othman.bouayad 80 Report post Posted September 4, 2013 Hi, I have noticed that the latest version of Nessus Community Edition doesn't allow the scan of public ip addresses. What other freely available vulnerability scanner do you recommend ? (I have heard a lot of good things about OpenVAS, but i have not tested it yet) Thanks, 1 Share this post Link to post
Anuj Sharma 5 Report post Posted September 4, 2013 Have you tried the NMap scripting engine? NMap has powerful scripts which can scan the target for vulnerabilities. They are located in the /usr/local/share/nmap/scripts/ directory if you are using backtrack 5. NMap scripts has also been covered in the Scanning module of Network Security as well. OpenVAS has been forked out of Nessus, I haven't tried this as my employer has a professional version , but do let us know your feedback if you give it a try. There are various modules in Metasploit as well that can scan for vulnerabilites. Share this post Link to post
othman.bouayad 80 Report post Posted September 4, 2013 Hi, thanks anuj, i did know about NSE scripts but usually theses scripts target a vulnerability or a very specific set of vulnerabilities; I'll try OpenVas and try to give a feedback; Best regards; Share this post Link to post
othman.bouayad 80 Report post Posted September 5, 2013 Hi i tried OpenVAS, I found it quiet fast but not merely as comprehensive and intuitive to use as Nesssus. Best regards Share this post Link to post
guier.mike 6 Report post Posted September 27, 2013 I would imagine if you learned nmaps scripting engine, that would provide all you need. other than that I havent tried out OpenVAS. Share this post Link to post
robertray 41 Report post Posted September 28, 2013 http://www.scip.ch/?labs.20130625 Vulnscan - nse scripts. "Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version of different vulnerability databases." 1 Share this post Link to post
othman.bouayad 80 Report post Posted September 28, 2013 Hi, Thank you for your answer, i'll try vulnscan. Best regards, Share this post Link to post
SnakeByte 7 Report post Posted October 14, 2013 Not trying to encourage you to abuse Nessus policy, but in case you performing a external scan on your home public ip, Nessus community edition still lets you scan "public ips" you can simply ignore the warning. If you want to perform a professional/business scan which is not allowed by Nessus terms, I find OpenVAS 6 (self install not the one built into Kali) very satisfying, specially the new Web admin panel. 1 Share this post Link to post