Originally Posted by thorin
hi,
a scanning tool itself doesn't care if you scan internal or external networks, but it depends what network element(s) you have between your int-ext-network, like a
firewall or router access-lists.
You mentioned your external NIC is not hooked up, so interface will be down and doesn't have any IP-address - so nothing to scan at all for nessus ;-) Just configure
an ip-address on this NIC and look if interface is enabled.
If you have found vulnerabilities on the internal-NIC, you will have mostly the same
vulnerabilities on the external-side, as long you don't block anything. The vulnerable
service will mostly run on all active NIC's, as long you don't change the settings to
bound this service to a specific interface.
nessus is a quite comprehensive tool for doing the usual-suspect-scan and it relies on latest signatures (plugin feed). So every pen-tester is using his own flavor of scanning techniques/tools - depends how serious you wanna deep into it.
Do identify the 'best' tool is therfore a matter how you wanna look at your nework. On one hand you can do the usual-suspects network scan and on the other hand you can scan very specifically for interesting services or open ports not usually scanned by these tools. Also if you go beyond identifying services and try to do protocol fuzzing you have to use different tools. Another many times overlooked scanning method: check for all UDP ports, this is not simple like a TCP-scan and also takes much longer and not very accurate, but as soon you find something, always quite interesting to do
further analysis and see how many times programmers still not reading RFC's from the 80's ;-)
A good list to start looking for other scanning tools:
sectools[.]org/vuln-scanners.html
/brtw2003
