Well Nessus can also do Web Application Tests and OpenVAS is just a vunrability scanner, so we have to add that into the picture as Nessus even can log into the web app using web form or basic authentication. I am not saying that OpenVAS is bad but it depends if you just need a vunrability scanner or also to test a web application.
Deeper dive into a framework that can help less experienced individuals understand findings -Your review in plain language really helped understand me understand some common detections
Interesting idea. I'm not aware of a framework for such a thing, other than experience. As a crude tool the CVSS score can be used to roughly gauge how much you need to worry about a particular vulnerability, but it doesn't do much to really explain them.
I'm curious about your scan approach. I don't have Nessus, but with GVM/openvas, you have two scan approaches: Outside scan, Internal System scan. The outside scan, meaning being outside the host and scanning for vulnerabilities and the Internal System scan being one where you setup a Root user, pass the access to GVM and it logs in to the system to find libraries installed and their current vulnerability status (any CVE's listed on them.) From the penetration tester/red team point of view, you're taking on the role of an outsider, seeing what's open, what's broadcasting, etc. From a Blue Team perspective, you probably want to know what libraries are out of date, what CVEs are reported for what is running and installed on the system. A scan of the system, as root, is preferable to finding these issues. In GVM setting up that Root scan is not simple and isn't the default, but when done it is the most powerful aspect of GVM (imo).
Nessus has the same options to run with or without credentials to log in to target systems. All of the scans used for this video were authenticated scans from the local network (blue team scenario) to give both tools the best opportunity to find problems.
@@ProTechShow I actually downloaded Nessus Essentials and it looks like all the scans require an access token. It's kinda a pain, or do I have it wrong? Like in BurpSuite I don't need to pass in a user login, it can run against a web app pre login, or post login using my session. But in Nessus Essentials web app scan it seems like I need to give it a user/pass and know the param pattern for passing it to the backend. I like that level when scanning libraries on a system, but for pentesting vuln scanning I can't seem to get Nessus to just scan without giving it user credentials.
@@ffe4org if you start with the "advanced scan" template it's more of a GVM-like network scan. You can add credentials, but you don't have to. That's the method I used for the video.
Great video! Many thanks for making it. I especially appreciated that you included info on false positives and gave a brief description on some of the findings. Just wondering if you know of any good resource online that breaks down the Nessus scan finding better than what is provided by Nessus. Basically a better description of the configuration-type issues found and remediation advice etc?
Thanks! I'm not aware of a generic location for information on everything. The best bet is to look on the website of the affected vendor. If there's a CVE number, stick that into Google. Microsoft, Red Hat, etc. will usually have a page dedicated to CVE that affects their products which will go into more detail. For others, stick the key phrase into Google and look for hits from the related vendor. These can be more work to find but there's usually an article about it somewhere - even if it's just to refute the alleged vulnerability.
i tried the nessus essentials solution, but whenever i try to go to the 'credentials' tab to configure an authenticated scan it never loads. the result is that i can't do an authenticated scan and only detect external facing vulnerabilities. has anyone else experienced this?
Don't use it. That container image isn't maintained and has a version of OpenVAS that went end-of-life many years ago. There are official container images from Greenbone, but I don't personally use them. It seems like an overcomplication to me (it uses 16 containers), but if you want to go the Docker route that's the way to get a supported version.
The reason Nessus is still ahead is the greenbone ui is so freaking ugly and not at all intuitive. Change that horrible ui and you might make great strides
My experience of Wazuh's vulnerability scanning is that it produces very poor quality results. The vulnerability module is more of a patch scanner in that it's just comparing installed software to a list of CVEs, so you can apply what I said at the start of the video. Combining its vulnerability results with its SCA module does go some way to providing better coverage by including quite a few configuration issues, but even so I've found the vulnerability module produces a LOT of false positives. If it was more accurate the agent-based approach would be great for mobile devices like laptops that are difficult to target with a network-based scan; but unfortunately I've found that the majority of its detections to be incorrect. I do quite like the Wazuh project, but the vulnerability results don't cut it for me at present.
One of the few that I believe is not based on Nessus/OpenVAS. I've not used it but heard good things. I think Rapid7 stopped offering a free version, though?
Hi there , Awesome work, Im a student in Cyber but I can learn much more from you. Do you have any mentor programs I can pay you for to teach me? I want to download videos so I can put on a USB to watch when I want , Can you help me out with a wat to accomplish this? ethecal hacking is what im trying to sprcialize in with mobile forensics? THanks Jay hope to hear from you. thanks you
Thanks Jay. I don't offer any sort of mentoring service. This is more of a hobby than a job, so between this and my actual job I don't have time for anything else!
You're not listened to - from around min 5:00 you are getting lost in too many details - you're video seems to be made for a noob, but one needs to be a pentester to actually understand what the heck you are talking about. And a pentester knows already ...
@@ProTechShow Nessus is definitely Shareware now because it only runs 7 days, so no more Freeware. The prices are insane for SMB, only viable for major enterprises.
@@vpx23 Nessus Essentials, as shown in the video and linked in the description, is still free. The trial of Nessus Professional/Expert lasts 7 days - you must have installed that instead. Use the link in the video description.
Well Nessus can also do Web Application Tests and OpenVAS is just a vunrability scanner, so we have to add that into the picture as Nessus even can log into the web app using web form or basic authentication. I am not saying that OpenVAS is bad but it depends if you just need a vunrability scanner or also to test a web application.
Deeper dive into a framework that can help less experienced individuals understand findings -Your review in plain language really helped understand me understand some common detections
Interesting idea. I'm not aware of a framework for such a thing, other than experience. As a crude tool the CVSS score can be used to roughly gauge how much you need to worry about a particular vulnerability, but it doesn't do much to really explain them.
I'm curious about your scan approach. I don't have Nessus, but with GVM/openvas, you have two scan approaches: Outside scan, Internal System scan. The outside scan, meaning being outside the host and scanning for vulnerabilities and the Internal System scan being one where you setup a Root user, pass the access to GVM and it logs in to the system to find libraries installed and their current vulnerability status (any CVE's listed on them.) From the penetration tester/red team point of view, you're taking on the role of an outsider, seeing what's open, what's broadcasting, etc. From a Blue Team perspective, you probably want to know what libraries are out of date, what CVEs are reported for what is running and installed on the system. A scan of the system, as root, is preferable to finding these issues. In GVM setting up that Root scan is not simple and isn't the default, but when done it is the most powerful aspect of GVM (imo).
Nessus has the same options to run with or without credentials to log in to target systems. All of the scans used for this video were authenticated scans from the local network (blue team scenario) to give both tools the best opportunity to find problems.
@@ProTechShow I actually downloaded Nessus Essentials and it looks like all the scans require an access token. It's kinda a pain, or do I have it wrong? Like in BurpSuite I don't need to pass in a user login, it can run against a web app pre login, or post login using my session. But in Nessus Essentials web app scan it seems like I need to give it a user/pass and know the param pattern for passing it to the backend. I like that level when scanning libraries on a system, but for pentesting vuln scanning I can't seem to get Nessus to just scan without giving it user credentials.
@@ffe4org if you start with the "advanced scan" template it's more of a GVM-like network scan. You can add credentials, but you don't have to. That's the method I used for the video.
Great video! Many thanks for making it. I especially appreciated that you included info on false positives and gave a brief description on some of the findings. Just wondering if you know of any good resource online that breaks down the Nessus scan finding better than what is provided by Nessus. Basically a better description of the configuration-type issues found and remediation advice etc?
Thanks! I'm not aware of a generic location for information on everything. The best bet is to look on the website of the affected vendor. If there's a CVE number, stick that into Google. Microsoft, Red Hat, etc. will usually have a page dedicated to CVE that affects their products which will go into more detail. For others, stick the key phrase into Google and look for hits from the related vendor. These can be more work to find but there's usually an article about it somewhere - even if it's just to refute the alleged vulnerability.
Excellent overview. Thank you for such an in-depth review.
Thanks!
This explanation is just a masterpiece, really helpful!
Thanks!
i tried the nessus essentials solution, but whenever i try to go to the 'credentials' tab to configure an authenticated scan it never loads. the result is that i can't do an authenticated scan and only detect external facing vulnerabilities. has anyone else experienced this?
How about the docker version? " mikesplain/openvas "
Don't use it. That container image isn't maintained and has a version of OpenVAS that went end-of-life many years ago.
There are official container images from Greenbone, but I don't personally use them. It seems like an overcomplication to me (it uses 16 containers), but if you want to go the Docker route that's the way to get a supported version.
Where can I find the video mentioned at 19:29?
It should pop up on the end screen, but in case it's not supported on your device the direct link is ua-cam.com/video/d67pdfGBysI/v-deo.html
Could make a video on Windows Server hardening tutorial? And also Ubuntu/CentOS if you will. Thanks.
The reason Nessus is still ahead is the greenbone ui is so freaking ugly and not at all intuitive. Change that horrible ui and you might make great strides
It is in dire need of a UX update, that's for sure
@@ProTechShow version 24 dropped, slightly modern ui now
Wait - Nessus are doing a free version limited at 16 hosts again?
I don't think they ever stopped. It just got rebranded as Nessus Essentials at some point.
I wonder how Wazuh would do in this scenario. It might be a little overkill though.
My experience of Wazuh's vulnerability scanning is that it produces very poor quality results. The vulnerability module is more of a patch scanner in that it's just comparing installed software to a list of CVEs, so you can apply what I said at the start of the video. Combining its vulnerability results with its SCA module does go some way to providing better coverage by including quite a few configuration issues, but even so I've found the vulnerability module produces a LOT of false positives. If it was more accurate the agent-based approach would be great for mobile devices like laptops that are difficult to target with a network-based scan; but unfortunately I've found that the majority of its detections to be incorrect.
I do quite like the Wazuh project, but the vulnerability results don't cut it for me at present.
Great video!
Thanks!
This is great info! Thanks sir!!!
Glad it was useful
great videw !! keep up the good work
Thanks!
Great Stuff!!!
Thanks 🙂
We used InsightVM by Rapid7.
One of the few that I believe is not based on Nessus/OpenVAS. I've not used it but heard good things. I think Rapid7 stopped offering a free version, though?
Hi there , Awesome work, Im a student in Cyber but I can learn much more from you. Do you have any mentor programs I can pay you for to teach me? I want to download videos so I can put on a USB to watch when I want , Can you help me out with a wat to accomplish this? ethecal hacking is what im trying to sprcialize in with mobile forensics? THanks Jay hope to hear from you. thanks you
Thanks Jay. I don't offer any sort of mentoring service. This is more of a hobby than a job, so between this and my actual job I don't have time for anything else!
thank you
You're welcome
You're not listened to - from around min 5:00 you are getting lost in too many details - you're video seems to be made for a noob, but one needs to be a pentester to actually understand what the heck you are talking about. And a pentester knows already ...
0,75 is OK for non-natives
i like you
NESSUS FROM GD
Lol both of these are paid not, and none of them have a free version
The video literally shows the free editions of both of them, and they're linked in the description
@@ProTechShow Nessus is definitely Shareware now because it only runs 7 days, so no more Freeware. The prices are insane for SMB, only viable for major enterprises.
@@vpx23 Nessus Essentials, as shown in the video and linked in the description, is still free. The trial of Nessus Professional/Expert lasts 7 days - you must have installed that instead. Use the link in the video description.