Linux vulnerability scanning tools

Image of a gate with a chain and lock, related to tools used for vulnerability scanning on Linux

Introduction

Every system or application has its flaws. Some of these flaws might turn into security vulnerabilities. Typical vulnerabilities on Linux are caused by outdated software packages or weak configurations. The challenge is to find such weaknesses in your systems before attackers do. This is where Linux vulnerability scanning tools come into play. A vulnerability scanner performs a set of tests, each with the goal to determine if there is a weakness present.

Vulnerability scanners use different approaches to do their job. One method is to scan via the network for active systems and probe which network ports are opened. Based on the discoveries, the vulnerability scanner will further analyze the related services listening on the system. Another approach is to run on the system itself. This type of scanner will analyze any data that can be parsed, from installed packages to active configurations. The network-based scanners are good for targets where you don't have access to. The second group, the host-based scanners can obtain more data, yet require at least some level of access.

Usage

Linux vulnerability scanning tools are typically used for vulnerability management, vulnerability scanning, vulnerability testing.

Users for these tools include auditors, pentesters, security professionals, system administrators.

Tools

Archery (vulnerability assessment and management)

penetration testing, vulnerability management, vulnerability scanning, vulnerability testing

Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.

Bash Scanner (vulnerable package detection for Linux)

security assessment, security monitoring

Bash Scanner is a security tool that does a quick scan to see if there are vulnerable packages. It uses an external service to validate.

Dagda (vulnerability scanner for Docker containers)

malware detection, malware scanning, vulnerability management, vulnerability scanning

The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.

Intrigue Core (attack surface discovery)

asset discovery, attack surface measurement, intelligence gathering, OSINT research, penetration testing, security assessment

Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.

Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.

OpenVAS (vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.

Prowler (vuln) (distributed vulnerability scanner)

security assessment, vulnerability scanning, vulnerability testing

A vulnerability scanner like Prowler can be used to scan the network for vulnerabilities. Prowler can perform active network scanning and uses fingerprinting. Part of the process it to test for default or weak credentials.

Safety (vulnerability scanner for software dependencies)

penetration testing, security assessment, security monitoring, vulnerability scanning

When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.

salt-scanner (Linux vulnerability scanner)

penetration testing, security assessment, vulnerability scanning

Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.

VScan (vulnerability scanner with Nmap and NSE)

backdoor detection, vulnerability scanning

Vscan is a security tool to perform vulnerability scanning with Nmap. It leverages NSE scripts to provide some flexibility in terms of vulnerability detection and exploitation.

vulnix (vulnerability scanner for NixOS)

vulnerability scanning

Tools like vulnix help with the detection of known weaknesses in packages by leveraging external resources. It can be used as an additional security layer on top of software patch management.

Vuls (agentless vulnerability scanner)

system hardening, vulnerability scanning

Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.

vulscan (vulnerability scanning with Nmap)

penetration testing, security assessment, vulnerability scanning, vulnerability testing

Vulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.

w3af (web application attack and audit framework)

application security, application testing, penetration testing, vulnerability scanning, web application analysis

W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. The tool comes with both a graphical user interface (GUI) and command line utility. Some of the project files include a copyright line of 2006. That gives a good idea on the maturity of the project, and it is one of the rare tools that is still maintained after so many years.

Highlighted tools based on their strenghts

Some of the Linux vulnerability scanning tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.

» All-rounder = OpenVAS
» Easy to use = Lynis
» Low on requirements = Lynis

Missing a favorite tool in this list? Share a tool suggestion and we will review it.