Nmap and Nessus both are network vulnerability scanner The history of vulnerability scanner is very exciting. In initial days Telnet was used to find open port stat. Over time a set of scripts was developed to make vulnerability scanning simple, one of such script set was SATAN (Security Administrator Tool for Analyzing Network). After SATAN some of popular commercial tool was ISS ( Internet Security System) .
As the Open Source movement became popular, in network security field Nmap was released in 1997 and Nessus released in 1998 both was open source. Nessus became proprietary in 2005 although for personal use this product is still free.
As per as use Nmap use is concern, it is very helpful in
- Find the status of host (up or down)
- Find the open ports on a particular hosts
- OS and its version on hosts (windows xp or linux ?)
- Presence of firewall
- List of network services running on host
Nessus can do almost all which Nmap do, other than that Nessus can find CVE(Common Vulnerability Exposures) using its plug in. Nessus should be used in you have following security needs
- Security audit
- Vulnerability Scanning and analysis
- Sensitive data discovery
- Open port scanner (like Nmap)
- Asset & Process profiling
One point to be noted that Nmap can work more effectively if we use its Scripting Engine feature