Posted by: Eric Hansen
I want to know something: what scanner(s) do you use to assess the security of your systems, programs, network, etc…? For example, Metasploit and Nessus are two of the most popular in this field, but there’s also ones such as OpenVAS, W3af, Nikito.
Of the one(s) you use, why do you? What draws you to them over the use of another?
I used to use Nexpose (from Rapid7, makers of Metasploit) for a long time. Only reason I really stopped is the limitations and extreme usage requirements (it runs off of Java, and you need at least 2GB RAM to even try to run it).
When I reinstalled BackTrack, I discovered OpenVAS, and have since been using that. Its forked from Nessus before it went close-source, and has basically taken a form all in its own.
Its intensive as well, but at least I can run it on my old server (720 MB, 1.8 GHz single-core AMD processor, etc…).