On Tuesday 02 September 2008 16:48:17 Doug Nordwall wrote: > 1) zombie scanning (-sI in nmap) - this is handy for mapping out trust > relationships in networks that are not well documented.
What do you mean by "trust relationship"?? > 2) very solid os detection - I've found that (within the scope of the > scanner specifically) that nmap tends to be more accurate on OS detection. As far as TCP/IP fingerprinting is concerned, sinfp is probably as good as Nmap -- and Nessus uses it. Nessus also uses other methods to identify the remote OS, and nothing beats "uname -a" on the remote system. > I realize that nessus has several other mechanisms for this. Right, although they are not "fingerprinting" per se. > 3) scan delay - this might be in there (I thought it was, but can't find > it) but being able to control the amount of time between each probe of a > host is a good thing on the scanner side. There is no direct equivalent of the scan delay that you have in Nmap, but you can do something like that by playing on the level of parallelism and the "micro_timeout" option. > Being able to show that a computer is specifically blocking the scanner for > whatever reason (perhaps because it's been compromised) is useful to me. I suppose that you can do that by looking at machines that have no open ports? > 5) quick and easy command line port scanning nessuscmd -sT / -sP _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
