Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Features of a vulnerability scanner
From: "wirepair" <wirepair () roguemail net>
Date: Mon, 01 Dec 2003 11:12:51 -0800

1. Accuracy, Personally I'd rather see a lot of false postives than the scanner missing potential issues. But needless to say, they are a pain when you have a lot of them.
2. Good reporting. Although I love nessus to death some of the plugins output has a lot of broken english and or typo's.
3. Up-To-Date. Nessus does this pretty well for me.
4. Clear Fix Recommendations. Once again nessus does this well for me.
5. Quality Service Recognition. This is pretty important, for the pen-tester as well as the people being handed the final report. Knowning what service is *actually* running on port 23952 is very helpful and saves time and possible human mistake in identification.

Wishlist: Exploit link. I'd love to see a scanner drop a list of known exploits for the issue :).
On Mon, 1 Dec 2003 11:26:38 +0100
 "Marc Ruef" <maru () scip ch> wrote:

Hash: SHA1

Dear List

I would like to ask you pen-testers two generic questions about vulnerability scanners:

1. Which features for you are very important or is the most important in a vulnerability scanner software?
2. Which features are you missing in the existing vulnerability scanner products?

A vulnerability scanner in this context is a tool that looks automaticly for potential security holes. There are for example Nessus, ISS Internet Scanner, Symantec NetRecon, GFI LanGuard, SATAN, SAINT, Vigilante, Dante Security Scanner, ... Port scanner and enumeration utilities like nmap, N-Stealth, Whisker or Nikto are here not counted to vulnerability scanners.


Marc Ruef

- -- ) scip AG (
Technoparkstr. 1
8005 Z├╝rich
T +41 1 445 18 18 F +41 1 445 18 19

maru () scip ch

- - Pragmatisches Projektmanagement -

Version: PGP 8.0
Comment: http://www.scip.ch



Visit Things From Another World for the best
comics, movies, toys, collectibles and more.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]