Vuln Scanner

Viewing 11 reply threads
  • Author
    Posts
    • #3586
      timmedin
      Participant

      I’ve used a few different ones but other than the results format have you guys found one to be better at finding issues than another? I haven’t found any differences between them in finding vulnerabilities have any of you?

    • #23294
      Ketchup
      Participant

      I’ve primarily used Nessus and Retina.  Retina seems to be a bit more accurate, but Nessus has come a long way.  I don’t know if the accuracy factor is worth the much higher price however. 

    • #23295
      hunter
      Participant

      nessus for general purpose is a good choice.

      nmap and amap are flexible tools, nikto v1 works better with the mutate option then nikto 2. Fuzzers like Jbrofuzz for a closer look and then some specialiced tools against known daemons.

      hunter

    • #23296
      timmedin
      Participant

      @Ketchup wrote:

      I’ve primarily used Nessus and Retina.   Retina seems to be a bit more accurate, but Nessus has come a long way.  I don’t know if the accuracy factor is worth the much higher price however.   

      Retina is one I haven’t used.

    • #23297
      Michael J. Conway
      Participant

      I’ve played with Retina, GFI LanGard, and Nexpose while looking for somethingg to replace Nessus. I found that I still prefered Nessus. I just felt I was getting better more consistent results here in our lab with it.

    • #23298
      ethicalhack3r
      Participant

      As Nessus is no longer opensource. What opensource alternatives are there?

    • #23299
      MicroJay
      Participant

      I utilize Nessus with nmap thrown in.  I use it primarily to verify a third party scan results for PCI.  Also use it for inbetween the quarterly scans to see if anything ‘pops’ up.

    • #23300
      Michael J. Conway
      Participant

      You could try openVas. IT is basically Nessus and is supposed to be compatible with Nessus plug-ins. I haven’t had much luck with it though.

    • #23301
      timmedin
      Participant

      @sgt_mjc wrote:

      You could try openVas. IT is basically Nessus and is supposed to be compatible with Nessus plug-ins. I haven’t had much luck with it though.

      Seems to me that OpenVAS is dying a slow death. I wouldn’t consider it an enterprise solution. You can still use Nessus for free, but it isn’t the professional feed.

    • #23302
      hackernovice
      Participant

      I prefer Nessus to retina.

      I also like Saint, using Backtrack 2-3 Linux

    • #23303
      Kev
      Participant

      Nessus along with GFI LanGard.  Nessus seems to work better with fragmentation for the networks that allow frag packets. 

    • #23304
      Michael J. Conway
      Participant

      I also noticed that I do get beeter results with Retina if I have credentials. Unfortunately(or furtunately), our cleint will not give us credientials. Happy scanning.

Viewing 11 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?