XSpider is a vulnerability scanner for seeing the real state of security on your IT infrastructure. Quickly and precisely enumerate your network components, scan network resources for vulnerabilities, and get recommendations for remediation.
See your network
XSpider quickly and precisely finds network hosts and open ports, identifies operating systems and server applications, and monitors changes.
Check for vulnerabilities
XSpider looks for vulnerabilities on workstations, servers, and network equipment. Sites undergo thorough analysis. The product’s vulnerability database is regularly updated by the experts at Positive Technologies.
Get the solution
For all detected vulnerabilities, XSpider provides details as well as clear, understandable recommendations. Reports with scanning results give a high-resolution picture of the current state of security.
How it works
Discovers network hosts
Workstations, servers, and network equipment appear in your inventory. Scanning includes both the local network and external perimeter. No endpoint agent is required for full functionality.
Scans TCP and UDP ports
Manual configuration can specify scanning of frequently used ports for maximum speed.
Services on random ports are fully identified. XSpider detects main services (RDP, FTP, SSH) and collects core information: OS version, computer name, and installed software.
Safe inventory and banner checks, combined with fuzzing, point out any network vulnerabilities.
Diverse protocols are supported, including those used for email, remote connections, file transfer, and databases.
Analyzes web applications
XSpider checks for vulnerabilities involving SQL injection, execution of arbitrary programs, file upload, cross-site scripting (XSS), and TTP response splitting. Custom-developed web apps are analyzed as well.
Informs of threats
For every detected vulnerability, XSpider provides a full description, recommendations, links to public sources, and CVSS (v2 and v3) Base + Temporal scores.
Scan results are delivered in structured form. Filter data, compare results between scans, and assess the overall security level.
XSpider can power the whole vulnerability detection process: set scan tasks to start automatically at a time of your choice. No longer do you have to manually check each component individually.
Extensive knowledge base
Positive Technologies experts regularly update the knowledge base with the latest threat information.
Full identification of services
Vulnerability scans probe servers with complex configurations and services running on arbitrary ports.
Password strength checks
Optimized brute-force verification of passwords is available for nearly all authentication-based services.
Deep analysis of Microsoft systems
XSpider performs extended verification of Windows hosts.
Customizable report templates are available in a variety of formats.
Deep analysis of web pages
XSpider supports OWASP Top 10 detection.
Rapid installation and configuration
XSpider does not require deploying software on hosts. All scans are performed remotely. XSpider can be installed on hardware or in a virtual machine.
Minimal false positives
Special mechanisms have been designed to prevent false positive vulnerability detections.
XSpider can automatically start scanning tasks at the time most convenient for you. After scanning, the scheduler sends the report by email or saves it to a specified folder.