS, firewalls and other defensive infrastructure
* confirm the security of system upgrades, modifications and patches
* establish and maintain an audit trail of your vulnerability management practices
* schedule tests to run automatically on a recurring basis


Kismet is a pretty decent tool to have in your wireless arsenal.
It's mostly used for identifying wireless networks in the area and gaining as much information about them as possible even if the information is not supposed to be available.
This helps drastically when you start to actually attack the network/device with aircrack or something similar, you already have all the information you need.

Feature set:
802.11b, 802.11g, 802.11a, 802.11n sniffing
Standard PCAP file logging (Wireshark, Tcpdump, etc)
Client/Server modular architecture
Multi-card and channel hopping support
Runtime WEP decoding
Tun/Tap virtual network interface drivers for realtime export of packets
Hidden SSID decloaking
Distributed remote sniffing with Kismet drones
XML logging for integration with other tools
Linux, OSX, Windows, and BSD support (devices and drivers permitting)


Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.


GHBA or "Get Host By Address" is a reverse DNS lookup tool that can scan a class B or C network range and determine the correct hostname where a potentially fake/false record could normally be hiding the real name.

As you may have noticed I say this is compatible with all OS's because it's a c program and you should, given enough time, be able to compile it on anything even windows using cygwin!


Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at

Supported Platforms and Installations
Windows (requires Python & PyGTK)
MacOSX (requires PyGTK)
All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)

currently over 400 exploits, an average of 4 exploits added every monthly release
Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
Exploits span all common platforms and applications

Payload Options
to provide maximum reliability, exploits always attempt to reuse socket
if socket reuse is not suitable, connect-back is used
subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
bouncing and split-bouncing automatically available via MOSDEF
adjustable covertness level

Ability to make Custom Exploits
unique MOSDEF development environment allows rapid exploit development

CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.

Syndicate content