Results 1 to 6 of 6

Thread: Nessus

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    11

    Nessus

    I've been reading Counter hack by Ed Skoudis and found a vulnerability scanner named nessus, has anyone used this before? pros and cons? I appreciate your imput.

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Yup, it works. Yup its good.

    Pros...It works like its supposed to. Can be updated. Great for securing your network.
    Cons..It works like its supposed to. Great for scanning other sites (although it does get logged quickly). Also, the setup is a little tricky, because some of the instructions are wrong. The windows client sucks.

    Nessus is just one of a handful of vuln. scanners that are pretty much the same.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    nessus is the best vulnerability scanner around. I have tried many including, Webtrends, CA Cybercop, Symantec Netrecon, and several others.

    I would say that the only limitation to this point is it's reporting features. Although it will still generate HTML outputs, along with several other types, it is just not quite as robust in that aspect as several of the others. I also think the setup is about as easy as it gets:

    Just run --> lynx -source http://install.nessus.org | sh
    or
    download it first and run --> sh nessus-installer.sh

    Thats it!!

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    For the price, Nessus is a great tool. It stays up to date with vulnerabilities and the subsequent attacks, does a fair job of reporting the problem/correction intelligbly, is fairly easy to use, and is customizable to the environment that you are in; however, it can be extremely slow if you scan anything over a few devices. The attacks are also precanned, well known attacks that will make any IDS or system log light up like a christmas tree. So it is anywhere from good to outstanding, depending on what you are looking for and the amount of money you are able to pony up...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    version 1.2.1 was released on June 3rd for anyone that uses this program and wants to update it.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    317
    How well does it compare to Saint, that is, what are the advantages/disadvantages if any. Is one more accurate, detectable, stable, etc?

    I've not found a version that works well with FreeBSD yet and subsequently have not had chance to compare yet. Soon though I would like to think. CVsup runs tonight, so it should happen pretty quickly.
    \"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •