Penetration Testing mailing list archives
Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Feb 2008 13:15:45 -0800
On Thu, Jan 31, 2008 at 06:01:50PM +0100, Robert E. Lee wrote:
Earlier this month, Tyler Reguly released some comparison test findings for Nmap, Unicornscan, and Portbunny (http://www.computerdefense.org/?p=443). Unfortunately, these tests weren't entirely accurate or indicative of what a security tester would see in the field. I have spent some evening hours conducting my own tests and have completed three rounds of testing.
I wish your mails announcing your "port scanner challenge" (and the posts themselves) would disclose that you are the author of UnicornScan, which (big surprise) you declared to be the "clear winner" of your tests. I'm not accusing you of trying to hide your affiliation, it is probably just an oversight on your part. The Portbunny author also did some of his own tests prior to his CCC talk, and amazingly Portbunny was the clear winner of those. (my response: http://seclists.org/nmap-dev/2008/q1/0096.html ). The only _independent_ tests I've seen lately are the ones you referenced from ComputerDefense.Org (http://www.computerdefense.org/?p=443). Here is the conclusion from those tests (the ellipsis are in the original): "When I started this challenge, I wasn't sure what the outcome would be... the only prediction I had was that unicornscan would be defeated by both PortBunny and nmap. This proved to be true... Between nmap and PortBunny, due to the hype around PortBunny and the claims that I had seen... I really wasn't sure. I expected it to be a close battle between the two... at most a TKO... but in the end it was a straight-up KO and in reality PortBunny was never really a contender. Winner: nmap" I'm not saying the ComputerDefense.Org review was perfect or definitive, but at least they are independent. All scanners have benefits and drawbacks, and there may be cases where people prefer UnicornScan or PortBunny to Nmap, so I'm glad those tools are around and I hope they continue to improve. Cheers, Fyodor Disclosure: I lead the Nmap Security Scanner project ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Robert E. Lee (Feb 04)
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Fyodor (Feb 05)
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Robert E. Lee (Feb 07)
- <Possible follow-ups>
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny krymson (Feb 05)
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Tyler Reguly (Feb 06)
- RE: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Erin Carroll (Feb 06)
- Message not available
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Andre Amorim (Feb 07)
- RE: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Dan Catalin Vasile (Feb 10)
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Tyler Reguly (Feb 06)
- Re: Port Scanner Challenge Revisited: Nmap, Unicornscan, Portbunny Fyodor (Feb 05)