The Ethical Hacker Network - Freeware, Shareware or Commercial Vuln Scanners?

Latest Additions

Who's Online

p0et

Full Member

Offline

Posts: 197

Freeware, Shareware or Commercial Vuln Scanners?

« on: December 01, 2006, 11:43:20 AM »

What do you guys prefer? I for one, love using Nessus, Metasploit, Nmap and Netcat for most of my hacks, but that's all I honestly can afford! Roll Eyes

Is CORE Impact & ISS Scanner really that much better and worth the thousands of $$$ to use?

Anyways, just some thoughts on this topic would be great!


	Logged

GCIH, Security+, Network+, A+, MCP, DCSE

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4165

Editor-In-Chief

Re: Freeware, Shareware or Commercial Vuln Scanners?

« Reply #1 on: December 01, 2006, 12:55:06 PM »

If your question is specifically on vuln scanners, then Nessus is just fine. Doesn't have the bells and whistles as some of the big boys like ISS, LANGuard, etc. But considering that many companies have nothing, making yourself knowledgeable in Nessus will do you well. Plus, if being hired is your concern, I don't think anyone will look down on you for only knowing Nessus. Not knowing any vuln scanner can hurt you.

As for Core Impact, it is an automated pen testing tool and much less of a vuln scanner. According to their web site:

Quote

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments.

That being said, I've played with it, and it is awesome. If you do pen testing for a living, it is worth the money. If you are just learning or have a very tight budget, look to Metasploit.

Hope this helps,
Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Kev

Guest

Re: Freeware, Shareware or Commercial Vuln Scanners?

« Reply #2 on: December 01, 2006, 04:15:04 PM »

Those free utilities are great. It really depends on what you are trying to do as far as a hack is concerned and your client. You have to remember that 99% of the hacking going out there is done with those free tools. Hackers usually can’t afford and therefore don’t use tools like core, at least as far as I have seen. If you are tying to secure a network from hackers then you should use the same approach most of them do.

If you assault a network skillfully with the traditional tools and also know how to compile exploits and you cant get in, then you can feel assured 90% of what is out there cant get in either. If I where doing security work for someone like Amazon.com that has millions of dollars at stake, well Core would be a must. Some of the people in the DOD use Canvass and seem to like it a lot. In other words, if you can’t afford expensive tools, please don’t think for a second you can’t do some very effective hacking!


	Logged

p0et

Full Member

Offline

Posts: 197

Re: Freeware, Shareware or Commercial Vuln Scanners?

« Reply #3 on: December 01, 2006, 05:15:48 PM »

Thanks for the replies. I guess I just thought if I ever apply for a pentester position, they would mainly be looking for those commercial tools like CORE Impact and Canvass if that's what I'd be using with them. I can see how Nessus and those other free tools would be beneficial to have on the resume as well. Keeps you at the level of the malacious hacker.