Thursday, May 15, 2008

Changes to Nessus License Model

Nessus has changed their license model to essentially do away with the free version for anyone who scans networks (yeah yeah there are exceptions). I wont get into the greedy or not, like Martin McKeay said "Tenable made a business decision that they need to collect revenue on their plugin feeds in order to continue providing the level of support they have always given. Some people are going to complain that Tenable is getting greedy; I’d counter that they just want to get paid for the work they’ve been supplying to the community for years."

For the most part i agree with that, and what is a smart decision by Tenable to look around and see that other VA scanners that are comparable cost more so they "might as well" charge too. But i do have to admit that since there is no good tool that "does it all" it is getting mighty annoying to pay for multiple tools to get a job done.

A new fully open source VA scanner like nessus used to be is a long time coming, but i don't think anyone will step up to bat. The only reason to do it would be to make money and why go up against nessus?

But if anyone IS taking requests... a VA scanner that i can select specific checks without running all the crap that runs for nessus would be nice or checks that require all the nessus libraries. a little command line jobby that you throw it an iprange and a check and it does the rest would be more than handy.


pentestmonkey pointed me to OpenVAS...thanks!

No comments: