7

My objective is to find network vulnerabilities. I have used Nessus and NMAP both for vulnerability scan. I have to verify if I can use only "Nessus" rather than using "NMAP".

According to my efforts on the web, plenty of people suggested to use Nessus and NMAP together because Nessus also provides port scan range as NMAP. But I do not understand the exact reason why Nessus Port scan cannot replace the NMAP port scan ?

What should be the major difference with Nessus and NMAP in terms of Port scanning?

tech_enthusiast
  • 435
  • 1
  • 5
  • 19

3 Answers3

1

If your objective is to find vulnerabilities, I would say Nessus is enough. It's primarily a vulnerability scanner, which can of course do "normal port scanning".

Nmap's main focus is more about detection and auditing, although it's possible to detect vulnerabilities with the scripting engine. I suppose Nmap might be more accurate to determine versions, or minor things like that, since there is a lot more options for scanning and detection, but as long as Nessus finds the same open ports, it shouldn't matter.

Here is info about The Nessus Port Scanning Engine: An Inside Look, and well, Nmap Port Scanning Techniques begins at that page.

PatrikN
  • 163
  • 3
1

Nmap's scripting engine does a pretty good job of finding vulnerabilities. In general sense, Nessus is a vulnerability scanner and nmap is a port scanner. Though that statement is just a statement. I have had instances where I have used solely nmap to do things. If you understand security and can work your way through nmap scans(meaning understand them and triage them), then in my opinion nmap is good, otherwise consider Nessus.

If you have time(talking from project perspective), I suggest you use both.

H4X
  • 161
  • 1
  • 7
  • From project perspective, I have to find if eliminating NMAP will be a good idea or not. But at the same time, I also want efficient results with port scanning. – tech_enthusiast Feb 21 '18 at 00:54
1

I don't suggest that you use either. You need to develop your skills without the tools in order to know what to attack and how to attack it.

The following books will get you started:

  • Network Security Assessment, 3rd Edition
  • Cyber Operations: Building, Defending, and Attacking Modern Computer Networks
  • Python: Penetration Testing for Developers
  • Mastering Kali Linux for Advanced Penetration Testing, 2nd Edition
  • Metasploit Revealed: Secrets of the Expert Pentester

You must master the techniques without using the tools. Metasploit is a sort of technique-building framework, but you can also rely on it too-much if you don't learn the scripting or code-specific relevance to each module down to the details, not just the options or advanced options.

However, nmap can be modified to gain an understanding about an environment in terms of vulnerability, control efficiency, and deep security practice. I would recommend it over Nessus for every situation except for the Fire-and Forget situation. However, Fire-and Forget tends to provide a report with the wrong risks and a huge-variety of errors including false positives (which can be false-false positives if the expert driving does not know how to reduce false positives to the right problem sets) and false negatives.

Thus, I do also recommend (after the techniques are mastered) these books:

  • Nmap: Network Exploration and Security Auditing Cookbook, 2nd Edition
  • Mastering the Nmap Scripting Engine
atdre
  • 18,885
  • 6
  • 58
  • 107