Re: nessus closes source question

["DePriest, Jason R." <jrdepriest () gmail com>]

On Sun, Jun 29, 2008 at 12:47 PM, sara fink <> wrote:
> Hello Everyone
>
> Nmap will try to fill in the gaps and develop features instead of nessus?


http://seclists.org/nmap-dev/2008/q2/0132.html

For the Summer of Code, there are already projects to create an hping
replacement (Nping) and to start working on the netcat replacement
again (Ncat).

The Lua scripting engine lets users create scripts to do just about
anything Nessus could do with its proprietary scripting language.  New
features are being added and existing features are being streamlined
so quickly that nmap could be a decent vulnerability assessment
platform.

Nessus is more than just "nessus" though.  They also have reporting
and if you give them money, Lightning for easy management.  Also,
their signatures are updated without the entire product needing to be
reinstalled.  Since Tenable is a commercial entity, they have SLAs
that they maintain and have an big incentive to get sigs for new vulns
out as soon as they can.
Plus they tie many of their checks back directly to CVEs and vendor
patches where as nmap doesn't try to get that fancy.

I think Nmap is *already* capable of doing everything Nessus was doing
six years ago (when Tenable was born) because of the flexibility Lua
and NSE provide.  All we need is people to keep writing useful
scripts.

-Jason

-- 
NOTICE: Reading this email message requires root privileges which you
do not appear to possess. Sorry, dude.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org