10:02 - Friday, 18 April 2014

Vulnerability Scanner, Nmap Vs Nessus

#Topics: does nmap and nessus work well together,Nessus and Nmap differences,Nessus vs Nmap

I need a good vulnerability auditing tool for Ubuntu so I decided to try nmap I also recalled that there was a product that can do this kind of work called Nessus it is no longer available in the repository and the packages for Ubuntu at its site http://nessus.org/nessus/ are old, I suppose that the latest one may work on maverick though, does anyone have any experience using nessus? How does it compare to nmap?

As far as I’m aware, Nessus is no longer free. You should take a look at OpenVAS, which is a Nessus alternative (and has even better coverage), instead.

OpenVAS (Nessus alternative) and Nmap are very much different. You can use OpenVas to find vulnerabilities without knowing how to look for them as OpenVAS tries out numerous attacks collected from various sources, whereas you do need to know what you are doing, where to look for, with Nmap.

Nmap is faster, Nessus is more complete. The repositories of BackTrack have the lastest nessus and Nmap.

nmap is not a vulnerability scanner, it’s network services scanner, it only detects available network services, it does not scan them for vulnerabilities.
Nikto (from package nikto) is a good web server vulnerabilities scanner.

You can still get Nessus for Linux. You need to download it direct from http://nessus.org/nessus/

Please note that there are differences between the pay for version and the free version. See here -> http://nessus.org/documentation/index.php?doc=faq#anchor66