What vulnerability scanners do you use?

Spooter · 20 Nov 2014 at 09:36

I know Microsoft Baseline Security Analyser is good for service packs, critical patches and windows misconfigurations. However this lacks advanced windows settings, drivers, non-Microsoft software (Adobe, Chrome, Firefox, Java, etc...) and network-specific vulnerabilities.

Something such as OpenVas, GFI LanGuard or Retina for example.

Interested to know what others are using if any?

Ev0 · 20 Nov 2014 at 14:00

Have used a few in the past, Qualys, Nessus, QRadar Vulnerability Manager etc.

They all sort of do a similar thing but in different ways so guess it depends on certain factors as to what you'd go for.

I like all the 3 I mention above for different reasons.

Goliath · 1 Dec 2014 at 16:31

Nessus for me, will cover all the requirements you've given with ease. Their cloud based scanner is very useful too (just to see what is accessible from the outside world, surprising how many firewall ****-ups I've found using it

)

Jay · 21 Feb 2015 at 23:29

I use Nessus with the Pro feed

Moley · 4 Mar 2015 at 15:38

I would recommend Tenable Nessus and Rapid7 Nexpose.

dazholmes · 6 Jun 2015 at 12:11

for networking side use nmap for web use the ones the others above said.

traveyb · 6 Jun 2015 at 20:49

Nessus Cloud and we run a virtual appliance for internal stuff