I wanted to write a quick post about my exposure to InsightVM from Rapid7. This tool is essentially a network scanner that checks current software/OS for exploits hackers could potentially target. The tool itself is incredibly easy to setup. After downloading the client you simply install (Recommended Server) input credentials for scanning your domain and specify an IP range or multiple ranges you'd like to scan. I recommend you create an AD use with Domain Admin rights just for the application itself in order to avoid complication. Upon completing the scan you can drill down into vulnerabilities to see what you can patch/update. You're presented with an overall Risk Score for the entire range the idea is to get this as low as you possibly can to help protect your Domain/Network.
You can download a week long free trial here:
Nessus is now my new favorite when it comes to internal domain pen testing and mitigation. This product is cheaper and on par with InsightVM. It also brings a lot more to the table and is feature rich. Heck, you can even scan your entire range for malware... It's also much easier to navigate and has a prettier web GUI. (Important Stuff :P) This product offers more ease. Link are provided for every exploit listed they often link back to manufacturer sites for solutions to issues found. A full feature 1 year subscription is $2,190.00 but it's a nice tool for any IT arsenal.
You can download a week long trial here:
As far as software patching/removal I would recommend you use the WMIC method specified here: https://community.spiceworks.com/how_to/179-using-a-command-line-to-uninstall-software-on-remote-pcs