Re: NMap Scripts Vs Nessus

[Patrick Donnelly <batrick () batbytes com>]

Hello Jacky,

On Thu, Jul 29, 2010 at 11:38 AM, Jacky Jack <jacksonsmth698 () gmail com> wrote:
> Hi
>
> Note in advance - no offense to nmap folks.
>
> Let me tell what I feel.
>
> Some of NMmap Scripts are now moving on for vulnerability scanning.
> Those scripts are a smallest subset of what Nessus is now doing.
>
> I have no idea why NSE folks write scripts that re-invent the wheel.
>
> Although I appreciate that we have two options to validate the results,
> a great deal of time will be wasted if NSE folks are
> writing/converting Nessus plugins to NSEs.
>
> Please explain me so that I can put in your shoes.

Couple reasons I'll write down which are by no means exhaustive:

(a) Scripts/Libraries are written in Lua instead of a proprietary
format ("scripting language") that Nessus uses. They can conceivably
be used outside of Nmap in custom (but GPL compliant) software.

(b) It's fun and challenging. (People don't write these scripts
because it's work.)

I'm sure there are many other good reasons. I'm not at all familiar
with how Nessus's plugins work. I would think Nmap's NSE is far more
robust and featureful allowing for more interesting things to be done.

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/