Nessus

Started by Digury, June 25, 2013, 06:22:32 PM

Previous topic - Next topic

Digury

Hey All./
The Truth Is You've Got OpenVas , But Many Pentesters Adore Nessus So Could We Have This At Next Version? ( I Know I Can Install It ! >:( )
I Hope Your Negotiation With Tenable Goals To Good Outcome
Ty
XD

b4d_bl0ck

Hey Digury,
what you say is quite normal, everyone prefer a tool he is more comfortable with, but as you can understand reading the spirit of BBox distro, it aims to be complete and lightweight. This means developers preferer to include a "tiny" number of tools, with whom you can do almost everithing, avoiding to have lots of programs that actually do the same thing. Maybe the question coud be: Nessus or OpenVAS? But this has to be answered by developers.
BBox provides a pentesting environment that works out of the box and with minimal resources. You can start a pentest session from a small live usb, or run the distro in an old pc or a little netbook, and you really have everithing you need for most pentest scenarios... but obviously it is very customizable, so if we need some extra tools we can always install them ;)
This is in general... I think devs will answer to you as soon as they can :)

Bye, have a nice hack!
bool secure = check_paranoia() ? true : false;

ostendali

Quote from: Digury on June 25, 2013, 06:22:32 PM
Hey All./
The Truth Is You've Got OpenVas , But Many Pentesters Adore Nessus So Could We Have This At Next Version? ( I Know I Can Install It ! >:( )
I Hope Your Negotiation With Tenable Goals To Good Outcome
Ty
XD
Hi there,
we did tried in the past to negotiate with tenable about nessus, but it wasn't given a positive reply at that time. Because BB follows Debian Free Software Guidelines (http://en.wikipedia.org/wiki/Debian_Free_Software_Guidelines) we are not really positively nessus oriented. But at the same time we are a very open community, so in case if nessus came back to us and give us a BB version of nessus, we won't obviously reject.

But hey, OpenVAS is quite complete in term of vuln assessment/scan/management. All you need to have is the security skill to distinguish the false positives which is more accurate in nessus (but not that far)...

I am pentester and for our company we use Nessus, which is suitable for us to have in less time the result on work on compliance job. Many servers.....but honestly, there are really few difference between 2.....

If you'd like to install nessus however, be my guest, we will support you and help you in case of any issues....

Happy Hacking!