Appendix A. Testing Data for Network Scanners in Various Operating Systems
|
A. RedHat Linux 7.2 (Enigma) 2.4.18 SMP
|
ISS
|
LanGuard
|
Nessus
|
NetRecon
|
Retina
|
MaxPatrol
|
|
Final points:
|
24.5
|
13
|
43.5
|
10
|
35.5
|
43
|
|
TOTAL vulnerability detections:
|
26
|
13
|
45
|
10
|
39
|
43
|
|
TOTAL false detections:
|
-1.5
|
0
|
-1.5
|
0
|
-3.5
|
0
|
|
Vulnerabilities detected
|
|
Vulnerability Apache Chuncked at port 80 (+3)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
Vulnerability Apache Chuncked at port 443 (+3)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in mod_ssl at port 80 (+3)
|
|
Ö
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in mod_ssl at port 443 (+3)
|
|
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in OpenSSL at port 80 (+3)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in OpenSSL at port 443 (+3)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
Memory leak "scoreboard" in Apache at port 80 (+2)
|
|
|
Ö
|
|
Ö
|
Ö
|
|
Memory leak "scoreboard" in Apache at port 443 (+2)
|
|
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in «Timing based» in Apache at port 80 (+2)
|
|
|
Ö
|
|
Ö
|
Ö
|
|
Vulnerability in «Timing based» in Apache at port 443 (+2)
|
|
|
Ö
|
|
Ö
|
Ö
|
|
Multiple vulnerabilities in PHP in Apache at port 80 (+2)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
Multiple vulnerabilities in PHP in Apache at port 443 (+2)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
Retrieving /index.php.old file content (+2)
|
|
|
Ö
|
|
|
|
|
Retrieving list of NetBIOS resources (+2)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
Retrieving list of NetBIOS users (+2)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
Detection of login and password guest/guest at port 2021 in FTP (+2)
|
|
|
|
|
|
Ö
|
|
Retrieving the list of directories in Apache at port 80 (+1)
|
|
|
Ö
|
|
|
Ö
|
|
Retrieving the list of directories in Apache at port 443 (+1)
|
|
|
Ö
|
|
|
Ö
|
|
Support for TRACE method by Apache service at port 80 (+1)
|
Ö
|
|
Ö
|
|
Ö
|
|
|
Support for TRACE method by Apache service at port 443 (+1)
|
Ö
|
|
Ö
|
|
Ö
|
|
|
HTTP identification (+1)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
HTTPS identification (+1)
|
Ö
|
|
Ö
|
|
Ö
|
Ö
|
|
SSH identification (+1)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
FTP identification at port 2021 (+1)
|
|
|
Ö
|
|
|
Ö
|
|
MySQL identification (+1)
|
Ö
|
Ö
|
Ö
|
Ö
|
|
Ö
|
|
False detections
|
|
Presence of empty NetBIOS passwords (-1.5)
|
|
|
Ö
|
|
Ö
|
|
|
Overflow in 'rwhod' service (-1.5)
|
Ö
|
|
|
|
|
|
|
Viewing directories content in Apache at port 80 (-1)
|
|
|
|
|
Ö
|
|
|
Viewing directories content in Apache at port 443 (-1)
|
|
|
|
|
Ö
|
|
|
B. Windows XP Professional
|
ISS
|
LanGuard
|
Nessus
|
NetRecon
|
Retina
|
MaxPatrol
|
|
Final points:
|
8.5
|
10
|
8
|
7
|
8.5
|
20
|
|
TOTAL vulnerability detections:
|
10
|
10
|
14
|
8
|
10
|
20
|
|
TOTAL false detections:
|
-1.5
|
0
|
-6
|
-1
|
-1.5
|
0
|
|
Vulnerabilities detected
|
|
No password for SA user in MS SQL Server (+3)
|
Ö
|
Ö
|
Ö
|
|
Ö
|
Ö
|
|
Overflow in UPnP service (+3)
|
|
|
|
Ö
|
|
Ö
|
|
Permission to write in IIS Server directories (+3)
|
|
|
|
|
|
Ö
|
|
Permission to view contents of directory /cgi-bin in IIS Server (+2)
|
|
|
|
|
|
Ö
|
|
Retrieving list of NetBIOS resources (+2)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
Enabled WebDAV at IIS Server (+1)
|
Ö
|
|
Ö
|
|
Ö
|
|
|
Support of method TRACE in IIS Server service (+1)
|
Ö
|
|
Ö
|
|
Ö
|
|
|
Retrieving list of unavailable directories in IIS Server (+1)
|
|
|
Ö
|
|
|
Ö
|
|
IIS Server identification (+1)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
MS SQL identification (+1)
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
Ö
|
|
MS RDP identification (+1)
|
|
Ö
|
Ö
|
|
Ö
|
Ö
|
|
NTP identification (+1)
|
Ö
|
Ö
|
Ö
|
|
|
Ö
|
|
UPnP identification (+1)
|
|
Ö
|
Ö
|
Ö
|
|
Ö
|
|
RPC services identification (+1)
|
|
|
Ö
|
|
|
Ö
|
|
False detections
|
|
Overflow in /_vti_bin/_vti_aut/dvwssr.dll in Microsoft UPnP TCP helper (-1.5)
|
|
|
Ö
|
|
|
|
|
Empty passwords in NetBIOS (-1.5)
|
|
|
Ö
|
|
|
|
|
Presence of vulnerable script upload.cgi (-1.5)
|
|
|
Ö
|
|
|
|
|
Overflow in PROPFIND query at IIS Server (-1.5)
|
|
|
Ö
|
|
|
|
|
HTTP Header overflow in ISS Server (-1.5)
|
Ö
|
|
|
|
Ö
|
|
|
Presence of vulnerable qfullhit.htw (-1)
|
|
|
|
Ö
|
|
|
