Results 1 to 5 of 5

Thread: Nessus or OpenVas

  1. #1
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default Nessus or OpenVas

    Hi dear pentesters,

    I just wanted to hear from you what kind of experience you have with Openvas. The last few times I used both tools, and nessus was detecting more vulnerabilities than openvas (both tools with updated plugins of course). Can you confirm this? Is anybody using OpenVas at all??
    Thanks for your comments............


    Cheers
    Don't eat yellow snow :rolleyes:

  2. #2
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    more detected vulnerabilities does not mean less false positives. I would suggest you using such products as less as possible, and verify everything manually (every vulnerability with the possible exploit, not with a version check).

  3. #3
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default

    Hey,

    openvas works quite good since the 2.0 release. It's stable and powerfull through the possibilities to include hydra, nikto, nmap and so on. I think they have to spend more attention to their plugins. Nessus has much more plugins and they are finding more vulnerabilities with less false pos.

    In my opinion openvas is on the right direction but has to spend a lot more work on their plugins.

    m-1-k-3

  4. #4
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Thanks for you answers so far guys.
    I too think that the idea of openvas is great but still in too early stage.....
    Don't eat yellow snow :rolleyes:

  5. #5
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default nessus

    For compliance I suggest the use of Nessus. It is well known in the industry and anyone considering your report as part of an integrated check will be justified in using it as a fairly reliable state-of-play.

    For updating, many sectors write add-in plugins which you can adapt for use in Nessus without changing the integrity.

    For parallel checking one might use OpenVas as a second opinion.

    Nessus is noisy. You might advise upstream the date and time of your scan to avoid allegation of attack.

    C
    Lux sit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •