Linux vulnerability scanning tools
Introduction
Every system or application has its flaws. Some of these flaws might turn into security vulnerabilities. Typical vulnerabilities on Linux are caused by outdated software packages or weak configurations. The challenge is to find such weaknesses in your systems before attackers do. This is where Linux vulnerability scanning tools come into play. A vulnerability scanner performs a set of tests, each with the goal to determine if there is a weakness present.
Vulnerability scanners use different approaches to do their job. One method is to scan via the network for active systems and probe which network ports are opened. Based on the discoveries, the vulnerability scanner will further analyze the related services listening on the system. Another approach is to run on the system itself. This type of scanner will analyze any data that can be parsed, from installed packages to active configurations. The network-based scanners are good for targets where you don't have access to. The second group, the host-based scanners can obtain more data, yet require at least some level of access.
Usage
Linux vulnerability scanning tools are typically used for vulnerability management, vulnerability scanning, vulnerability testing.
Users for these tools include auditors, pentesters, security professionals, system administrators.
Tools
Highlighted tools
Some of the Linux vulnerability scanning tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.
Popular Linux vulnerability scanning tools
Archery (vulnerability assessment and management)
penetration testing, vulnerability management, vulnerability scanning, vulnerability testing
Archery is a tool that helps to collect data about vulnerabilities within an environment. Instead of focusing on the actual scanning, it allows managing findings in a web-based interface. This includes options like reporting, searching, and dashboards. It can interact with other tools, including the well-known vulnerability scanners.
Bash Scanner (vulnerable package detection for Linux)
security assessment, security monitoring
Bash Scanner is a security tool that does a quick scan to see if there are vulnerable packages. It uses an external service to validate.
Dagda (vulnerability scanner for Docker containers)
malware detection, malware scanning, vulnerability management, vulnerability scanning
The main reasons to use Dagda is the detection of vulnerable or malicious components within your containerized environment.
Intrigue Core (attack surface discovery)
OSINT research, asset discovery, attack surface measurement, intelligence gathering, penetration testing, security assessment
Intrigue Core provides a framework to measure the attack surface of an environment. This includes discovering infrastructure and applications, performing security research, and doing vulnerability discovery.
Intrigue also allows enriching available data and perform OSINT research (open source intelligence). The related scans include DNS subdomain brute-forcing, email harvesting, IP geolocation, port scanning, and using public search engines like Censys, Shodan, and Bing.
OpenVAS (vulnerability scanner)
penetration testing, security assessment, vulnerability scanning
OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.
Prowler (vuln) (distributed vulnerability scanner)
security assessment, vulnerability scanning, vulnerability testing
A vulnerability scanner like Prowler can be used to scan the network for vulnerabilities. Prowler can perform active network scanning and uses fingerprinting. Part of the process it to test for default or weak credentials.
Safety (vulnerability scanner for software dependencies)
penetration testing, security assessment, security monitoring, vulnerability scanning
When having applications deployed in your environment, not all of those may be installed via a package manager. When your infrastructure grows, it becomes even harder to know which tools are properly patched and which ones are not. For Python applications, this is where Safety comes in that can help scan installed software components via pip. It will also look at any of the dependencies that are installed.
VScan (vulnerability scanner with Nmap and NSE)
backdoor detection, vulnerability scanning
Vscan is a security tool to perform vulnerability scanning with Nmap. It leverages NSE scripts to provide some flexibility in terms of vulnerability detection and exploitation.
Vuls (agentless vulnerability scanner)
system hardening, vulnerability scanning
Vuls is a vulnerability scanner for Linux and FreeBSD. It is written in Go, agentless, and can use a remote login to find any software vulnerabilities. It has multiple levels of scanning, from a fast scan up to a deep scan with extensive analysis.
salt-scanner (Linux vulnerability scanner)
penetration testing, security assessment, vulnerability scanning
Salt-scanner is Linux vulnerability scanner based on Salt Open and Vulners audit API. It has Slack notifications and JIRA integration.
vulnix (vulnerability scanner for NixOS)
vulnerability scanning
Tools like vulnix help with the detection of known weaknesses in packages by leveraging external resources. It can be used as an additional security layer on top of software patch management.
vulscan (vulnerability scanning with Nmap)
penetration testing, security assessment, vulnerability scanning, vulnerability testing
Vulscan is a vulnerability scanner which uses the well-known Nmap tool. By enhancing it with offline data from VulDB, it allows for detecting vulnerabilities. The database itself based on information from multiple sources.
w3af (web application attack and audit framework)
application security, application testing, penetration testing, vulnerability scanning, web application analysis
W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. The tool comes with both a graphical user interface (GUI) and command line utility. Some of the project files include a copyright line of 2006. That gives a good idea on the maturity of the project, and it is one of the rare tools that is still maintained after so many years.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.