cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
patd
Newcomer I

Patch / Vulnerability Scanner

Hi, Does anyone have a recommendation for a patch / vulnerability scanner for off-line systems?  I'm interested in running a list of patches needed for installed software.  I specifically want something to augment WSUS that covers non-Microsoft products.  I think MITRE used to publish a file that could be used with SCAP Scanner, but they no longer publish it.  Any suggestions and recommendations would be appreciated.

- Pat

12 Replies
John
Newcomer III

We're using Nessus Professional for our on-line/off-line systems.  The learning curve is a little steep, but it works great.

 

If you don't have any budget for it, you could build a Kali Linux box and run scans as cron jobs that way, too.

---
You only say it's impossible because nobody's done it and lived.
jltrinka
Newcomer I

Microsoft Baseline Security Analyzer (MBSA) may be what you are looking for if you are a Windows shop:  https://www.microsoft.com/en-us/download/details.aspx?id=7558

___
Jeremy Trinka
StevenJ6052
Newcomer III

My team uses Nessus professional, after syncing the scanner from an online connection we move it to the stand alone systems and scan (our systems are stand alone networks, ie: not connected to. other networks, if yours is a standalone computer, I would recommend creating a dedicated network between the Nessus scanner you your target machine.
patd
Newcomer I

I should add that I am trying to avoid buying a Nessus license which is very costly. I would prefer a low / no cost solution if there are alternatives out there since I have more than one system to scan.  Also, MBSA only does Windows patches, and we have WSUS that gives us this info. I was hoping for a product that would check other vendor apps (Adobe reader, etc.) that require patches.

 

Kali Linux and Metasploit tools may be viable options, but I have not tried these yet. I was just hoping for several options to consider, and get a sense of what others have experienced with specific tools.  I have read that several tools require a fair amount of fine tuning to reduce false positives, so first-hand experience feedback is appreciated.

Thanks to all who have replied so far.

- Pat

 

Adamantium
Viewer II

Have you looked at Qualys? 

 

"Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network."

patd
Newcomer I


@Adamantium wrote:

Have you looked at Qualys? 

 

"Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network."


No, I haven't checked them.  I'll give them a look. 

Thanks for the suggestion.

- Pat

jltrinka
Newcomer I

OpenVAS may be a good alternative for you.  It's an open sourced fork of Nessus (from back in the day) and generates similar results.

___
Jeremy Trinka
HTCPCP-TEA
Contributor I

I'd agree OpenVAS is a good, no-cost solution for vulnerabilty scanning and Identification though it lacks some reporting features.

 

Nessus, as stated, is a good system and is very good at reporting on asset vulnerabilites.

 

Personally, I enjoy using Nexpose (InsightVM). Does a lot of the same things and reporting/management is good.

 

Both Nessus and Nexpose cost money, OpenVas is the no cost option. There are a load of other systems that so similar things so check what's on offer with each, weigh up cost/value add and happy hunting!

 

All of these systems tend to be OS agnostic too.

infosec_james
Viewer III

OpenVAS for the low cost option but Nessus is pretty much the gold standard. If you need to show proof of patching Nessus and its reporting capabilities makes the cost worth it.