When looking at a solution to managing vulnerabilities on your network, you want a solution that will find relevant vulnerabilities and will provide adequate information about known vulnerabilities that will help you mitigate any issues quickly.
Why I call this comparison fast and primitive? I don’t define the structure of KBs for this product and don’t carefully map one nasl script to another. I suppose it may be a theme for another posts. Instead I am looking at the CVE links. If two scanners detect can the same vulnerabilities, they should have the same CVE links in all the NASL scripts, right? In reality we have a great difference between the products and more than a half of the CVEs can’t be detected by using both of them.
All CVEs: 80196
OpenVAS CVE links: 29240
Nessus CVE links: 35032
OpenVAS vs. Nessus: 3787;25453;9579
We can get group of the NASL scripts, “connected” with the links to the same CVEs. There are also thousands of NASL scripts in OpenVAS and Nessus that have some CVE links and can’t be mapped anyhow to the script in different KB.
All NASL plugins:
Mapped plugins: 38207 OpenVAS and 50896 Nessus
Not mapped OpenVAS plugins: 2673
Not mapped Nessus plugins: 6639
You can read the entire article here.