Vulnerability scanners are automated tools that crawl an application to identify the signatures of known vulnerabilities.
Kali comes with several different preinstalled vulnerability scanners; Penetration testers will typically use two or three comprehensive scanners against the same target to ensure valid results are obtained to achieve the goal of the test. Note that some vulnerability scanners also include an attack functionality.
Vulnerability scanners are mostly noisy, and are usually detected by the victim. However, scans frequently get ignored as part of regular background activity. In fact, some attackers have been known to launch large-scale scans against a target to camouflage the real attack, or to induce the defenders to disable detection systems to reduce the influx of reports that they have to manage.
Important vulnerability scanners include the following:
|
Application |
Description |
|
Arachnid |
An open source Ruby framework that analyzes HTTP responses received during scanning to validate responses and eliminate false positives. |
|
GoLismero |
A scanner that maps web applications and detects common vulnerabilities. The results are saved in TXT, CVS, HTML, and RAW formats. |
|
Nikto |
A Perl-based open source scanner that allows IDS evasion and user changes to scanned modules. This original web scanner is beginning to show its age, and is not as accurate as some of the more modern scanners. |
|
Skipfish |
A scanner that completes a recursive crawl and dictionary-based crawl to generate an interactive site map of the targeted website, annotated with the output from additional vulnerability scans. |
|
Vega |
A GUI-based open source vulnerability scanner. As it is written in Java, it is cross-platform (Linux, macOS, and Windows) and can be customized by the user. |
|
w3af |
A scanner that provides both a graphical and command-line interface to a comprehensive Python testing platform. It maps a target website and scans for vulnerabilities. This project has been acquired by Rapid7, so there will be closer integration with the Metasploit framework in the future. |
|
Wapiti |
A Python-based open source vulnerability scanner. |
|
Webscarab |
OWASP's Java-based framework for analyzing HTTP and HTTPS protocols. It can act as an intercepting proxy, a fuzzer, and a simple vulnerability scanner. |
|
Webshag |
A Python-based website crawler and scanner that can utilize complex IDS evasion. |
|
WebSploit |
An advanced man-in-the-middle (MiTM) framework, useful in wireless and Bluetooth attacks. |
Kali also includes some application-specific vulnerability scanners. For example, WPScan is used specifically against WordPress CMS applications.