What are your opinions on vulnerability scanners?

Looking for something to use to validate patching and overall OS security posture. What is your opinion on vulnerabiluty scanners, especially on *nix?

I see Lynis and OpenVAS and am interested in exploring each. I have also used Qualys and Nexpose in past jobs.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Mike7

OpenVAS is a fork of Nessus after it turned commercial.

I kinda like Nessus. You can try the home edition for free and the professional license is inexpensive when compared to other commercial products.

tedjames

Nessus is good, of course. Then there's Burp Suite (free and Pro), OWASP-Zap (free with Kali Linux), web browser developer tools (free), Dirbuster (free), and I'm sure a lot of other great tools. Check out what's available in the web app scanning section of Kali Linux.

There are lots of manual techniques, too. Check this out: https://www.guru99.com/web-application-testing.html

There are plenty of other good reference sites.

TheFORCE

I'd go with nessus or Qualys.

NotHackingYou

I like OpenVAS for this kind of work.

TechGuru80

What is your budget? What kind of reporting do you need? If you are an enterprise, you should be using a full solution like Qualys or Security Center...but just general scanning I prefer Nessus...Qualys requires you to run a VM appliance to scan.

tedjames

TechGuru80 wrote: »

What is your budget? What kind of reporting do you need? If you are an enterprise, you should be using a full solution like Qualys or Security Center...but just general scanning I prefer Nessus...Qualys requires you to run a VM appliance to scan.

If you can't afford Security Center ($20k I think), look into Tenable.IO.

JoJoCal19

Nexpose (and now InsightVM) is top notch if you’re looking at professional options.

iBrokeIT

The Nessus scanner is great but I do not recommend the Tenable.IO platform, it is not ready for primetime. Trying to reliably pull scan data out via the API the last few months has been nightmare and the support resources to address the problem have been lacking.

mmcabe

Lynis is great on individual nodes. I use ZenMap for the network.