Penetration Testing: Re: nessus exceptions

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: nessus exceptions

From: Stefano Zanero <stefano.zanero () ieee org>
Date: Tue, 10 Aug 2004 18:46:38 +0200

FocusHacks wrote:

Indeed, most pen-testers will disclose what tools they use and the raw
output of these tools if you ask.  Especially if you let them know
before the testing starts, that you'll want this information.

It would be sad if your assessment team is doing little more than
cleaning up and adding documentation to a nessus scan report.  :(

It seems to me that we are mixing up again two VERY different things:vulnerability assessment and pen-testing.

If a pen-testing company just uses nessus it shouldn't be difficult tospot, because nessus is NOT going to give out a pen-test report, in noway :)

So we have to assume that we are talking about VULNERABILITY ASSESSMENTcompanies... and the question actually is, how many of the "commercialvulnerability scanners" out there are not actually based on Nessus ? :)


Stefano

By Date By Thread

Current thread:

Re: nessus exceptions, (continued)
- Re: nessus exceptions Andres Riancho (Aug 03)
  - Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
  - Re: nessus exceptions FocusHacks (Aug 05)
    - Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
  - RE: nessus exceptions Jerry Shenk (Aug 09)
    - RE: nessus exceptions R. DuFresne (Aug 09)