Open Source and Free Vulnerability Management Tools

  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.
  • : Function ereg() is deprecated in /home/priandoyo/smashingpasswords.com/includes/file.inc on line 649.

Below list of best Open Source and Free Vulnerability Management Tools that can be used for your security testing purpose.

No Category Tools Description URL
1 Asset Management, Workflow, and Knowledgebase Information Resource Manager (IRM) IRM is a powerful Web-based asset tracking and trouble-ticket system built for information technology (IT) departments and help desks. All elements are interwoven into a seamless Web application, with a MySQL engine at the back end doing the heavy lifting. irm.stackworks.net
2 Host Discovery NMAP Nmap is a free, open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw Internet Protocol (IP) packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and versions) they are running, what type of packet filters/firewalls are in use, along with dozens of other characteristics insecure.org
3 Vulnerability Scanning and Configuration Scanning Nessus Nessus is a tool for vulnerability scanning and configuration scanning.The Nessus Project was started by Renaud Deraison in 1998 to provide the Internet community with a free, powerful, up-to-date, and easy-to-use remote security scanner. Nessus is the best free network vulnerability scanner available, and the best to run on UNIX at any price. It is constantly updated (more than 11,000 plug-ins are available for as a free feed), but registration and EULA acceptance are required. Key features include remote and local (authenticated) security checks, client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plug-ins or understanding the existing ones. tennable.com
4 Configuration and Patch Scanning Microsoft’s Baseline Security Analyzer MBSA is an easy-to-use tool designed for the IT professional that helps small and medium-size businesses determine their security state in accordance with Microsoft security recommendations, as well as offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU),Windows Server Update Services (WSUS), Systems Management Server (SMS), and Microsoft Operations Manager (MOM). microsoft.com
5 Vulnerability Notification Advchk (Advisory Check) Advchk gathers security advisories using RSS feeds, compares them to a list of known services, and alerts you if you are vulnerable. Because adding hosts and services by hand would be a boring task, Advchk leverages NMAP for automatic service and version discovery. Also available in this space is SIGVI (http://sigvi.sourceforge.net).This product is a recent release but could be a promising solution if maintained and developed further. SIGVI downloads vulnerabilities from defined sources, stores them to a database, and then compares them to the products currently installed on the assets (as previously defined in the main application). The application is flexible in the way that it lets you define your own sources. By default, the application supports the NVD (National Vulnerability Database at http://nvd.nist.gov) format. Periodically, the application will contact the sources, download the vulnerabilities, and store them into the SIGVI database.Those vulnerabilities are then available through the pages of the SIGVI main window. advchk.unixgu.ru
6 Security Information Management OSSIM (Open Source Security Information Management) Innately a SIM, OSSIM does incorporate several aspects of vulnerability management and over time should become a more comprehensive and complete vulnerability management tool. OSSIM’s goal is to provide a comprehensive compilation of tools which, when working together, grant a network/security administrator a detailed view of the network and devices. Besides getting the best out of open source tools, some of which are described in the following list, OSSIM provides a strong correlation engine, detailed reporting, and incident management tools ossim.org

source: Network Security Assessment, Steve Manzuik

Trackback URL for this post:

http://www.smashingpasswords.com/trackback/105

User login

Who's online

There are currently 1 user and 67 guests online.

Online users

  • zbuoznqvhb

Who's new

  • orenhumemataacsvols
  • coygoodenoughgil
  • manuelproberteynv
  • soniagowinsgcgx
  • kristeenpearsall