Penetration Testing mailing list archives

Re: Nessus, Harmful?

From: Jeremy Brown <0xjbrown41 () gmail com>
Date: Thu, 28 Jan 2010 19:02:58 -0500

Nessus is a comprehensive vulnerability scanning program. It contains
a huge repository of vulnerability and service detection scripts that
can be updated daily.

http://www.nessus.org/documentation/

On Thu, Jan 28, 2010 at 4:04 PM, Genaro Liriano
<Genaro.Liriano () teranet ca> wrote:

 Does Nessus actually performs pen-tests or is it just a Vulnerability
assessment tool?



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of John Jasen
Sent: Thursday, January 28, 2010 2:28 PM
To: Zaki Akhmad
Cc: pen-test () securityfocus com
Subject: Re: Nessus, Harmful?

Zaki Akhmad wrote:

Hello,

I want to do a nessus scanning, but before I'd like to know is it
nessus scanning harmful? Because I don't want to make the server down.


While a full nessus scan may crash services or your system, you may want
to consider that if you can do it legitimately, there's a chance the bad
guys can do it as well.

Of course, make sure you have all the appropriate permissions before
scanning.

--
-- John E. Jasen (jjasen () realityfailure org)
-- "Deserve Victory." -- Terry Goodkind, Naked Empire

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Nessus, Harmful? Zaki Akhmad (Jan 11)
- RE: Nessus, Harmful? Swaminathan, Balaji (Jan 11)
- Re: Nessus, Harmful? Mohamed Aymen SAHLI (Jan 11)
- Re: Nessus, Harmful? Adel Abushaev (Jan 11)
- Re: Nessus, Harmful? Joseph J. Snyder III (Jan 11)
- Re: Nessus, Harmful? John Jasen (Jan 28)
  - RE: Nessus, Harmful? Genaro Liriano (Jan 28)
    - Re: Nessus, Harmful? Jeremy Brown (Jan 28)
    - Re: Nessus, Harmful? Adriel T. Desautels (Jan 28)
- Re: Nessus, Harmful? Shohn Trojacek (Jan 28)
  - Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
    - Re: Nessus, Harmful? bugs (Jan 29)
    - Re: Nessus, Harmful? rajat swarup (Jan 29)
- <Possible follow-ups>
- Re: Nessus, Harmful? lukasz (Jan 11)
  - Re: Nessus, Harmful? Edin Dizdarevic (Jan 11)
  - Re: Nessus, Harmful? Adrian Puente Z. (Jan 11)