On Friday 16 Nov 2012 08:35:04 王风军 wrote: > Hi, my admired friends, > I have two plugin questiones about openvas, they are as follows, > 1, What is the difference of plugins about openvas and nessus. Can the > openvas use the nessus plugins directly? why the plugins number is > different between openvas and nessus?
The plugins share a common language (although OpenVAS has been extended since the original fork). A lot of plugins should just work on either but there is no guarantee of this from either side. Moreover, I believe Tenable's position is that the use of (non-GPL) Nessus plugins in OpenVAS would be a breach of licensing. The reason the numbers are different is that having 1 namespace could lead to collisions (for example in databases) if a Nessus and OpenVAS report were merged, or if a plugin from 1 was used on the other. We opted for OIDs to make the namespace expandable - you can either request your own OID family from IANA(?) or request a sub-branch from OpenVAS and work on it with no fear of another developer re-using your ID. > 2, What is the difference of openvas and microsoft's mbsa tool. The > latter software function is to scan the windows system to find the systme > leaks and vulnerablility, and to patch them. I compared the scan result, > they are great different, Is it different leaks and vulnerbility between > openvas and mbsa scanner? OpenVAS will do both authenticated and unauthenticated testing. Some of the plugins will mimic parts of MBSA but, for example, MBSA has no capability to check for web vulnerabilities in WordPress, whereas plugins for such a class of vulnerability could exist within OpenVAS. > It is glad for me to receiving your replying mails. > best regards Cheers, Tim -- Tim Brown <mailto:[email protected]> <http://www.openvas.org/>
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
