HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 30 guests and 2 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Freeware, Shareware or Commercial Vuln Scanners?
Ethical Hacker Community Forums
January 09, 2009, 03:11:56 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2009 - May 4 - 9. Boot Camps & an Ethical Hacking Conf. www.chicagocon.com
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Freeware, Shareware or Commercial Vuln Scanners?  (Read 1926 times)
0 Members and 1 Guest are viewing this topic.
p0et
Full Member
***
Offline Offline

Posts: 100



View Profile
« on: December 01, 2006, 11:43:20 AM »
What do you guys prefer?  I for one, love using Nessus, Metasploit, Nmap and Netcat for most of my hacks, but that's all I honestly can afford!  Roll Eyes

Is CORE Impact & ISS Scanner really that much better and worth the thousands of $$$ to use? 

Anyways, just some thoughts on this topic would be great!
Logged
GCIH, Security+, Network+, A+, MCP, DCSE
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2442


Editor-In-Chief


View Profile WWW
« Reply #1 on: December 01, 2006, 12:55:06 PM »
If your question is specifically on vuln scanners, then Nessus is just fine. Doesn't have the bells and whistles as some of the big boys like ISS, LANGuard, etc. But considering that many companies have nothing, making yourself knowledgeable in Nessus will do you well. Plus, if being hired is your concern, I don't think anyone will look down on you for only knowing Nessus. Not knowing any vuln scanner can hurt you.

As for Core Impact, it is an automated pen testing tool and much less of a vuln scanner. According to their web site:

Quote
CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments.

That being said, I've played with it, and it is awesome. If you do pen testing for a living, it is worth the money. If you are just learning or have a very tight budget, look to Metasploit.

Hope this helps,
Don
Logged
CISSP, MCSE, CEH, Security+ SME
Kev
Guest
« Reply #2 on: December 01, 2006, 04:15:04 PM »
Those free utilities are great. It really depends on what you are trying to do as far as a hack is concerned and your client.  You have to remember that 99% of the hacking going out there is done with those free tools.  Hackers usually can’t afford and therefore don’t use tools like core, at least as far as I have seen. If you are tying to secure a network from hackers then you should use the same approach most of them do.

 If you assault a network skillfully with the traditional tools and also know how to compile exploits and you cant get in, then you can feel assured 90% of what is out there cant get in either.  If I where doing security work for someone like Amazon.com that has millions of dollars at stake, well Core would be a must.  Some of the people in the DOD use Canvass and seem to like it a lot. In other words, if you can’t afford expensive tools, please don’t think for a second you can’t do some very effective hacking!
Logged
p0et
Full Member
***
Offline Offline

Posts: 100



View Profile
« Reply #3 on: December 01, 2006, 05:15:48 PM »
Thanks for the replies.  I guess I just thought if I ever apply for a pentester position, they would mainly be looking for those commercial tools like CORE Impact and Canvass if that's what I'd be using with them.  I can see how Nessus and those other free tools would be beneficial to have on the resume as well.  Keeps you at the level of the malacious hacker.
Logged
GCIH, Security+, Network+, A+, MCP, DCSE
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.041 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.