Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nessus free version cancelled, now $1200/year
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 22 May 2008 06:56:00 +0000

Hash: SHA1

On Wed, 21 May 2008 19:31:49 -0700 or thereabouts stripes
<stripes () tigerlair com> wrote:

Hi Fyodor,

Check out OpenVAS, http://www.openvas.org. It's a FOSS replacement
for Nessus. I believe it's off the last GNU version.


IIRC the primary motivation for closing the Nessus source was that the
developers felt like they didn't get enough community contribution to
either the engine or plugins to justify not trying to turn it into a
commercial product.

I suspect OvenVAS has the same trouble.  The design of Nessus was
rather poor and hackish -- no one really *enjoyed* writing plugins for

The real power of Nessus is in all the work that has been done to
support DCE/RPC/SNMP/SMB/SSL etc.  As with Metasploit and other popular
frameworks, the included libraries are the killer-app.

When new vulnerability are discovered or exploits come out people want
the Nessus or Metasploit plugin.  Nmap with NSE hasn't been out
long enough for people to say "Where's the NSE script?".

Nmap will do well because NSE is designed well and getting better by
the day (thanks Diman, David, and Patrick).  NSE is still picking up
that critical mass it needs for it to be come a "household name" like
Nessus but I'm confident that it will get there.


Version: GnuPG v2.0.9 (GNU/Linux)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]