End of Nessus
2 views
Skip to first unread message
fred mastrippolito
Jul 5, 2008, 12:57:00 AM7/5/08
to digital-...@googlegroups.com
For all practical purposes the commercialization of nessus has killed the small time security assessment guy. Starting the end of the month, nessus will be licensed for home use or commercial. I would bet that a lot of small time or part time lone guns will use the home license on the sly and just strip out any mention of the tool from their reports. Of course that wouldn't be moral.
Nmap's new scripting language NSE is starting to make inroads. They have scripts to check ftp, snmp, test basic auth, RealVNC auth bypass etc.
They still have a way to go to match the NASL's.
I installed openvas, the free nessus alternative, a fork from nessus 2.0 Man it takes me back to the old days. It comes in five pieces.
openvas-client-1.0.4.tar.gz openvas-plugins-1.0.2.tar.gz
openvas-libnasl-1.0.1.tar.gz openvas-server-1.0.1.tar.gz
openvas-libraries-1.0.2.tar.gz
Each piece has to be installed in certain order, there are dependencies which must be met and of course no documentation. Luckily debian apt repos make dependency hell a little easier to deal with. After I installed everything I couldn't figure out how to log in to it. The installer puts everything in /usr/local
/usr/local/lib/openvas
/usr/local/com/openvas
/usr/local/var/lib/openvas
/usr/local/etc/openvas
I think openvas is expecting the var/lib/openvas to be located in /var so I created links for everything and it works. The client looks the same as it always did. I ran some scans. Didn't find much. Ok lets take a look at the plugins. /usr/local/lib/openvas/plugins is looking a little slim. The latest microsoft nasl is ms04-039.nasl. It will be a while before we can rely on openvas for our vulnerability assessments.
Nmap's new scripting language NSE is starting to make inroads. They have scripts to check ftp, snmp, test basic auth, RealVNC auth bypass etc.
They still have a way to go to match the NASL's.
I installed openvas, the free nessus alternative, a fork from nessus 2.0 Man it takes me back to the old days. It comes in five pieces.
openvas-client-1.0.4.tar.gz openvas-plugins-1.0.2.tar.gz
openvas-libnasl-1.0.1.tar.gz openvas-server-1.0.1.tar.gz
openvas-libraries-1.0.2.tar.gz
Each piece has to be installed in certain order, there are dependencies which must be met and of course no documentation. Luckily debian apt repos make dependency hell a little easier to deal with. After I installed everything I couldn't figure out how to log in to it. The installer puts everything in /usr/local
/usr/local/lib/openvas
/usr/local/com/openvas
/usr/local/var/lib/openvas
/usr/local/etc/openvas
I think openvas is expecting the var/lib/openvas to be located in /var so I created links for everything and it works. The client looks the same as it always did. I ran some scans. Didn't find much. Ok lets take a look at the plugins. /usr/local/lib/openvas/plugins is looking a little slim. The latest microsoft nasl is ms04-039.nasl. It will be a while before we can rely on openvas for our vulnerability assessments.
Reply all
Reply to author
Forward
0 new messages