Penetration Testing mailing list archives
Re: Nessus, Harmful?
From: Joseph McCray <joe () learnsecurityonline com>
Date: Sun, 31 Jan 2010 15:02:12 -0500
With Nessus as well as with any vulnerability scanner for that matter you run the risk of downing the device, server or application you are auditing. There really isn't a good way to know how it will affect what you are auditing until you actually run the scan. You can of course disable dangerous pluggins so that Nessus doesn't perform DOS checks, and you can tell Nessus not to scan sensitive hosts (Network Printers, Novell, etc). Another option is to try something like VMWare "P to V" (http://www.vmware.com/products/converter/) where you take a physical host and convert it to a virtual machine and then run Nessus against the virtual machine. Hope this helps... -- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com LinkedIn: http://www.linkedin.com/in/joemccray Twitter: http://twitter.com/j0emccray Website: http://www.learnsecurityonline.com New Advanced Penetration Testing Course: http://tinyurl.com/apt-course Video of my Advanced SQL Injection Presentation: http://tinyurl.com/j0e-McCray-sql-Injection "The only thing worse than training good employees and losing them is NOT training your employees and keeping them." - Zig Ziglar ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Nessus, Harmful? Joseph McCray (Feb 02)
- <Possible follow-ups>
- Re: Nessus, Harmful? Jonathan Cran (Feb 02)
- Re: Nessus, Harmful? Danijel Starman (Feb 03)
- Re: Nessus, Harmful? Kevin Shaw (Feb 05)