If you used to use nessus for vulnerability scanning, but stopped when Tenable released 3.0 under a non-GPL license, you’re in luck. OpenVAS is a fork of nessus 2.0 and uses .nasl files. However, the vulnerability test feeds (NVTs) seem to be lacking the same breadth as those released by Tenable. However, many .nasl files are open and released by third-parties, so you could add them to your scanner.

Nessus is one of the better vulnerability scanners I’ve used for raw data. It doesn’t do any of the fancy dashboard or report generating that some of the others do, so it tends to get a bad rap. However, if you just need a scanner that finds potential vulnerabilities, Nessus gets the job done and well.

I have yet to play with OpenVAS, but I think it’ll be on my weekend list of things to play with.

This entry was posted on Tuesday, August 19th, 2008 at 9:27 am by Laura Raderman and is filed under software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.