Penetration Testing mailing list archives
Re: Alternatives to Nessus
From: "SD List" <list () security-database com>
Date: Tue, 24 Mar 2009 10:31:58 +0100 (CET)
Hi there, Since we've started running Security-Database Tools Watch, we've tested tons of tools, software, utilities and even wrote some reviews for products. What's the best alternative for nessus ?? is a complex question !! Since, you cannot rely on "one" software to perform a pentest or security assessment. Architectures become more complex and need auditors to use a wide set of toolkit to assess different "objects" (Object could be Operating System, Application, Database, Policy etc etc). IMHO, OpenVAS is "on its way" to be an alternative for Nessus since that the old community (frustrated in the past by the nessus closed-source affair) is showing up and starting to give a helping hand to develop plugins and tools .. just a matter of time to catch up the nessus learning curve !! The added value that seduces me in OpenVAS is the integration of the open standard OVAL. Now, you can really perform advanced "Local auditing" using definition developed by the Mitre.org community and others. When nessus will fail (or return less accurate results) to scan for advanced Web vulnerabilities, OpenVAS will just rely on integrated tools to do such task .. You can see it as a Mastermind Framework for "open source tools". Just take a look at the integrated tools to have an idea http://www.openvas.org/integrated-tools.html Now, both nessus and openvas will not cover all the pentest / audit phases. As for myself, i use them in the final stage to get a complete overview of my assessment. I'd prefer playing with "perl / python" utilities (http://www.darkc0de.com/) to get more information about a target Regards Nabil OUCHN Security-Database.com
* jond [21. Mar 2009]:Has anyone found any good alternatives to Nessus? I've played around with OpenVAS with their backtrack build, but either it's not pulling all the plugins, or it's just not as accurate as Nessus.Being one of the OpenVAS developers I might be a little biased, but I would consider OpenVAS to be mature enough (especially in the latest versions) to be good and Free alternative to Nessus. I'm sorry to hear that your experience was not completely positive and would like to help you with any trouble you might have had. Right now, OpenVAS is still missing a few plugins which could be carried over from Nessus due to licensing issue. The OpenVAS plugin developers are working on replacements, we hope to have them ready in the near future. Furthermore, there have been reports of missing results when performing concurrent checks on certain targets; it might help to "Concurrent Checks" to 1 in the OpenVAS client. I seem to recall that there were some issues with Backtrack environment, that might be another starting point. It would be very helpful for us to know more about the issues you are experiencing; you are welcome to join us in #openvas on irc.oftc.net or on the mailing lists listed on the OpenVAS website at http://www.openvas.org/. If you have discovered issues you consider to be bugs, feel free to report them on http://bugs.openvas.org/. Feel free to contact me if you have any questions or suggestions. Regards, Michael -- Michael Wiegand | OpenPGP: D7D049EC | Intevation GmbH - www.intevation.de Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Tired of using other people's tools? Why not learn how to write your own exploits? InfoSec Institute's Advanced Ethical Hacking class teaches you how to write stack and heap buffer overflow exploits for Windows and Linux. Gain your Certified Expert Penetration Tester (CEPT) cert as well. http://www.infosecinstitute.com/courses/advanced_ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Alternatives to Nessus jond (Mar 20)
- Re: Alternatives to Nessus A K (Mar 23)
- Re: Alternatives to Nessus Neo (Mar 23)
- RE: Alternatives to Nessus Shenk, Jerry A (Mar 24)
- Re: Alternatives to Nessus Taras P. Ivashchenko (Mar 23)
- Re: Alternatives to Nessus Wagner (Mar 23)
- Re: Alternatives to Nessus Michael Wiegand (Mar 23)
- Re: Alternatives to Nessus SD List (Mar 24)
- Re: Alternatives to Nessus Morning Wood (Mar 30)
- Re: Alternatives to Nessus SD List (Mar 24)
- Re: [pen-test] Alternatives to Nessus Micha Borrmann (Mar 24)
- Re: Alternatives to Nessus Sat Jagat Singh (Mar 24)