OpenVAS is an open source remote security vulnerability scanner, designed to search for networked devices and computers, discover accessible ports and services, and to test for vulnerabilities on any such ports; plugins allow for further expansion.
Lynis is an auditing tool for systems running Linux, BSD, or other Unix derivatives. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also
... [More] scan for general system information, installed packages, and possible configuration errors.
This software assists with automated auditing, compliance audits (PCI DSS, HIPAA, etc), system hardening, software patch management, vulnerability detection, and malware scanning. It can be run without prior installation.
Lynis is typically used by system administrators and security professionals. [Less]
Kali Linux is a security auditing operating system and toolkit that aims to be the most advanced and versatile penetration testing distribution ever created. Kali Linux incorporates more than 300 penetration testing and security auditing programs with a Linux operating system, delivering an
... [More] all-in-one solution that enables IT administrators and security professionals to test the effectiveness of risk mitigation strategies. Kali Linux offers a smoother, easier penetration testing experience, making it more accessible to IT generalists as well as security specialists. [Less]
OWASP WebScarab For Eclipse is a web developer and vulnerability assessment tool, integrated into the Eclipse platform.
WebScarab For Eclipse builds upon existing WebScarab releases by using Eclipse as an application framework, and to integrate more closely with projects developed using Eclipse.
... [More] WebScarab for Eclipse does not replace either WebScarab or WebScarab NG, but will be complementary to these projects.
Initial goals will be to port the basic WebScarab proxy engine and plug-in framework to Eclipse, and from there, to add views and perspectives and integrate with the Eclipse toolchain.
For example a potential benefit from Eclipse integration could be to right click a project, and choose "Create spider entry points", which parses the project for likely force browse entry points, and from that populate the spider list.
The current status is "Early planning". Help is most certainly welcome! [Less]
Norad is an extensible vulnerability scanning framework that allows you to embed security testing into the development and deployment lifecycle. Norad can aggregate results from custom or existing security testing tools to determine an asset's security posture. Multiple deployment models give you
... [More] the flexibility to scan public or private assets from a cloud environment or opt for an on-site deployment. [Less]