Introduction

In the first few chapters of this book, we outlined the higher-level concepts of vulnerability management and vulnerability assessment. Chapter 2 in particular outlined the various methods for performing vulnerability assessments as well as the pros and cons of each method. In this chapter, we will explain and demonstrate the different tools available for performing vulnerability assessments. Our goal is not to recommend a specific tool, but rather to provide examples from the most common, industry-leading tools on the market today. Many years ago, when writing a similar chapter for the Syngress book Hack Proofing Your Network, I outlined a balance of open source and commercial tools. Since that time, the landscape has changed slightly, and one of the more popular open source tools has evolved into a commercial offering with a less-supported open source version remaining.

So how exactly do vulnerability assessment tools function? On a high level, a vulnerability assessment tool will probe a system for a specific condition that represents a vulnerability. In Chapter 1, we defined a vulnerability as a software or hardware bug or misconfiguration that a malicious individual can exploit, thereby impacting a system s confidentiality and/or integrity. It is the assessment tool s job to identify these bugs and misconfigurations.

Some tools operate by using an agent, which is a piece of software that must run on every system to be scanned; other tools operate without the use of agents, and some use a combination of the two configurations. The architecture of...