Advanced Network Scanner
Phuong Fulsom
Reliable and free network scanner to analyze LAN. The program shows all network devices, gives you access to shared folders, provides remote control of computers (via RDP and Radmin), and can even remotely switch computers off. It is easy to use and runs as a portable edition. It should be the first choice for every network admin.
This fast, highly configurable IPv4/IPv6 scanner can streamline many of your network support procedures. Its well-designed interface, light weight and portability coupled with an extensive range of options and advanced features make SoftPerfect Network Scanner an invaluable tool, whether you are a professional system administrator, someone providing occasional network maintenance, or a general user interested in computer security.
SoftPerfect Network Scanner can ping computers, scan ports, discover shared folders and retrieve practically any information about network devices via WMI, SNMP, HTTP, SSH and PowerShell. It also scans for remote services, registry, files and performance counters; offers flexible filtering and display options and exports NetScan results to a variety of formats from XML to JSON.
If you're looking for a feature that would block this application (Advance IP Scanner) from running on the end machine, your Endpoint Protection of choice should be able to control these kinds of applications from running For example, Sophos EPP has this on App control list. These types of applications usually scan IP network ranges using broadcast addresses to check who's up on the set network addresses (usually pings broadcast IP address of a certain network, say network 192.168.1.0/24, these apps pings 192.168.1.255 to check who's alive and if other end machines allow response on their host-based/software FW (in many cases) Win Firewall, they would respond and let them know they're up.
That being said, If the scanner and FW are in the same broadcast zone on the network level, Firewalls would not be able to prevent scans of these apps. Even FW would respond to the broadcast pings if you run the scanner on a LAN zone and your FW LAN zone is configured to respond to ping unless you explicitly configure Firewall not to. However, you can control them on the endpoint level from ever running using your EPP's app control.
If this is targeted for the Firewall and a Port Scan/Sweep detection is the one feature you're looking and not IP scanning on the network like on what I'm mentioning above. This is currently under feature request. You may reach out to Support and have this requested and be linked under your account and may refer to this FR: SFSW-I-776
If you select the Custom preconfigured setting option, or if you are using a Nessus Scanner template that does not include preconfigured advanced settings, you can manually configure Advanced settings in the following categories:
Enabling this setting may increase your overall findings count; each platform and package combination results in an individual plugin. If additional CVEs are found to affect a platform and package combination, the CVEs are added to the existing plugin.
Note: If you configure a scan to produce findings for unpatched vulnerabilities and then the setting is unchecked, Tenable Nessus remediates unpatched findings in the next scan. Additionally, if multiple scans target the same device and one has enabled findings for unpatched vulnerabilities and another does not, the findings results may vary per scan.
When enabled, Tenable Nessus stops scanning if it detects that the host has become unresponsive. This may occur if users turn off their PCs during a scan, a host has stopped responding after a denial of service plugin, or a security mechanism (for example, an IDS) has started to block traffic to a server. Normally, continuing scans on these machines sends unnecessary traffic across the network and delay the scan.
By default, Tenable Nessus scans a list of IP addresses in sequential order. When this option is enabled, Tenable Nessus scans the list of hosts in a random order within an IP address range. This approach is typically useful in helping to distribute the network traffic during large scans.
When enabled, if a credentialed scan tries to connect via SSH to a FortiOS host that presents a disclaimer prompt, the scanner provides the necessary text input to accept the disclaimer prompt and continue the scan.
The scan initially sends a bad ssh request to the target in order to retrieve the supported authorization methods. This allows you to determine how to connect to the target, which is helpful when you configure a custom ssh banner and then try to determine how to connect to the host.
When disabled, to avoid overwhelming a host, Tenable Nessus prevents against simultaneously scanning multiple targets that resolve to a single IP address. Instead, Tenable Nessus scanners serialize attempts to scan the IP address, whether it appears more than once in the same scan task or in multiple scan tasks on that scanner. Scans may take longer to complete.
When enabled, a Tenable Nessus scanner can simultaneously scan multiple targets that resolve to a single IP address within a single scan task or across multiple scan tasks. Scans complete more quickly, but hosts could potentially become overwhelmed, causing timeouts and incomplete results.
When enabled, Tenable detects when it is sending too many packets and the network pipe is approaching capacity. If network congestion is detected, throttles the scan to accommodate and alleviate the congestion. Once the congestion has subsided, Tenable automatically attempts to use the available space within the network pipe again.
Specifies the time that Tenable waits for a response from a host unless otherwise specified within a plugin. If you are scanning over a slow connection, you may want to set this to a higher number of seconds.
Specifies the maximum number of established TCP sessions for a single host.
This TCP throttling option also controls the number of packets per second the SYN scanner sends, which is 10 times the number of TCP sessions. For example, if this option is set to 15, the SYN scanner sends 150 packets per second at most.
In the file, enter one absolute or partial filepath per line, formatted as the literal strings you want to exclude. You can include absolute or relative directory names, examples such as E:\, E:\Testdir\, and \Testdir\.
In the file, enter one absolute or partial filepath per line, formatted as the literal strings you want to exclude. You can only include absolute directory names, examples such as E:\, E:\Testdir\, and C:\.
(Agents 8.2 and later) If set, each agent in the agent group delays starting the scan for a random number of minutes, up to the specified maximum. Staggered starts can reduce the impact of agents that use a shared resource, such as virtual machine CPU.
Controls the maximum output length for each individual compliance check value that the target returns. If a compliance check value that is greater than this setting's value, Tenable Nessus truncates the result.
By default, Tenable Web App Scanning in Tenable Nessus uses the user-agent that Chrome uses for the operating system and platform that corresponds to your machine's operating system and platform. For more information about Chrome's user-agents, see the Google Chrome documentation.
Specifies whether the scanner adds an additional X-Tenable-Was-Scan-Id header (set with the scan ID) to all HTTP requests sent to the target, which allows you to identify scan jobs in web server logs and modify your scan configurations to secure your sites.
Copyright 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.
You can use scan templates to create custom policies for your organization. Then, you can run scans based on Tenable's scan templates or your custom policies' settings. For more information, see Create a Policy.
When you first create a scan or policy, the Scan Templates section or Policy Templates section appears, respectively. Tenable Nessus provides separate templates for scanners and agents, depending on which sensor you want to use for scanning:
When you configure a Tenable-provided scan template, you can modify only the settings included for the scan template type. When you create a user-defined scan template, you can modify a custom set of settings for your scan.
Launch this scan to see what hosts are on your network and associated information such as IP address, FQDN, operating systems, and open ports, if available. After you have a list of hosts, you can choose what hosts you want to target in a specific vulnerability scan.
Performs a full system scan that is suitable for any host. Use this template to scan an asset or assets with all of Nessus's plugins enabled. For example, you can perform an internal vulnerability scan on your organization's systems.
The most configurable scan type. You can configure this scan template to match any policy. This template has the same default settings as the basic scan template, but it allows for additional configuration options.
An advanced scan without any recommendations, where you can configure dynamic plugin filters instead of manually selecting plugin families or individual plugins. As Tenable releases new plugins, any plugins that match your filters are automatically added to the scan or policy. This allows you to tailor your scans for specific vulnerabilities while ensuring that the scan stays up to date as new plugins are released.
Tenable Nessus detects malware using a combined allow list and block list approach to monitor known good processes, alert on known bad processes, and identify coverage gaps between the two by flagging unknown processes for further inspection.
The Mobile Device Scan plugins allow you to obtain information from devices registered in a Mobile Device Manager (MDM) and from Active Directory servers that contain information from Microsoft Exchange Servers.
c80f0f1006