Hi

i hope any one can give me a link or HOW-TO about this program...

The Nessus Security Scanner ??

:) thnx in advance

:blush: ok thnx i google it and find it :)

http://www.nessus.org/doc/nessus_ssh_local.html#WHICH.SYSTEMS


thnx any way :stickout:

http://freshmeat.net/projects/nessus/

I heard that if you use this program extensively can get you in trouble.

Only if you scan servers you do not have permission to scan.

Originally posted by NetwireJohn
I heard that if you use this program extensively can get you in trouble. And you heard this where?

If there's some issue with the software you know of which makes it inherently problematic, then post it. If you heard it is dangerous because people who don't read documentation and use it improperly get labeled as hackers or trigger their own IDS... then that would be dumb end users, not the software.

i'm using windows nessus, too bad it only allows me to scan local computers.

You can't "get in trouble" with nessus if it's used properly. When you use it improperly, of course, there's going to be issues. You should only be scanning servers you are authorized to scan.

nessus is a very good utility, it doesn't take a lot to understand, yet it performs some absolutely great checks. All in all a fantastic utillity!

I preffer nmap more than Nessus - because of Nessus fake alarm. One best tool available on penetration testing is Core Impact. It is not free , but really worth of buying it for security professionals.

Core Impact has false alarms to. Besides, if you do not know how to read a nessus report correctly, dont even bother.

False alarms are always going to happen.
I took a look @ core impact, what I could look @ and it appears that it's only for windows networks, which is great if you're after windows network scanning. Unfortunately, an online demo isn't available.
Nessus is the best at what it does for the cost (free). I'm sure there are others out there that charge, and I'm looking for a reasonable one myself, but for the cost, nessus is always going to be the best solution ;)
I agree with TLG here as well, if you don't know how to read a nessus report, don't bother. They're very in depth as to what could be and what is vulnerable. As always, it's up to the end user to verify that this is or is not vulnerable.

I would also like to point out nessus 2.2.0 can login via ssh to a remote pc and do local checks to verify all rpm/ports/etc packages are updated, which means less false positives.