Hi, Does anyone have a recommendation for a patch / vulnerability scanner for off-line systems? I'm interested in running a list of patches needed for installed software. I specifically want something to augment WSUS that covers non-Microsoft products. I think MITRE used to publish a file that could be used with SCAP Scanner, but they no longer publish it. Any suggestions and recommendations would be appreciated.
- Pat
We're using Nessus Professional for our on-line/off-line systems. The learning curve is a little steep, but it works great.
If you don't have any budget for it, you could build a Kali Linux box and run scans as cron jobs that way, too.
Microsoft Baseline Security Analyzer (MBSA) may be what you are looking for if you are a Windows shop: https://www.microsoft.com/en-us/download/details.aspx?id=7558
I should add that I am trying to avoid buying a Nessus license which is very costly. I would prefer a low / no cost solution if there are alternatives out there since I have more than one system to scan. Also, MBSA only does Windows patches, and we have WSUS that gives us this info. I was hoping for a product that would check other vendor apps (Adobe reader, etc.) that require patches.
Kali Linux and Metasploit tools may be viable options, but I have not tried these yet. I was just hoping for several options to consider, and get a sense of what others have experienced with specific tools. I have read that several tools require a fair amount of fine tuning to reduce false positives, so first-hand experience feedback is appreciated.
Thanks to all who have replied so far.
- Pat
Have you looked at Qualys?
"Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network."
@Adamantium wrote:Have you looked at Qualys?
"Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network."
No, I haven't checked them. I'll give them a look.
Thanks for the suggestion.
- Pat
OpenVAS may be a good alternative for you. It's an open sourced fork of Nessus (from back in the day) and generates similar results.
I'd agree OpenVAS is a good, no-cost solution for vulnerabilty scanning and Identification though it lacks some reporting features.
Nessus, as stated, is a good system and is very good at reporting on asset vulnerabilites.
Personally, I enjoy using Nexpose (InsightVM). Does a lot of the same things and reporting/management is good.
Both Nessus and Nexpose cost money, OpenVas is the no cost option. There are a load of other systems that so similar things so check what's on offer with each, weigh up cost/value add and happy hunting!
All of these systems tend to be OS agnostic too.
OpenVAS for the low cost option but Nessus is pretty much the gold standard. If you need to show proof of patching Nessus and its reporting capabilities makes the cost worth it.