Well Nessus can also do Web Application Tests and OpenVAS is just a vunrability scanner, so we have to add that into the picture as Nessus even can log into the web app using web form or basic authentication. I am not saying that OpenVAS is bad but it depends if you just need a vunrability scanner or also to test a web application.
@r3dl3ad3r
Жыл бұрын
Deeper dive into a framework that can help less experienced individuals understand findings -Your review in plain language really helped understand me understand some common detections
@ProTechShow
Жыл бұрын
Interesting idea. I'm not aware of a framework for such a thing, other than experience. As a crude tool the CVSS score can be used to roughly gauge how much you need to worry about a particular vulnerability, but it doesn't do much to really explain them.
@ffe4org
Жыл бұрын
I'm curious about your scan approach. I don't have Nessus, but with GVM/openvas, you have two scan approaches: Outside scan, Internal System scan. The outside scan, meaning being outside the host and scanning for vulnerabilities and the Internal System scan being one where you setup a Root user, pass the access to GVM and it logs in to the system to find libraries installed and their current vulnerability status (any CVE's listed on them.) From the penetration tester/red team point of view, you're taking on the role of an outsider, seeing what's open, what's broadcasting, etc. From a Blue Team perspective, you probably want to know what libraries are out of date, what CVEs are reported for what is running and installed on the system. A scan of the system, as root, is preferable to finding these issues. In GVM setting up that Root scan is not simple and isn't the default, but when done it is the most powerful aspect of GVM (imo).
@ProTechShow
Жыл бұрын
Nessus has the same options to run with or without credentials to log in to target systems. All of the scans used for this video were authenticated scans from the local network (blue team scenario) to give both tools the best opportunity to find problems.
@ffe4org
Жыл бұрын
@@ProTechShow I actually downloaded Nessus Essentials and it looks like all the scans require an access token. It's kinda a pain, or do I have it wrong? Like in BurpSuite I don't need to pass in a user login, it can run against a web app pre login, or post login using my session. But in Nessus Essentials web app scan it seems like I need to give it a user/pass and know the param pattern for passing it to the backend. I like that level when scanning libraries on a system, but for pentesting vuln scanning I can't seem to get Nessus to just scan without giving it user credentials.
@ProTechShow
Жыл бұрын
@@ffe4org if you start with the "advanced scan" template it's more of a GVM-like network scan. You can add credentials, but you don't have to. That's the method I used for the video.
@john.walley
5 ай бұрын
Excellent overview. Thank you for such an in-depth review.
@ProTechShow
5 ай бұрын
Thanks!
@VideoGigs
Жыл бұрын
Great video! Many thanks for making it. I especially appreciated that you included info on false positives and gave a brief description on some of the findings. Just wondering if you know of any good resource online that breaks down the Nessus scan finding better than what is provided by Nessus. Basically a better description of the configuration-type issues found and remediation advice etc?
@ProTechShow
Жыл бұрын
Thanks! I'm not aware of a generic location for information on everything. The best bet is to look on the website of the affected vendor. If there's a CVE number, stick that into Google. Microsoft, Red Hat, etc. will usually have a page dedicated to CVE that affects their products which will go into more detail. For others, stick the key phrase into Google and look for hits from the related vendor. These can be more work to find but there's usually an article about it somewhere - even if it's just to refute the alleged vulnerability.
@MochAzkal
Ай бұрын
This explanation is just a masterpiece, really helpful!
@ProTechShow
Ай бұрын
Thanks!
@gerard-infopro6601
42 минут бұрын
Great video!
@xelerated
8 ай бұрын
The reason Nessus is still ahead is the greenbone ui is so freaking ugly and not at all intuitive. Change that horrible ui and you might make great strides
@ProTechShow
8 ай бұрын
It is in dire need of a UX update, that's for sure
@rafaelhengky8915
29 күн бұрын
Could make a video on Windows Server hardening tutorial? And also Ubuntu/CentOS if you will. Thanks.
@denson877
2 ай бұрын
i tried the nessus essentials solution, but whenever i try to go to the 'credentials' tab to configure an authenticated scan it never loads. the result is that i can't do an authenticated scan and only detect external facing vulnerabilities. has anyone else experienced this?
@50PullUps
Жыл бұрын
We used InsightVM by Rapid7.
@ProTechShow
Жыл бұрын
One of the few that I believe is not based on Nessus/OpenVAS. I've not used it but heard good things. I think Rapid7 stopped offering a free version, though?
@zootsuitpenguin
4 ай бұрын
This is great info! Thanks sir!!!
@ProTechShow
4 ай бұрын
Glad it was useful
@muhammadfarooq4386
2 ай бұрын
great videw !! keep up the good work
@ProTechShow
2 ай бұрын
Thanks!
@aprendainformaticagratis
7 ай бұрын
How about the docker version? " mikesplain/openvas "
@ProTechShow
7 ай бұрын
Don't use it. That container image isn't maintained and has a version of OpenVAS that went end-of-life many years ago. There are official container images from Greenbone, but I don't personally use them. It seems like an overcomplication to me (it uses 16 containers), but if you want to go the Docker route that's the way to get a supported version.
@JAY001SF
2 ай бұрын
Hi there , Awesome work, Im a student in Cyber but I can learn much more from you. Do you have any mentor programs I can pay you for to teach me? I want to download videos so I can put on a USB to watch when I want , Can you help me out with a wat to accomplish this? ethecal hacking is what im trying to sprcialize in with mobile forensics? THanks Jay hope to hear from you. thanks you
@ProTechShow
Ай бұрын
Thanks Jay. I don't offer any sort of mentoring service. This is more of a hobby than a job, so between this and my actual job I don't have time for anything else!
@leek4994
Жыл бұрын
I wonder how Wazuh would do in this scenario. It might be a little overkill though.
@ProTechShow
Жыл бұрын
My experience of Wazuh's vulnerability scanning is that it produces very poor quality results. The vulnerability module is more of a patch scanner in that it's just comparing installed software to a list of CVEs, so you can apply what I said at the start of the video. Combining its vulnerability results with its SCA module does go some way to providing better coverage by including quite a few configuration issues, but even so I've found the vulnerability module produces a LOT of false positives. If it was more accurate the agent-based approach would be great for mobile devices like laptops that are difficult to target with a network-based scan; but unfortunately I've found that the majority of its detections to be incorrect. I do quite like the Wazuh project, but the vulnerability results don't cut it for me at present.
@ruipereira-ci6hm
Жыл бұрын
Where can I find the video mentioned at 19:29?
@ProTechShow
Жыл бұрын
It should pop up on the end screen, but in case it's not supported on your device the direct link is kzitem.info/news/bejne/xWxt1picgHSqpn4
@nshettys
7 ай бұрын
Great Stuff!!!
@ProTechShow
7 ай бұрын
Thanks 🙂
@burklafaburklafa6006
11 ай бұрын
0,75 is OK for non-natives
@DoorSounds-h5x
6 ай бұрын
NESSUS FROM GD
@zeprii9548
4 ай бұрын
Lol both of these are paid not, and none of them have a free version
@ProTechShow
4 ай бұрын
The video literally shows the free editions of both of them, and they're linked in the description
Пікірлер: 38