Tenable Nessus Vs Titania Nipper?
1,523 views
Skip to first unread message
Mohsin Khan
Mar 21, 2016, 3:50:25 AM3/21/16
to null-...@googlegroups.com
Hey Guys,
What is the difference between nessus and nipper? We know that nessus also deals with network devices. Does that includes configuration and security audits? Nipper also performs the same function. So how can we differentiate the two products in terms of functioning?
Regards,
Mohsin Khan
chaitany kamble
Mar 21, 2016, 4:27:22 AM3/21/16
to null-...@googlegroups.com
If I am correct nessus does it remotely with credentials by logging in and mostly based on kind of profile or benchmark selected.
Nipper needs to be fed with a config which it analyses and gives configuration plus acl review results.
--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
se7enth edition of nullcon Goa (Mar 9-12, 2016)
http://nullcon.net
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.
Deepak Rathore
Mar 21, 2016, 6:52:26 AM3/21/16
to null-...@googlegroups.com
Nessus Pro version could be used for active and passive both type of scanning.
Active: vulnerablity assessment
Passive: Configuration file will be uploaded and based on policies it will detect issues.
Active: vulnerablity assessment
Passive: Configuration file will be uploaded and based on policies it will detect issues.
Best Regards,
Deepak
Deepak
Mohsin Khan
Mar 22, 2016, 1:39:41 AM3/22/16
to null-...@googlegroups.com
@Deepak...Are you saying that nipper does the scanning in a passive state?
Regards,
Mohsin Khan
Ajay Nunna
Mar 22, 2016, 5:35:08 AM3/22/16
to null-...@googlegroups.com
Team,
As per my knowledge and from my experience. I felt more comfortable with nipper than Nessus.
Nipper freeware can be used for certain network devices. If you want to go for full devices then go for Nipper pro.
Whereas in Nessus you need to have a professional feed license to do network device config reviews.
And nipper doesn't support active scanning. I.e scanning live devices. You have to provide the config file to nipper.
Also pro versions has feature of bulk file acceptance.
Nessus I prefer for vulnerability scanning and nipper for config reviews.
So basis on your requirement , choose the one.
Mohsin Khan
Mar 22, 2016, 8:59:02 AM3/22/16
to null-...@googlegroups.com
Thanks Ajay! That helped.
smarsc...@incendiogroup.com
Apr 26, 2016, 1:51:10 PM4/26/16
to null
Hi Moshin.
I've used Nipper extensively, both the open source version and the commercial version (Nipper Studio). With Nipper Studio, you perform an offline audit of the config file(s) and can generate output in various formats (PDF, CSV, HTML, XML, etc.). With Nessus, you were always able to perform and online scan of the device (credentialed or uncredentialed), but a couple of years ago Tenable added the ability to upload a config file for an offline scan, similar to Nipper Studio. Nipper definitely supports more devices and works well, but I haven't been thrilled with the ability to create an Access DB or Excel spreadsheet with the results, which requires a fair amount of manual work to get just right. I've also been unhappy with their business practices, which started with the efforts to hide versions of their GPL code when they went public, and their new requirements that you by a minimum of 25 licenses at a time (this is very recent-- maybe last 6 months).
I am curious myself as to how Nessus performs in comparison to Nipper, as I have not had the opportunity to test it and I am seeking alternatives to Nipper because I don't trust Titania (with whom I have dealt repeatedly for the past few years) who makes it clear their goal is to squeeze every nickel they can from their customers. If you or anyone reading this has feedback on the Nessus offline scanning function, or even better, a direct comparison of the two, I would love to hear about it.
I know some of this info was covered already, but I hope it helps!
I've used Nipper extensively, both the open source version and the commercial version (Nipper Studio). With Nipper Studio, you perform an offline audit of the config file(s) and can generate output in various formats (PDF, CSV, HTML, XML, etc.). With Nessus, you were always able to perform and online scan of the device (credentialed or uncredentialed), but a couple of years ago Tenable added the ability to upload a config file for an offline scan, similar to Nipper Studio. Nipper definitely supports more devices and works well, but I haven't been thrilled with the ability to create an Access DB or Excel spreadsheet with the results, which requires a fair amount of manual work to get just right. I've also been unhappy with their business practices, which started with the efforts to hide versions of their GPL code when they went public, and their new requirements that you by a minimum of 25 licenses at a time (this is very recent-- maybe last 6 months).
I am curious myself as to how Nessus performs in comparison to Nipper, as I have not had the opportunity to test it and I am seeking alternatives to Nipper because I don't trust Titania (with whom I have dealt repeatedly for the past few years) who makes it clear their goal is to squeeze every nickel they can from their customers. If you or anyone reading this has feedback on the Nessus offline scanning function, or even better, a direct comparison of the two, I would love to hear about it.
I know some of this info was covered already, but I hope it helps!
Reply all
Reply to author
Forward
0 new messages