Review: Nsauditor

By on
Review: Nsauditor

Nsauditor (Network Security Auditor) is a Windows-based multi-purpose tool designed to scan networks and hosts for vulnerabilities, and to provide security alerts.

Nsauditor (Network Security Auditor) is a Windows-based multi-purpose tool designed to scan networks and hosts for vulnerabilities, and to provide security alerts.

The tools are wide-ranging, from a basic portscanner to more complex SQL and web server scanners, and a set of related utilities and reporting options. The target audience is both network security administrators and also consultants running scans on client networks.

The software is presented with a multi-pane toolbar (similar to Outlook's shortcut bar) down the left providing access to all the core tools.

A central window displays results from running tasks, with an activity monitor at the bottom. Because you might well be running multiple tasks which all want to display results, the lower pane is very useful for keeping tabs on what information is available.

The tools are a mixed bag. Most are pretty good, but if you have experience with the powerful open source tools such as nmap and Nessus, you might find some of the options restrictive.

Sometimes, using the product feels like someone has grabbed a bunch of scanners and thrust them into a big bag without working out whether they really make sense (an adware scanner in particular looks out of place among all the beefy network audit tools), but having too many toys is not often much of a problem.

A network monitor provides some insight into services running locally, with options to dig down into each connection and analyze the remote system, terminate connections and view data on the associated process.

The more we looked at this, the more we liked it, and even if you do not use the rest of the product much, this is a useful tool in itself.

A NetBios auditing tool offers options to scan entire networks or individual hosts for information about users and exposed resources. A port scanner is provided, trying hard to be nmap but not quite making it, although it is good enough.

Also thrown in is an http scanner, which will try to identify any common vulnerabilities on a web server, through a proxy if necessary.

More sophisticated are scanning tools that examine Microsoft SQL servers for exposed services and vulnerabilities (but only MSSQL, unfortunately), and another which discovers and walks through available SNMP nodes on the network.

There are also agents that scan MS RPC named pipes and SunRPC services, and a tool for auditing NTLM passwords, by capturing password hashes from NTLM sessions and brute-force decrypting them.

Again, this is a useful addition to the suite, but probably more efficiently accomplished with a strong standalone cracker like John the Ripper or L0phtCrack.

Then there is a grab-bag of additional utilities, from the basics (ping, traceroute, whois, MAC address info, and so on) to the more complex, such as traffic generators, port redirection and ARP manipulation. There is also a collection of traffic stats and log analyzers.

Put together, the tools produce a vast amount of data. Happily, there is an auditing tool which combines many of the services into a single tool, allowing specific scans (and targets) to be saved to be run in the future.

Nsauditor also includes a reporting tool which produces a vulnerability reports from the audit tool's output. The report is pretty basic, but we were happy to see it is all XML so you can wrap your own presentation style around it.

There are also very handy tools for investigating the state of the local machine, showing details on running processes, dlls, open files and so on. So many gadgets, in fact, that the interface starts to feel cluttered and disorganized despite the grouped icons – simply a casualty of so many tools crammed in together.

There is even a (pretty basic) event monitor that examines the local Windows logs and triggers when a specific event ID is detected. The trigger can send email to an admin, send a Windows network message or play a sound file (even speak a custom message with a text-to-speech tool, another example of a gimmick we thought was cute but unnecessary).

Without a mechanism to keep all the tools up to date, some of the scanning (such as vulnerability scans) will be less useful than others. But for its price, Nsauditor is a great collection of tools.

Most of what it offers you could accomplish with standard open source tools such as nmap, Nessus, tcpdump, Ethereal, and so on, but the unified GUI makes for a handy combination of features under one roof.

If you want to conduct an in-depth audit of a single host or scan a network for misbehavior, and want a unified GUI with much of the common tools all in one place, Nsauditor is worth checking out.

For:

Very broad collection of network audit tools.


Against:

Lack of updates.


Verdict:

We think this is one of the best integrated network multi-tools we have looked at.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?