Let me be clear up front, I don't have favorites among the nessus scanners and the nmap scanner. I like and use them both. >From my own perception, I think that nmap and nessus have a different slant, but a similar purpose. nmap has options that are decidedly more esoteric, yet are undoubtedly useful, such as the christmas scan or the "pick a random ip" for security research. nessus is more focused on the security auditor. It's not to say that both tools cannot be used in both environments, but they do tend to have a different bent. I think that useful is probably better defined with that context in mind. Undoubtedly Fyodor (and others on the list, apparently) find them useful.
That having been said, here are some of the features I might like to see out of the nessus scanners that are in the nmap scanner. Improvement of the interface might be handy as well: 1) zombie scanning (-sI in nmap) - this is handy for mapping out trust relationships in networks that are not well documented. In my role as an auditor, I often ask for documentation, and it's almost always lacking :) 2) very solid os detection - I've found that (within the scope of the scanner specifically) that nmap tends to be more accurate on OS detection. I realize that nessus has several other mechanisms for this. 3) scan delay - this might be in there (I thought it was, but can't find it) but being able to control the amount of time between each probe of a host is a good thing on the scanner side. 4) spoofing/cloaking/hiding/misdirection - one of the issues that I have run into is that we have deliberately belligerent employees who will firewall their box from the scanners. This always happens on nets with inadequate managerial oversight and/or configuration management. The proper solution, of course, is to fix these two problems, but this is not always an option within my control. Being able to show that a computer is specifically blocking the scanner for whatever reason (perhaps because it's been compromised) is useful to me. 5) quick and easy command line port scanning - it's really hard to beat "nmap myhost" for simplicity, and "nmap -sP mynet" for checking what's out there. As nessus moves away from a command line, I find that nmap's ease for the seasoned unix administrator makes more sense for many things. based on the help output of the nessus command line, you need a minimum of 7 arguments to do a batch mode scan. It's not that these are not useful and important, but it's also pretty weighty for an everyday tool. It hasn't gone unnoticed by myself at least that several features have been added to the scanners in the last couple of version which address problems that I've dealt with personally. On Tue, Sep 2, 2008 at 6:00 AM, Michel Arboi <[EMAIL PROTECTED]> wrote: > On Tuesday 02 September 2008 14:52:12 [EMAIL PROTECTED] wrote: > > I guess it's a personal choice, but mainly as we're using the NMAP > Service > > Discovery and comparing them against the Nessus results to make sure that > > we're covering everything. > > If you import Nmap results into Nessus and disable all other portscanners > to > save bandwidth, the probability that you discover a new open port is > exactly > 0. What's the use of comparing? > > > Plus NMAP gives a lot more options on how we scan > > Are they useful? > If yes, maybe we can add them to Nessus. > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Doug Nordwall Unix, Network, and Security Administrator You mean the vision is subject to low subscription rates?!!? - Scott Stone, on MMORPGs
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
