Vunrability Scanners

[Nortcele]

So seen as though my Nessus license has ran out,

Anyone know of any good, FREE, Vulnerability scanners to take its place?

Thanks.

[Phage]

Fuck scanners, they make too much noise anyway.

[Nortcele]

I have done all my recon and research and have managed to find an open rtsp port, I need to scan for exploits...

[HTH]

Nessus is still a thing? I thought it died along with my highschool days... but I guess I've never had the urge to spend over a grand to use a piece of software for a year.

Anyway, if you really want to use a scanner,

Nexpose and Metasploit are both owned / distributed by Rapid7, and they both have free versions for single IP users. (with limited functionality in the case of Nexpose)

I think OpenVas is still kicking around, and Qualys also exists. I agree with Phage that these scanners are gonna light up the network like a fucking christmas tree but hey.

Or if paid products are your thing, you could go get Core Impact, sure it's like buying a car, but they did pivot attacks first mang.

[Nortcele]

Using a Metasploit trial now, no worries.

[d!amond]

What about intercepting proxies? So you can find vulnerabilities "on the fly"? I am not a big fan of scanners.. but you could try out:

OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Vega https://subgraph.com/vega/

w3af http://w3af.org/

Maybe its something for you

[Nortcele]

Im using Metasploit Enterprise and Nexpose, both have done the trick and managed to find 72 Vuns 36 of which were Severe in my last test...

[rocketballz]

Acunetix

~APH ADMIN ~

[rocketballz]

Here is the program http://www.mediafire.com/folder/14ol0977ow5tx

~APH ADMIN ~

[chapp]

I find that scanners are very noisy and the result are too many false-positives, which you spend too much time verifying.

In case of an engagement I'd use scanners as they are "free" in terms of click and run for some hours, while you spend time doing something else and the noise is not a problem if agreed upon. Some engagements requires a more under the radar approach though.

[votoco2014]

Using a Metasploit

[d4rkcat]

For webapps, I find Arachni to be the most efficient, most accurate scanner.

[ande]

Try making your own? Its great practice for web application security.

[proxx]

I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass

[d4rkcat]

I get thousands of requests like these on the webservers I manage.
You would be amazed how quickly it will ban your ass

Bet that ban list is a nice collection of proxies and tor exit nodes.
Really though, who is going to be blackbox scanning a website from their own IP?