Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)
Рет қаралды 28,849
Күн бұрынHackers are experts at finding gaps in your security, but what if you could find them first? This is what vulnerability scanners do. They automatically scan your devices and find the weaknesses that hackers might try to exploit.
Two of the most well-respected vulnerability scanners are Tenable's Nessus and OpenVAS aka Greenbone Vulnerability Management. Both of them have free versions, but which is the best?
💬 Follow Me
/ andrewmrquinn
🌐 Nessus Essentials
www.tenable.com/products/ness...
🌐 Greenbone Enterprise Trial (OpenVAS)
www.greenbone.net/en/testnow/
Kali Linux (for Greenbone Source/Community Edition)
www.kali.org
Video timestamps:
0:00 - Vulnerability Scanners, Patch Scanners, and Penetration Tests
2:06 - Tenable Nessus, Greenbone OpenVAS, and Competitors
3:05 - Free Version Limitations
6:29 - User Experience Comparison
7:26 - Detecting Vulnerabilites in Unsupported Software
9:53 - Detecting Insecure Configurations: Test Setup
14:17 - Detecting Insecure Configurations: Results
18:54 - Conclusion
#CyberSecurity #Nessus #OpenVAS #Greenbone #VulnerabilityScanner
@Nikoolayy1 10 ай бұрын
Well Nessus can also do Web Application Tests and OpenVAS is just a vunrability scanner, so we have to add that into the picture as Nessus even can log into the web app using web form or basic authentication. I am not saying that OpenVAS is bad but it depends if you just need a vunrability scanner or also to test a web application.
@r3dl3ad3r 8 ай бұрын
Deeper dive into a framework that can help less experienced individuals understand findings -Your review in plain language really helped understand me understand some common detections
@ProTechShow 8 ай бұрын
Interesting idea. I'm not aware of a framework for such a thing, other than experience. As a crude tool the CVSS score can be used to roughly gauge how much you need to worry about a particular vulnerability, but it doesn't do much to really explain them.
@john.walley Ай бұрын
Excellent overview. Thank you for such an in-depth review.
@ProTechShow Ай бұрын
Thanks!
@VideoGigs 11 ай бұрын
Great video! Many thanks for making it. I especially appreciated that you included info on false positives and gave a brief description on some of the findings. Just wondering if you know of any good resource online that breaks down the Nessus scan finding better than what is provided by Nessus. Basically a better description of the configuration-type issues found and remediation advice etc?
@ProTechShow 11 ай бұрын
Thanks! I'm not aware of a generic location for information on everything. The best bet is to look on the website of the affected vendor. If there's a CVE number, stick that into Google. Microsoft, Red Hat, etc. will usually have a page dedicated to CVE that affects their products which will go into more detail. For others, stick the key phrase into Google and look for hits from the related vendor. These can be more work to find but there's usually an article about it somewhere - even if it's just to refute the alleged vulnerability.
@ffe4org 11 ай бұрын
I'm curious about your scan approach. I don't have Nessus, but with GVM/openvas, you have two scan approaches: Outside scan, Internal System scan. The outside scan, meaning being outside the host and scanning for vulnerabilities and the Internal System scan being one where you setup a Root user, pass the access to GVM and it logs in to the system to find libraries installed and their current vulnerability status (any CVE's listed on them.) From the penetration tester/red team point of view, you're taking on the role of an outsider, seeing what's open, what's broadcasting, etc. From a Blue Team perspective, you probably want to know what libraries are out of date, what CVEs are reported for what is running and installed on the system. A scan of the system, as root, is preferable to finding these issues. In GVM setting up that Root scan is not simple and isn't the default, but when done it is the most powerful aspect of GVM (imo).
@ProTechShow 11 ай бұрын
Nessus has the same options to run with or without credentials to log in to target systems. All of the scans used for this video were authenticated scans from the local network (blue team scenario) to give both tools the best opportunity to find problems.
@ffe4org 11 ай бұрын
@@ProTechShow I actually downloaded Nessus Essentials and it looks like all the scans require an access token. It's kinda a pain, or do I have it wrong? Like in BurpSuite I don't need to pass in a user login, it can run against a web app pre login, or post login using my session. But in Nessus Essentials web app scan it seems like I need to give it a user/pass and know the param pattern for passing it to the backend. I like that level when scanning libraries on a system, but for pentesting vuln scanning I can't seem to get Nessus to just scan without giving it user credentials.
@ProTechShow 11 ай бұрын
@@ffe4org if you start with the "advanced scan" template it's more of a GVM-like network scan. You can add credentials, but you don't have to. That's the method I used for the video.
@zootsuitpenguin Ай бұрын
This is great info! Thanks sir!!!
@ProTechShow Ай бұрын
Glad it was useful
@nshettys 3 ай бұрын
Great Stuff!!!
@ProTechShow 3 ай бұрын
Thanks 🙂
@ruipereira-ci6hm 10 ай бұрын
Where can I find the video mentioned at 19:29?
@ProTechShow 10 ай бұрын
It should pop up on the end screen, but in case it's not supported on your device the direct link is kzfaq.info/get/bejne/mpxno8eXrKjdo30.html
@aprendainformaticagratis 3 ай бұрын
How about the docker version? " mikesplain/openvas "
@ProTechShow 3 ай бұрын
Don't use it. That container image isn't maintained and has a version of OpenVAS that went end-of-life many years ago. There are official container images from Greenbone, but I don't personally use them. It seems like an overcomplication to me (it uses 16 containers), but if you want to go the Docker route that's the way to get a supported version.
@50PullUps 11 ай бұрын
We used InsightVM by Rapid7.
@ProTechShow 11 ай бұрын
One of the few that I believe is not based on Nessus/OpenVAS. I've not used it but heard good things. I think Rapid7 stopped offering a free version, though?
@leek4994 11 ай бұрын
I wonder how Wazuh would do in this scenario. It might be a little overkill though.
@ProTechShow 11 ай бұрын
My experience of Wazuh's vulnerability scanning is that it produces very poor quality results. The vulnerability module is more of a patch scanner in that it's just comparing installed software to a list of CVEs, so you can apply what I said at the start of the video. Combining its vulnerability results with its SCA module does go some way to providing better coverage by including quite a few configuration issues, but even so I've found the vulnerability module produces a LOT of false positives. If it was more accurate the agent-based approach would be great for mobile devices like laptops that are difficult to target with a network-based scan; but unfortunately I've found that the majority of its detections to be incorrect. I do quite like the Wazuh project, but the vulnerability results don't cut it for me at present.
@xelerated 4 ай бұрын
The reason Nessus is still ahead is the greenbone ui is so freaking ugly and not at all intuitive. Change that horrible ui and you might make great strides
@ProTechShow 4 ай бұрын
It is in dire need of a UX update, that's for sure
@burklafaburklafa6006 7 ай бұрын
0,75 is OK for non-natives
@user-te1mq9te1i 2 ай бұрын
NESSUS FROM GD
@zeprii9548 4 күн бұрын
Lol both of these are paid not, and none of them have a free version
@ProTechShow 4 күн бұрын
The video literally shows the free editions of both of them, and they're linked in the description
Go Gizmo!
Рет қаралды 27 МЛН
Pentest-Tools
Рет қаралды 535
Photo Eedit
Рет қаралды 298 М.
Infinity Circus
Рет қаралды 10 МЛН
Apple_calls РЕПЛИКА №1 В РФ
Рет қаралды 20 М.