mailing list archives
Re: Nessus free version cancelled, now $1200/year
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 22 May 2008 06:56:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 21 May 2008 19:31:49 -0700 or thereabouts stripes
<stripes () tigerlair com> wrote:
Check out OpenVAS, http://www.openvas.org. It's a FOSS replacement
for Nessus. I believe it's off the last GNU version.
IIRC the primary motivation for closing the Nessus source was that the
developers felt like they didn't get enough community contribution to
either the engine or plugins to justify not trying to turn it into a
I suspect OvenVAS has the same trouble. The design of Nessus was
rather poor and hackish -- no one really *enjoyed* writing plugins for
The real power of Nessus is in all the work that has been done to
support DCE/RPC/SNMP/SMB/SSL etc. As with Metasploit and other popular
frameworks, the included libraries are the killer-app.
When new vulnerability are discovered or exploits come out people want
the Nessus or Metasploit plugin. Nmap with NSE hasn't been out
long enough for people to say "Where's the NSE script?".
Nmap will do well because NSE is designed well and getting better by
the day (thanks Diman, David, and Patrick). NSE is still picking up
that critical mass it needs for it to be come a "household name" like
Nessus but I'm confident that it will get there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org