Security Basics mailing list archives
Re: NMap Scripts Vs Nessus
From: Vincent Maury <maurybond () gmail com>
Date: Mon, 26 Jul 2010 23:25:20 +0200
Hello,I would rather compare NMap scripts to OpenVAS plugins, which are both GPL'd. As NMap can be used as a port scanner in OpenVAS (through a dedicated wrapper), I guess writing NSEs is somehow similar to writing NASL plugins, isn't it? Do they address the same vulnerabilities? Anyway, at the end of the day, developers are free to contribute to the project they commit to the most... I guess...
Vincent Le 23/07/2010 18:46, Todd Haverkos a écrit :
Jacky Jack<jacksonsmth698 () gmail com> writes:Hi Some of NMmap Scripts are now moving on for vulnerability scanning. Those scripts are a smallest subset of what Nessus is now doing. I have no idea why NSE folks write scripts that re-invent the wheel. Although I appreciate that we have two options to validate the results, a great deal of time will be wasted if NSE folks are writing/converting Nessus plugins to NSEs. How do you think?Fyodor's got some excellent folks working for him to improve nmap, and I'd strongly encourage anyone to re-think calling any of it a waste of time! I think nmap scripts are excellent additions to an already powerful tool. If there's some functionality overlap between some of those and other existing tools, so be it. As you say, there's value in a second opinion to weed out false positives. I also somewhat doubt they're going about it primarily by reverse engineering Nessus plugins. As another poster mentioned, Nmap is free, Nessus is not. Bringing commercial functionality and getting it into the hands of more people is good for state of security. To make an analogy to a different tool, yes, Core Impact has been an amazing penetration testing exploit tool for a long time, but given its price tag, how many people ever were able to leverage it to show clients how easy it could be for a sufficiently motivated attacker? Now that Metasploit (free) is staggeringly awesome as an exploit framework, the argument for pushing vendors to fix their bugs, or for organizations to apply lagging patches has become a bit more compelling. "A _free_ tool is avaialable with a plugin to exploit this" is a lot more compelling to people than "There's this thing called Core Impact has a sploit for this issue, but it costs [xx] thousand dollars, and not many people have it." -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- NMap Scripts Vs Nessus Jacky Jack (Jul 22)
- Re: NMap Scripts Vs Nessus Fedora Hacker (Jul 23)
- Re: NMap Scripts Vs Nessus Todd Haverkos (Jul 23)
- Re: NMap Scripts Vs Nessus Vincent Maury (Jul 27)
- Re: NMap Scripts Vs Nessus Jacky Jack (Jul 29)
- Re: NMap Scripts Vs Nessus Vincent Maury (Jul 28)
- Re: NMap Scripts Vs Nessus Vincent Maury (Jul 27)