On Donnerstag, 17. September 2015, Paul J wrote: > Do people believe that OpenVAS is the ultimate tool? Or should other tools > be used as well? > > For example, if you're using OpenVAS, should you also be using Metasploit? > Are there other tools that are good complements to OpenVAS? > > The main reason I'm asking is that it's not too hard to find vulnerabilities > that OpenVAS doesn't report for both Windows and Linux.
Of course OpenVAS is the ultimate VM tool. However, we design it the way that it interfaces with other security tools, various scanners on the one end, and towards workflow and compliance reporting on the other other end. It it impossible for a single scanner to detect any vulnerability. OpenVAS Scanner is very broad-band, but it is for example not a passive scanner (IDS). Look at the OSP concept: It is pretty easy to connect arbitrary scanners to OpenVAS. We crafted a number of it already and some more are in the queue: http://www.openvas.org/install-source.html Please feel free to create one for your favorite special scanner :-) -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
