Kali Linux is one of the most popular Linux distributions used for Security auditing and Penetrations testing. It comes pre-installed with numerous (300+) tools, out of which many are used to conduct vulnerability scanning and network discovery. This post will look at the 11 great tools that you can use to perform vulnerability scanning and detect any security flaws in your systems. We will group them into three main categories:
- Web Vulnerability scanning tools
- Network vulnerability scanning tools
- Mobile application vulnerability scanning tools
Before diving further, let's have a deeper understanding of Vulnerability scanning.
What is Vulnerability Scanning?
A vulnerability is a flaw or a threat that can weaken the entire system/application making it vulnerable to hackers. On the other hand, Vulnerability scanning refers to finding, categorizing, and mitigating the vulnerabilities present in a system, application, or network. A vulnerability scanning tool is a software that you can use to identify and resolve the vulnerabilities present on a system.
Some of the areas where you can apply these vulnerability scanning tools include mobile applications, web applications, network environments, cloud storage, and any other place you feel can be exploited by hackers or has critical information/ user data. However, there are certain features that every vulnerability assessment tool needs to have to meet the market requirements. They include.
- Have the capabilities to perform both credentialed and non-credentialed scans.
- Extend the visibility beyond vulnerabilities - It can list the misconfiguration present, open ports, outdated software, running services, etc. That will guide you into making a good decision on the way forward.
- Have the capability to work with other popular vulnerability scanning tools.
Let's now dive in and look at some of the excellent vulnerability scanning tools you can use.
Vulnerability Scanning tools for Web Applications
Each day we have new web apps being deployed to the public internet. Unfortunately, not all developers have the resources or knowledge of using the best practices during the Software Development Life Cycle (SDLC). That may result in certain security flaws appearing when the application is deployed. To mitigate that, below are some of the most popular security tools that you can use to scan any web application for vulnerabilities.
1. Nikto
Nikto is an open-source vulnerability scanner that scans web applications and servers for misconfigurations, harmful files, version-related issues, port scanning, user enumeration, etc. The tool is developed using Perl and can scan at least 6400 potential threats per scan. Unfortunately, Nikto cannot be used for stealth scanning and can be easily detected by any security measures (Intrusion Detection Systems). Other features present in this tool include:
- Support for SSL
- Support for additional plugins.
- Multiple scan options
- Different output formats
- Supports scanning for subdomains
- Outdated software reports, etc
Use the commands below to download and install Nikto on any Debian-based Linux distribution.
sudo apt update && sudo apt upgrade
sudo apt install nikto -y
We will use the syntax below to use Nikto to scan a target system using the URL.
sudo nikto -h [ip_address]
e.g
sudo nikto -h 10.0.2.15
2. Wapiti
Wapiti (another name for Elk if you are an animal person) is a popular web vulnerability scanner that you can use to test the security of web apps. This tool uses several methods to test for security flaws, including injecting payloads to the web app to check for vulnerabilities. Some of the vulnerabilities that you can find with Wapiti include:
- XSS (Cross-Site-Scripting)
- SSRF (Server Side Request Forgery);
- Weak ".htaccess" configurations
- detection and execution of commands
- CRLF injection
- File expansion and much more.
To install Wapiti on your system, use the commands below.
sudo apt install python3-pip
pip3 install wapiti
3. W3af
W3af is another famous Web attack and audit framework. The tool is developed in Python and can scan up to 200 vulnerabilities on a single web application. These include SQL injection, XSS, and much more. It has both a GUI part and (CLI) Command-line option that you can use to perform your penetration testing. Additionally, it is available for Windows, Linux, OS X, and OpenBSD.
To install W3af on your system, you first need to install Python2.7. Execute the commands below to install w3af from the source code.
git clone https://github.com/andresriancho/w3af.git
cd w3af/
./w3af_console
./tmp/w3af_dependency_install.sh
4. Skipfish
Skipfish is a free and open-source automated web application security tool that you can use to scan for vulnerabilities on your web app. Skipfish is one of the most user-friendly and effective penetration testing tools available, and it comes with several integrated tools for carrying out penetration testing on the target system. Its also popularly known as an "active web application security reconnaissance" since it performs reconnaissance on web servers.
This tool comes pre-installed on Kali Linux. However, you can use the command below to install it on any Debian-based system.
sudo apt install skipfish
Vulnerability Scanning Tools for Networks
Nowadays, computer networks are becoming more complex due to the many devices connected to the internet. That, however, has a downside impact in terms of network security. The more connected devices, the more the likelihood of exposing critical resources that hackers can exploit. We need to use vulnerability scanning tools to detect any network security flaws to mitigate that.
Below are four popular tools used to scan for vulnerabilities on networks.
Note: Some of these tools can also scan for vulnerabilities in web applications, mobile apps, etc.
1. OpenVAS
OpenVAS stands for Open Vulnerability Assessment System. You already have a vivid idea of what it does from that definition alone. It's a full-featured vulnerability scanner that scans for vulnerabilities in a system and analyzes them. You can understand what security measures you need to put to mitigate those security flaws from that information. OpenVAS can scan for vulnerabilities on both Web applications and Networks.
When writing this post, openVAS does not come pre-installed on Kali Linux. Use the commands below to install it.
sudo apt update
sudo apt install openvas
sudo gvm-setup
2. Wireshark
Wireshark is a network protocol analyzer. That means it can capture the data passing over a network and analyze it to reveal information like the packet's source and destination IP address and even the network protocol that the packet is using for transmission. Therefore, you can use this tool to scan the network for vulnerabilities or suspicious activities. Wireshark is available for both Windows, Linux, and macOS.
3. Nmap
Even if you are new to the penetration testing field, you must have heard of Nmap. It is a powerful command-line tool for scanning and detecting vulnerabilities on your network. You can gather information like :
- Devices connected to a network
- What operating system the devices are running
- The services and installed software
- OS and software version, etc
Nmap comes pre-installed on Kali Linux. There is also a graphical option for Nmap CLI known as Zenmap, which is pre-installed on Kali Linux.
4. Metasploit
The Metasploit Framework (MSF) is another popular security tool used to deliver payloads on the target machine. However, you can also use it to scan the network for any vulnerabilities before they are exploited. Before 2009, MSF was an open-source utility; however, after its acquisition by Rapid7, it was made commercial but with a free version known as the Metasploit community edition. The commercial edition has more features than the community edition.
This tool comes pre-installed on Kali Linux.
Vulnerability Scanning Tools for Mobile Applications
Mobile apps also need to be assessed for security flaws or vulnerabilities, similar to web applications. Some of the information that attackers mainly target on mobile phones include:
- Personal Identifiable Informations such Name, ID, passwords, etc.
- Mobile information like IMEI, GPS locations, network MAC address, etc.,
- Vulnerable applications installed on the phone.
Below are some of the most popular tools for scanning for vulnerabilities on mobile applications.
1. App-Ray
App-Ray is a security tool that scans mobile apps for vulnerabilities. It also comes with features like,
- Data leaks detection
- It prevents users from installing malicious apps
- Perform security checks
- Achieve Compliance Goals - GDPR, CCPA
To get started with App-Ray, please visit their official website.
2. Codified Security
Codified Security shouldn't be that hard to understand if you have used a platform like Virus-Total before. This platform allows you to upload APK and IPA files and scan them for vulnerabilities. You can perform both static and dynamic tests to in-depth vulnerabilities on your application. To get started with Codified Security, check out their official website.
3. Runtime Mobile Security
Run Time Mobile Security (RMS) is a powerful web application powered by NodeJS that allows you to manipulate Android and iOS applications at Runtime. To get started with RMS, check the installation instructions present on the official Github page. Some of the features available on RMS include:
- Hook everything o the fly
- Dump loaded relative methods
- Load custom scripts
- Dump loaded hashes
- Trace method args and return value
Conclusion
Cybercrime rates are growing every day - from attacking small mobile applications to large cryptocurrency exchange sites. Even though they say "nothing is 100% secure," employing a vulnerability scanner on your web app, mobile application, network, etc., would be one way to ensure that your system is secure. This post has given you the best vulnerability scanners that you can use for three categories - Web applications, mobile applications, and networks. You can use some of these tools to perform vulnerability assessments for all three categories or with other scripts/ tools. Feel free to share your favorite vulnerability scanning tool with our readers in the comments below.