Pen-Testing and Metasploit Question

[metafan at intern0t.net (MaXe)]

Edward Bjarte Fjellsk?l wrote:
> metafan at intern0t.net wrote:
>   
> > Of course there's much more about this, but to be honest yes you can
> > use BackTrack, Nessus and Metasploit.
> >
> > Best Regards,
> > MaXe
> >     
>
>
> Opensource Nessus ? or closed Nessus ?
> Any thoughts on OpenVAS ? (which I use... Nessus fork.. opensource :)
> (www.openvas.org)
>
>
> e
>
>   
Hi Edward,

Version 3 or perhaps 4 should be fine, i have read the changelog and 
it's not that great a difference from what i read. (they compare to 
version 2 mostly..)

OpenVAS.. I think i might have tried it, i have definently heard the 
name before but there was just something i didn't like, perhaps it's 
detection methods were insufficient compared to Nessus. Of course they 
could have improved by now. The only thing i care about is that it's 
free and that it's good = works sufficiently so i don't have to run 5 
tools that does the same. Anyways just to tell my point of view, yes i 
know firing up a vulnerability scanner is usually bad and it will 
probably trigger an IDS or two (if there is any!), but when there's 
time-limits i would suggest it.

Anyways i could probably write a paper or a book about all my points of 
views and that is why i have to narrow down / shorten what i say here on 
the mailing list :-) (i don't think anyony would care to listen either xD)