Shadow Security Scanner

Li,Guorui

Introduction

Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built

practically on any platform Over 2000 security audits Latest edition (V.7.25)

Features

Easy used wizard Complete Scan Full Scan Quick Scan Only NetBios Scan Only FTP Scan Only HTTP Scan

Ease of use cont’

Build-in modules

Ports

Audits

Flexible scanning

add a range of hosts

Flexible scanning cont’

Scheduler

Up-To-Date Security Vulnerability Database

Automatic updates BaseSDK C++ Programming SDK

DoS Checker

Denial of Service check DoS checker for HTTP, SMTP, FTP, POP3 and IMAP

protocols

Multiple Report Format

SSS offers scanned session log in XML, PDF, RTF and CHM (compiled HTML) formats

Testing Environment

Test was done in a home network (Windows)

Source computer:

jesse (192.168.1.93)

Target computers:

jesse (192.168.1.93)

lisaliu (192.168.1.92)

tony (192.168.1.152)

Testing Environment cont’

speed

TCP Port: 21 (FTP), 22 (SSH), 23(TELNET), 25(SMTP),53(DOMAIN),79(FIGER),80(WWW-HTTP),113(IDENT),119(NNTP),135(PRC-LOCATOR),139(NETBIOS-SSN),143(IMAP),389(LDAP),445(MICROSOFT-DS)

Audits: 19 categories in total of 2532 audits are perform during this test

Results

Shadow Security Scanner took about 7 minutes

SSS has gone through all the modules, 14 ports and 2532 audits for each of the computers on the host list.

Lower than 30 percents of CPU usage

Conclusion

real commercial security scanner user friendly interface expendable vulnerabilities database flexible scanning and reports