Looking for suggestions on free/libre open source security scanning and pen testing products

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Looking for suggestions on free/libre open source security scanning and pen testing products

Wynona Stacy Lockwood
Dear list,

I've been using and supporting OpenVas since about day one, and I like many others am tired of it breaking every time a package has a minor update. I don't wish to discuss that as I have decided that it's just not ready for prime time despite all the work put into it. So my question is this:

What else is there? What do you use in your environment to conduct security scanning and penetration testing other than OpenVas?

--
Wynona Stacy Lockwood
[hidden email]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Looking for suggestions on free/libre open source security scanning and pen testing products

Eric Vanderveer-3
Well OpenVAS is pretty much the only open source application for this.  The only other alternative is using nmap and a module called Vulscan from marcruef on github.   Paid ones of course are Nessus, Qualys and NetSaint plus others.  I myself have used Nessus which OpenVas is a fork of.

Eric Vanderveer

On Mon, Jun 17, 2019, 12:41 PM Wynona Stacy Lockwood <[hidden email]> wrote:
Dear list,

I've been using and supporting OpenVas since about day one, and I like many others am tired of it breaking every time a package has a minor update. I don't wish to discuss that as I have decided that it's just not ready for prime time despite all the work put into it. So my question is this:

What else is there? What do you use in your environment to conduct security scanning and penetration testing other than OpenVas?

--
Wynona Stacy Lockwood
[hidden email]
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Looking for suggestions on free/libre open source security scanning and pen testing products

Wynona Stacy Lockwood
On Mon, Jun 17, 2019 at 12:05 PM Eric Vanderveer <[hidden email]> wrote:
Well OpenVAS is pretty much the only open source application for this.  The only other alternative is using nmap and a module called Vulscan from marcruef on github.   Paid ones of course are Nessus, Qualys and NetSaint plus others.  I myself have used Nessus which OpenVas is a fork of.

Eric Vanderveer

 Honestly, same. I used Nessus as far back as 3.x when it was still open source as well. How do you keep your OpenVAS instance from breaking every time it updates? Do you use their VM appliance, or build it from a repo? Or from source? I'm just REALLY tired of having to kill the machine and completely reinstall it.

-- 
Wynona Stacy Lockwood
[hidden email] 

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Looking for suggestions on free/libre open source security scanning and pen testing products

Eric Vanderveer-3
I run it from my Kali box and really haven't had much issues, I installed Kali back when It had OpenVAS.  I know they don't package it anymore in Kali I think for the reasons you mentioned.  I use Nessus more though so haven't really used VAS in a while.

On Mon, Jun 17, 2019, 1:18 PM Wynona Stacy Lockwood <[hidden email]> wrote:
On Mon, Jun 17, 2019 at 12:05 PM Eric Vanderveer <[hidden email]> wrote:
Well OpenVAS is pretty much the only open source application for this.  The only other alternative is using nmap and a module called Vulscan from marcruef on github.   Paid ones of course are Nessus, Qualys and NetSaint plus others.  I myself have used Nessus which OpenVas is a fork of.

Eric Vanderveer

 Honestly, same. I used Nessus as far back as 3.x when it was still open source as well. How do you keep your OpenVAS instance from breaking every time it updates? Do you use their VM appliance, or build it from a repo? Or from source? I'm just REALLY tired of having to kill the machine and completely reinstall it.

-- 
Wynona Stacy Lockwood
[hidden email] 
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users