When attempting to determine the security posture of the devices on your organization’s network, performing security assessments is the next logical step.This type of assessment serves to suss out any deficiencies that exist within the client systems compared with the current known baseline of patches for the operating system and the applications installed therein.
SEE: iPhone 12 event: What Apple announced at its 2020 Hi Speed event (free PDF) (TechRepublic)
After performing reconnaissance to find out the number of devices to scan and determine the type of devices, their OSes, and the apps and services installed on them, a proper plan to carry out the vulnerability assessment may be created.
In order to carry out the assessment, it is important to identify which tools will be necessary. Some tools may be used to obtain vulnerability information from generic devices, while other tools are suited only to identify specific vulnerabilities related to certain types of applications and services, such as web servers, for example. The tools included in this list represent the vulnerability scanners that are available via Homebrew for macOS and include a brief description of how those tools work best.
SEE: Homebrew: How to install reconnaissance tools on macOS (TechRepublic)
Aircrack-ng
A popular suite of tools used to assess, crack, and manipulate wireless network traffic through monitoring, attacking, testing, and cracking security. The tool is feature-rich and focuses heavily on command-line usage to automate much of the processes using scripts to test the security and harden your organization’s wireless networks.
brew install aircrack-ng
IKER
A Python-based tool that scans and analyzes VPN concentrators for the Internet Key Exchange (IKE) protocol, which may provide indicators of misconfigurations and errors after identifying VPN servers through discovery and fingerprinting.
brew install iker
HeaderCheck
Another Python script, this one, however, is used to identify the various header information provided by web servers when connections are made. The headers may be used to provide keen insight into a web server’s configuration, especially security details pertaining to how the server handles XSS protections, for example.
brew install headercheck
SEE: Homebrew: How to install reconnaissance tools on macOS (TechRepublic)
NFSShell
A user-level shell used to access NFS servers remotely and for analyzing mounts. It can be used in the detection of security issues.
brew install nfsshell
NOPC
The acronym stands for Nessus-based Offline Patch Checker, and the tool aims to retrieve vulnerability analysis from UNIX-based systems, such as Linux distributions and macOS, among others. It works by comparing data from Nessus’ database and the devices themselves to identify missing patches. Information may be exported to CSV format and include CVSS scoring data, as well.
brew install nopc
RDP-Sec-Check
PERL-based script used to enumerate the security settings of the RDP protocol, or Terminal Services by checking which services are supported and, of course, which ones are present. Features include targets file and saving the tool output to a specified logfile.
brew install rdp-sec-check
SSLScan2
Version 2 of the SSLScan tool scans devices to discover supported security protocols and ciphers. A number of scanning settings are present, allowing for scanning to occur as broad or granular as necessary.
brew install sslscan2
SEE: How to install common security tools via Homebrew on a Mac (TechRepublic)
SSL-Cipher-Suite-Enum
A PERL script used to detect legacy and newer versions of security protocols and network services such as FTP, RDP, and SMTP, for example. Output may be logged to exportable files and is also human-readable and greppable.
brew install ssl-cipher-suite-enum
TestSSL
This script checks for what ports are being used on a server, which security protocols/ciphers are being used, and works on many different operating systems. Furthermore, data output is kept private and may be exported to standalone formats, such as CSV and JSON for usage with other tools.
brew install testssl
Wfuzz
Fuzzing applications is an important part of the assessment process. Used to determine if any vulnerabilities exist, this application can be combined with supported plugins to extend functionality and may be used with other tools.
brew install wfuzz
Windows-Exploit-Suggester
As the tool is named, this software is used to compare the path level of a device against the vulnerability database maintained by Microsoft. The output provided by this tool may also be used to determine if the vulnerabilities detected have been publicly exploited and if Metasploit modules exist for them as well. Lastly, the tool itself serves as a means to patch vulnerable devices and report the findings to a file for later review.
brew install windows-exploit-suggester
WPScan
A Ruby-based script that is used to assess web servers running the WordPress blogging platform to determine the security level of the servers.
brew install wpscan
Yasuo
This is another Ruby-based script that is capable of scanning for vulnerable third-party web applications and front-ends. It allows admins to cross-reference known vulnerabilities that can be used to remotely exploit a server running compromised software
brew install yasuo