-
March 13th, 2002, 05:14 PM
#1
Junior Member
Nessus
I've been reading Counter hack by Ed Skoudis and found a vulnerability scanner named nessus, has anyone used this before? pros and cons? I appreciate your imput.
-
March 13th, 2002, 05:54 PM
#2
Yup, it works. Yup its good.
Pros...It works like its supposed to. Can be updated. Great for securing your network.
Cons..It works like its supposed to. Great for scanning other sites (although it does get logged quickly). Also, the setup is a little tricky, because some of the instructions are wrong. The windows client sucks.
Nessus is just one of a handful of vuln. scanners that are pretty much the same.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
March 13th, 2002, 08:28 PM
#3
nessus is the best vulnerability scanner around. I have tried many including, Webtrends, CA Cybercop, Symantec Netrecon, and several others.
I would say that the only limitation to this point is it's reporting features. Although it will still generate HTML outputs, along with several other types, it is just not quite as robust in that aspect as several of the others. I also think the setup is about as easy as it gets:
Just run --> lynx -source http://install.nessus.org | sh
or
download it first and run --> sh nessus-installer.sh
Thats it!!
-
June 14th, 2002, 05:24 PM
#4
For the price, Nessus is a great tool. It stays up to date with vulnerabilities and the subsequent attacks, does a fair job of reporting the problem/correction intelligbly, is fairly easy to use, and is customizable to the environment that you are in; however, it can be extremely slow if you scan anything over a few devices. The attacks are also precanned, well known attacks that will make any IDS or system log light up like a christmas tree. So it is anywhere from good to outstanding, depending on what you are looking for and the amount of money you are able to pony up...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 14th, 2002, 06:44 PM
#5
version 1.2.1 was released on June 3rd for anyone that uses this program and wants to update it.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 14th, 2002, 09:26 PM
#6
How well does it compare to Saint, that is, what are the advantages/disadvantages if any. Is one more accurate, detectable, stable, etc?
I've not found a version that works well with FreeBSD yet and subsequently have not had chance to compare yet. Soon though I would like to think. CVsup runs tonight, so it should happen pretty quickly.
\"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|