Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)

Thanks!

Interesting idea. I'm not aware of a framework for such a thing, other than experience. As a crude tool the CVSS score can be used to roughly gauge how much you need to worry about a particular vulnerability, but it doesn't do much to really explain them.

Thanks! I'm not aware of a generic location for information on everything. The best bet is to look on the website of the affected vendor. If there's a CVE number, stick that into Google. Microsoft, Red Hat, etc. will usually have a page dedicated to CVE that affects their products which will go into more detail. For others, stick the key phrase into Google and look for hits from the related vendor. These can be more work to find but there's usually an article about it somewhere - even if it's just to refute the alleged vulnerability.

Glad it was useful

Thanks 🙂

Nessus has the same options to run with or without credentials to log in to target systems. All of the scans used for this video were authenticated scans from the local network (blue team scenario) to give both tools the best opportunity to find problems.

@@ProTechShow I actually downloaded Nessus Essentials and it looks like all the scans require an access token. It's kinda a pain, or do I have it wrong? Like in BurpSuite I don't need to pass in a user login, it can run against a web app pre login, or post login using my session. But in Nessus Essentials web app scan it seems like I need to give it a user/pass and know the param pattern for passing it to the backend. I like that level when scanning libraries on a system, but for pentesting vuln scanning I can't seem to get Nessus to just scan without giving it user credentials.

@@ffe4org if you start with the "advanced scan" template it's more of a GVM-like network scan. You can add credentials, but you don't have to. That's the method I used for the video.

One of the few that I believe is not based on Nessus/OpenVAS. I've not used it but heard good things. I think Rapid7 stopped offering a free version, though?

It should pop up on the end screen, but in case it's not supported on your device the direct link is th-cam.com/video/d67pdfGBysI/w-d-xo.html

My experience of Wazuh's vulnerability scanning is that it produces very poor quality results. The vulnerability module is more of a patch scanner in that it's just comparing installed software to a list of CVEs, so you can apply what I said at the start of the video. Combining its vulnerability results with its SCA module does go some way to providing better coverage by including quite a few configuration issues, but even so I've found the vulnerability module produces a LOT of false positives. If it was more accurate the agent-based approach would be great for mobile devices like laptops that are difficult to target with a network-based scan; but unfortunately I've found that the majority of its detections to be incorrect.
I do quite like the Wazuh project, but the vulnerability results don't cut it for me at present.

Don't use it. That container image isn't maintained and has a version of OpenVAS that went end-of-life many years ago.
There are official container images from Greenbone, but I don't personally use them. It seems like an overcomplication to me (it uses 16 containers), but if you want to go the Docker route that's the way to get a supported version.

It is in dire need of a UX update, that's for sure