.

Nessus vs. OpenVAS

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Oct 17, 2012 1:29 am

Nessus vs. OpenVAS

So, I've been getting some paid pentesting jobs, and I need to decide between buying a Nessus license or using OpenVAS.  I'd prefer not to spend the extra money, but I don't have any experience with OpenVAS.  Is it just as good as Nessus or should I suck it up and just buy the license?  I primarily do web pentesting, and use Nessus to find configuration issues and software vulnerabilities on a web server before I begin testing the actual site.

Also there are a lot of OpenVAS tutorials out there.  If anyone has some favorites please post the links. 

Thanks.
Sec+, eCPPT
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Wed Oct 17, 2012 2:40 am

Re: Nessus vs. OpenVAS

Although not offered directly on their website, if you contact Tenable it may be possible to obtain a trial of the professional feed.

http://www.tenable.com/products/nessus- ... evaluation

You could then perform your own comparison with OpenVAS and decide if the cost is justified for you.

I saw an article recently comparing Home/Community versions of the following scanners: Nessus, OpenVAS and Nexpose VS Metasploitable:

http://hackertarget.com/nessus-openvas- ... ploitable/

Whilst not a particulary in depth study, it is interesting in highlighting how detection and categegorization differs between the products.

The Nmap site also has a list of the Top 125 Network Security Tools, which can be drilled down further into just the Vuln Scanners and Web scanners:

http://sectools.org/
Last edited by m0wgli on Wed Oct 17, 2012 4:28 am, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Wed Oct 17, 2012 8:59 am

Re: Nessus vs. OpenVAS

You know that article is so useful. I've spent the past 30 mins or so looking at the vulnerabilities and researching ones I am not familiar with. I know this is really the point of metasploitable, but its still a great experience. I havent gotten to the nexpose and openVAS reports yet, but im looking forward to seeing the differences.
sectestanalysis.blogspot.com/‎
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Wed Oct 17, 2012 4:34 pm

Re: Nessus vs. OpenVAS

Yes, really excellent article m0wgli.  Just what I was looking for.  Thanks!
Sec+, eCPPT
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Thu Oct 18, 2012 8:33 am

Re: Nessus vs. OpenVAS

Why don't you just pass the cost of the license on to your client(s)?
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Thu Oct 18, 2012 12:56 pm

Re: Nessus vs. OpenVAS

BillV wrote:Why don't you just pass the cost of the license on to your client(s)?


I obviously would if I need to, but if OpenVAS is just as good, then I'd rather pass the cost of something else on to them.
Sec+, eCPPT
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Thu Oct 18, 2012 3:21 pm

Re: Nessus vs. OpenVAS

Just in case you're not aware. According to the Nessus license:

"Q. Can I use Nessus at work?

A. You must subscribe to the ProfessionalFeed to use Nessus outside of the home or personal use."

http://www.tenable.com/products/nessus/ ... anchor11.2

Based on my own personal observations, I've not come across anyone recommending OpenVAS over Nessus (Professional). Everyone seems to use Nessus.

I'd be interested to see which Vulnerabilty scanners are currently used by members here who are testing professionally.
Last edited by m0wgli on Thu Oct 18, 2012 3:40 pm, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Oct 18, 2012 4:28 pm

Re: Nessus vs. OpenVAS

True, but I would guess that many people use nessus because of its name recognition. How many people are taught about OpenVAS when they study for their CEH (I assume it would be mentioned in the GPEN). They work at one company that uses a product, and only use another when they have to. I recommended Nexpose to my company (well I informed them of its existence, and gave my opinion of it.), but they didnt change anything.
sectestanalysis.blogspot.com/‎
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Oct 18, 2012 5:34 pm

Re: Nessus vs. OpenVAS

My personal experience is that the paid vulnerability scanners typically provide more timely and accurate signatures. Unless OpenVAS has changed dramatically since I last used it, I think it would be negligent to use it professionally.

Nessus seems to provide a good cost/benefit ratio. I'd probably use something else or add-on the security center if I was using it in-house, but for one-off assessments, I can do without a lot of extra features.
The day you stop learning is the day you start becoming obsolete.
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Oct 19, 2012 1:13 am

Re: Nessus vs. OpenVAS

OpenVAS NVT 29,029
Nessus plugins 51,236

It's not a complete apples and to apples comparison as its not a 1:1 mapping of plugins to vulnerabilities but you get the idea.

If you are serious about doing VA work you really need Nessus Pro feed (or another commercial scanner) at a minimum. I'm of the mindset however that a really good pentester could make do with Nmap and if it's a webapp test all you really need is Zap/Burp and a browser. Vuln scanners are a crutch. I still use them, but sometimes I find myself spending more time weeding out false positives and second guessing what I knew already.
Last edited by tturner on Fri Oct 19, 2012 1:21 am, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Oct 19, 2012 2:50 am

Re: Nessus vs. OpenVAS

I can't comment on OpenVAS too much, got it running in a lab environment but haven't really used in anger.

Placing technical issues to one side, if you're providing a chargeable service some (rightly or wrongly, a debate for another day) will be more comfortable with a service backed up by a commercial organisation; and I have come across a handful of organisations that specifically disallow open source in their environment.

Given the relative low cost of a single Nessus license (compared to other commercial offerings) I'd suggest this may be the way to go in a commercial setting. The cost of a license can quickly be offset by picking up business from clients that otherwise wouldn't consider you.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Fri Oct 19, 2012 12:53 pm

Re: Nessus vs. OpenVAS

I used both, and let me tell you that maintenance, use and update OpenVAS is time comsuming comparing with Nessus.

Sometimes despend of you time.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Oct 19, 2012 4:42 pm

Re: Nessus vs. OpenVAS

tturner wrote:Vuln scanners are a crutch. I still use them, but sometimes I find myself spending more time weeding out false positives and second guessing what I knew already.


I don't rely on vuln scanners too much, but I do like to use them to get a sense of the overall focus of security of a client.  If I run it and come up with 10 major issues, I know I might have to focus first on fixing simple things since it's most likely the case that the admin hasn't really viewed security as a priority.  Kind of like running an antivirus scan, if it comes up with 40 viruses, i know it's going to be a pain to clean, but if it comes up with none that doesn't necessarily mean things are ok.
Last edited by Seen on Fri Oct 19, 2012 5:02 pm, edited 1 time in total.
Sec+, eCPPT

Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software