Nmap Development mailing list archives
Re: NMap Scripts Vs Nessus
From: Jacky Jack <jacksonsmth698 () gmail com>
Date: Wed, 4 Aug 2010 15:22:32 +0800
Thank you all for your clarification. Dražen Popović's responses solve most of my confusion. Sorry, I must start with "Nmap NSE vs OpenVAS"as Nessus has already been out of open-source realm. What I'm worried is : A Nmap developer write a script for a vulnerability check then soon after, an OpenVAS developer write the same check script. And vice versa. So, seeing this case by many new potential contributors, they will confuse which one is used to write script. I want to address this confusion. What is Nmap NSE for ? What is NASL for? What are appropriate checks that should be used with NSE? What are appropriate checks that should be used with NASL? 2010/8/3 Dražen Popović <drazen.popovic () fer hr>
Hi Jacky. I'm a rather new NSE script developer and have experience in NASL scripting for the OpenVAS project which is an open source alternative to Nessus. From the perspective of a NASL developer I must say that the NASL language itself is a pain in the ass. It lacks many things that today modern scripting languages must have, and as such code written in it suffers in quality. And yes I'm aware that programmers are the ones responsible (including me) but the language itself doesn't help. Take a fact of tons of discussions OpenVAS guys (and probably Nessus) had on introducing another scripting language. The decision to have NASL as a main programming language made OpenVAS/Nessus guys maintainers of the language, and thus a little or none improvement is made. On the other side Lua is a beautiful little language which is rather popular and as such Lua has its own maintainers that have nothing to do with NMAP project. NSE offers tons of libs of very good quality which in turns make scripts that use it the same. Although for the time being IMHO Nessus is a better project in many ways than OpenVAS (which is expected), OV is growing rapidly and their developers are working hard to make OpenVAS great. Also consider the Nessus/OpenVAS script repository, a great majority of scripts fall into the Local Checks category, which are generally automatically generated. NMAP is oriented primary towards remote checks, and the relatively young NSE subproject as such has only the latest and the hottest scripts in that realm. These scripts are more appreciated from the perspective of the pentester. Consider the fact that OpenVAS wishes to integrate NMAP NSE for the sake of complementing their script repository. Note that I'm not saying that Nessus lacks remote checks, I'm just saying that NMAP NSE is not reinventing the wheel and that both Nessus and OpenVAS could benefit from NSE, and vice versa ofcourse. And not to mention that Nessus is not open source/free software... Cheers, Dražen. On Thu, 2010-07-29 at 22:08 +0630, Jacky Jack wrote:Hi Note in advance - no offense to nmap folks. Let me tell what I feel. Some of NMmap Scripts are now moving on for vulnerability scanning. Those scripts are a smallest subset of what Nessus is now doing. I have no idea why NSE folks write scripts that re-invent the wheel. Although I appreciate that we have two options to validate the results, a great deal of time will be wasted if NSE folks are writing/converting Nessus plugins to NSEs. Please explain me so that I can put in your shoes. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NMap Scripts Vs Nessus Jacky Jack (Jul 29)
- Re: NMap Scripts Vs Nessus Ron (Aug 02)
- Re: NMap Scripts Vs Nessus Patrick Donnelly (Aug 02)
- Re: NMap Scripts Vs Nessus Dražen Popović (Aug 03)
- Re: NMap Scripts Vs Nessus Djalal Harouni (Aug 03)
- Re: NMap Scripts Vs Nessus Jacky Jack (Aug 04)
- Re: NMap Scripts Vs Nessus Jan-Oliver Wagner (Aug 05)
- Re: NMap Scripts Vs Nessus DePriest, Jason R. (Aug 05)
- Re: NMap Scripts Vs Nessus Jan-Oliver Wagner (Aug 05)
- Re: NMap Scripts Vs Nessus Jacky Jack (Aug 07)