Blog
\
Penetration testing

7 Top Pentesting Tools for Automated & Manual Testing in 2024

James Harrison
Author
James Harrison
Senior Content Writer
Updated
April 18, 2024
|
Published
April 1, 2024
|
min read

Key Points

Penetration testing is a manual process, but that doesn't mean that many tasks can't be automated with the right tools. In this article, we'll look at how to use automated penetration testing tools to provide continuous protection in between periodic, manual tests.

TL;DR

Best automated pentesting tools

  • Intruder (free trial available)
  • Acunetix (custom quote on application)
  • Qualys (free trial available)

Best manual pentesting tools

  • Kali Linux (open-source)
  • Nmap (open-source)
  • Metasploit (open-source)
  • SQLmap (open-source)
  • Burp Suite (free version available)

What is a penetration test?

penetration test is a simulated attack against your network or systems by a security pro – sometimes known as an ethical hacker – to uncover vulnerabilities in your infrastructure. Their goal is to find out where and how a real hacker might enter and exploit your network, so you can fix any weaknesses before a real attack occurs.  

Think of it like a bank hiring someone to try to break into their building and access the vault. If the ‘burglar' succeeds, the bank can see how and where they need to tighten their security controls to prevent a real breach. Insights provided by the penetration test can then be used to tune up their security policies and patch detected vulnerabilities.  

Manual vs. automated pentesting

Not all vulnerabilities are created equal, while some can be detected automatically, some need the discerning eye (and mind) of a human to spot. For that reason, penetration tests involve a range of activities, some of which are manual and some of which can be automated.

While penetration testers use a huge variety of tools to speed up their work, one type of tool in particular is designed to automate all of the vulnerabilities that can be discovered easily by machine; these are called “vulnerability scanners”. Often when people go searching for an “automated penetration testing tool” what they are really looking for is a vulnerability scanner that is easy to use and can help them cover the important gap in between annual pen-tests.

A simple example of the difference would be that vulnerability scanning might easily spot that the version of web server you are using has known security weaknesses, simply by looking at the version number and comparing it with lists of known vulnerabilities. While a pen-tester is more likely to find a more complex logic flaw like an online shopping cart that lets you add items and not pay for them.

If you'd like to get a deeper understanding, have a read of this blog post on the differences between vulnerabilities and penetration testing.  

Which penetration testing tools do I need?  

This depends on what you want to achieve. Typically, we see two scenarios when people are looking for a penetration testing tool: they're either businesses looking to automate their security efforts and get continuous protection, or pen testing professionals looking for specific tools to get their work done faster. As these tools require more expertise, in this article we'll focus first on what you can automate with little or no previous security knowledge.

3 easy-to-use automated pentesting tools

Most companies are unlikely to have the time or expertise to use most professional penetration testing tools, as only the largest companies have penetration testers in-house. But many tasks, like detecting known software flaws, misconfigurations, missing security patches or unintended exposure to the internet, can easily be automated.

These tools are sometimes called automated pentesting tools or online penetration testing tools – but are more often known as vulnerability scanners. They're designed to be easy to use and provide year-round protection in between manual penetration tests.

For more in-depth info about automated penetration testing, read our explainer on the subject. Here are our top tips and recommendations for automated pentesting tools:

Intruder

Intruder continuously monitors your evolving attack surface with proactive vulnerability scans so you can respond faster to new threats. It's designed with simplicity in mind, but runs over 140,000 security checks across your internal and external perimeter infrastructure, including API and application-layer vulnerability checks for OWASP Top 10XSSSQL injection, CWE/SANS Top 25, remote code execution, OS command injection, and more. Its CloudBot also runs hourly checks for new IP addresses or hostnames in connected AWS, Google Cloud or Azure accounts.

Intruder also provides continuous penetration testing through its unique 'bug hunting' service, which assesses your systems for critical vulnerabilities that aren’t detectable by automated scanners. It prioritizes high-impact issues, from simple misconfigurations that could expose your data to complex attack chains that could give hackers control of your systems.

Key features of Intruder

  • Vulnerabilities are prioritized by context for a holistic view of all vulnerabilities, saving time and reducing your attack surface 
  • Its online vulnerability scanner is easy to set up and use, all you need to know is what to scan - infrastructure, web apps or APIs 
  • It continuously scans your network, kicking off vulnerability scans when it sees a change, an unintentionally exposed service, or an emerging threat 

Find your weaknesses,
before the hackers do

Try Intruder for free

Price

Free 14-day trial, price on website

Acunetix

Acunetix claims to offer the highest XSS and SQL injection rates to provide incredible reach to protect sensitive data. It uses a blend of dynamic application security testing (DAST) and interactive application security testing (IAST) to detect over 7,000 vulnerabilities. These include hard-to-scan places in web applications like password-protected areas and multi-level forms. High levels of automation make prioritizing high-risk areas easier.

Key features of Acunetix

  • Scheduling makes it simple to schedule one-time or recurring scans in multiple environments 
  • High level of automation makes prioritizing high-risk areas easier 
  • Integrates seamlessly with your development tools and DevSecOps processes 

Price

Custom quote on application

Qualys

Known for its broad scanning capabilities and flexibility, Qualys can scan multiple systems from a single console, including cloud environments and your internal network. You can create custom reports that segment and prioritize analytical data, and can be scheduled for more responsive vulnerability management. It can suffer from poor support and lack of integrations.

Key features of Qualys

  • Single pane of glass to view all your assets, vulnerabilities, and compliance status
  • Constantly updated with latest CVEs so new threats don’t go undetected 
  • Discovers forgotten devices and helps your internal teams better organize host assets 

Price

Free trial available, price on application

‍5 top manual pentesting tools 

When it comes to professional penetration testing, a human tester will use specialist software like network sniffers or password crackers. There are many to consider, but here are our top picks for IT professionals taking their first steps into manual pen testing, including open source tools and paid pen testing tools. 

Kali Linux 

Kali Linux is an operating system built specifically for penetration testers. It comes bundled with approximately 600 tools for reconnaissance, discovery and exploitation of vulnerabilities, post-exploitation, forensics and more. 

Pros 

  • Pre-installed toolset: Having these tools pre-installed and automatically maintained means pen testers can spend more time focused on their engagements. 
  • Community and support: Kali Linux has a large community of users and developers, which means there's extensive documentation, tutorials, and forums available for support.

Cons

  • Not best for customizing: Can be customized, but is best used out of the box. Installing additional tools can be challenging without corrupting the build, so building your own Linux-based OS is preferable for more advanced users.

Pricing 

Free 

Nmap 

Nmap (short for network mapper), initially released 25 years ago, is the tried and tested penetration testing tool for reconnaissance and network security scanning. Nmap's probes let testers discover hosts and services within computer networks. Once identified, Nmap's scripting engine and version identification capabilities will give testers the ability to map out a network's attack surface, which will then direct exploitation efforts.

Pros 

  • Fast: It's generally very quick and efficient to run scans with Nmap, including for large networks. 
  • Highly configurable: Nmap offers extensive configurations and its own scripting engine, so you can tailor it to meet your specific requirements. 
  • Compatible: Nmap works on all major operating systems, including Windows, Linux, and macOS. 

 Cons 

  •  No GUI: Nmap is primarily a command line tool. Though there are GUI versions available (Zenmap), it still requires users to read and understand various port scanning flags, and the GUI does not add significant value or ease of use.

Pricing 

Free

Metasploit 

Metasploit is a platform of penetration testing tools and modules for conducting offensive operations. The framework allows testers to carry out vulnerability scans, search for and launch exploits, and manage compromised systems, including a wide array of post-exploitation helpers.

Pros 

  • Exploit database: Metasploit provides a vast database of exploits, payloads, and tools for developing and executing exploits. 
  • Integrations: It integrates well with other tools and can be extended with custom modules and scripts, making it highly flexible. 
  • Ease of use: It has both a command-line interface and a graphical user interface (Pro version), making it accessible to both beginners and experienced users.

Cons 

  • Limited documentation: Certain modules or features are not well-documented, which can make it challenging to implement more advanced functionalities. 
  • Not always up to date: Metasploit's exploit database is not always up to date, so sometimes users must source the latest exploits from elsewhere.

Pricing 

  • Free version available 
  • Pro version (price available on request)

SQLmap 

SQLmap is a pen testing tool for automatically detecting and exploiting SQL injection vulnerabilities in web applications. It automates away the nitty-gritty complexities and lets testers focus on getting impactful results through the extraction, querying and modification of compromised databases.

Pros 

  • Find vulnerabilities quickly: SQLmap automates the process of detecting and exploiting SQL injection flaws, which helps users find vulnerabilities quickly. 
  • Support for multiple databases: It supports a wide range of databases, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and more. 
  • Automated exploitation: SQLmap can automate complex exploitation to extract information from a database which would otherwise require writing custom scripts. For example, extracting a database's contents via a Blind SQL injection weakness. 

Cons 

  • Manual verification required: SQLmap may sometimes produce false positives or miss complex vulnerabilities, requiring manual verification. 
  • Limited scope: SQLmap's crawling capabilities are limited, and it's best used against an endpoint which already appears vulnerable. As such, it's usually required to chain multiple tools, and use another tool to crawl/spider a site and pass off interesting requests for further scanning. 

Pricing 

Free 

Burp Suite 

Burp Suite is an attack proxy and vulnerability scanner used to carry out web application security assessments. Burp allows testers to map out applications, carry out automated scans and identify weaknesses through the interception and replaying of web traffic. Augmenting this is a wide library of free and paid for extensions which can be passively or actively used to help the tester discover vulnerabilities. 

Pros 

  • Automations: Burp Suite's Pro plan offers a range of automations that can detect a wide range of weaknesses. 
  • Plugins: Users can install a wide range of plugins from the Burp Suite BApp Store to extend its capabilities. 
  • User-friendly: The tool provides a graphical interface that is easy to navigate. 

Cons 

  • Pay wall: Burp Suite's most useful features are available only on the Professional subscription, which is not free. 

Pricing 

  • Burp Suite Community Edition is free 
  • Burp Suite Professional subscription starts at $449 for one user 

Try Intruder to automate your penetration testing

Some of these tools are virtual Swiss Army knives that run a range of different types of tests, while others are more specialized. Most testers will have several in their armoury, but a vulnerability scanner like Intruder is an ideal place to start. One customer describes it as "convenient but thorough penetration and vulnerability testing wrapped in an affordable package!” Why not try our scanner free for 14 days and put it through its paces? Or get in touch for more information.

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Download now
Author
James Harrison
,
Senior Content Writer

Reviewed by
,

Quick links
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Get regular updates

Get our latest news, research, and expert advice, straight to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended articles

What is an external pentest and how is it carried out?
Penetration testing

What is an external pentest and how is it carried out?

External penetration testing (also known as external network penetration testing) is a security assessment of an organization's perimeter systems.
How much does penetration testing cost in 2024?
Penetration testing

How much does penetration testing cost in 2024?

Understand how penetration tests are quoted and find out what to look out for when choosing a vendor.
What is penetration testing? The ultimate guide
Penetration testing

What is penetration testing? The ultimate guide

We'll walk you through everything you need to know about penetration testing to power up your cyber security.

Sign up for your free 14-day trial

Start today
7 days free trial
Discover the latest in cybersecurity with 7 top pentesting tools for 2024. From automated to manual testing, empower your defenses with cutting-edge solutions.
back to BLOG

7 Top Pentesting Tools for Automated & Manual Testing in 2024

James Harrison
April 1, 2024

Penetration testing is a manual process, but that doesn't mean that many tasks can't be automated with the right tools. In this article, we'll look at how to use automated penetration testing tools to provide continuous protection in between periodic, manual tests.

TL;DR

Best automated pentesting tools

  • Intruder (free trial available)
  • Acunetix (custom quote on application)
  • Qualys (free trial available)

Best manual pentesting tools

  • Kali Linux (open-source)
  • Nmap (open-source)
  • Metasploit (open-source)
  • SQLmap (open-source)
  • Burp Suite (free version available)

What is a penetration test?

penetration test is a simulated attack against your network or systems by a security pro – sometimes known as an ethical hacker – to uncover vulnerabilities in your infrastructure. Their goal is to find out where and how a real hacker might enter and exploit your network, so you can fix any weaknesses before a real attack occurs.  

Think of it like a bank hiring someone to try to break into their building and access the vault. If the ‘burglar' succeeds, the bank can see how and where they need to tighten their security controls to prevent a real breach. Insights provided by the penetration test can then be used to tune up their security policies and patch detected vulnerabilities.  

Manual vs. automated pentesting

Not all vulnerabilities are created equal, while some can be detected automatically, some need the discerning eye (and mind) of a human to spot. For that reason, penetration tests involve a range of activities, some of which are manual and some of which can be automated.

While penetration testers use a huge variety of tools to speed up their work, one type of tool in particular is designed to automate all of the vulnerabilities that can be discovered easily by machine; these are called “vulnerability scanners”. Often when people go searching for an “automated penetration testing tool” what they are really looking for is a vulnerability scanner that is easy to use and can help them cover the important gap in between annual pen-tests.

A simple example of the difference would be that vulnerability scanning might easily spot that the version of web server you are using has known security weaknesses, simply by looking at the version number and comparing it with lists of known vulnerabilities. While a pen-tester is more likely to find a more complex logic flaw like an online shopping cart that lets you add items and not pay for them.

If you'd like to get a deeper understanding, have a read of this blog post on the differences between vulnerabilities and penetration testing.  

Which penetration testing tools do I need?  

This depends on what you want to achieve. Typically, we see two scenarios when people are looking for a penetration testing tool: they're either businesses looking to automate their security efforts and get continuous protection, or pen testing professionals looking for specific tools to get their work done faster. As these tools require more expertise, in this article we'll focus first on what you can automate with little or no previous security knowledge.

3 easy-to-use automated pentesting tools

Most companies are unlikely to have the time or expertise to use most professional penetration testing tools, as only the largest companies have penetration testers in-house. But many tasks, like detecting known software flaws, misconfigurations, missing security patches or unintended exposure to the internet, can easily be automated.

These tools are sometimes called automated pentesting tools or online penetration testing tools – but are more often known as vulnerability scanners. They're designed to be easy to use and provide year-round protection in between manual penetration tests.

For more in-depth info about automated penetration testing, read our explainer on the subject. Here are our top tips and recommendations for automated pentesting tools:

Intruder

Intruder continuously monitors your evolving attack surface with proactive vulnerability scans so you can respond faster to new threats. It's designed with simplicity in mind, but runs over 140,000 security checks across your internal and external perimeter infrastructure, including API and application-layer vulnerability checks for OWASP Top 10XSSSQL injection, CWE/SANS Top 25, remote code execution, OS command injection, and more. Its CloudBot also runs hourly checks for new IP addresses or hostnames in connected AWS, Google Cloud or Azure accounts.

Intruder also provides continuous penetration testing through its unique 'bug hunting' service, which assesses your systems for critical vulnerabilities that aren’t detectable by automated scanners. It prioritizes high-impact issues, from simple misconfigurations that could expose your data to complex attack chains that could give hackers control of your systems.

Key features of Intruder

  • Vulnerabilities are prioritized by context for a holistic view of all vulnerabilities, saving time and reducing your attack surface 
  • Its online vulnerability scanner is easy to set up and use, all you need to know is what to scan - infrastructure, web apps or APIs 
  • It continuously scans your network, kicking off vulnerability scans when it sees a change, an unintentionally exposed service, or an emerging threat 

Find your weaknesses,
before the hackers do

Try Intruder for free

Price

Free 14-day trial, price on website

Acunetix

Acunetix claims to offer the highest XSS and SQL injection rates to provide incredible reach to protect sensitive data. It uses a blend of dynamic application security testing (DAST) and interactive application security testing (IAST) to detect over 7,000 vulnerabilities. These include hard-to-scan places in web applications like password-protected areas and multi-level forms. High levels of automation make prioritizing high-risk areas easier.

Key features of Acunetix

  • Scheduling makes it simple to schedule one-time or recurring scans in multiple environments 
  • High level of automation makes prioritizing high-risk areas easier 
  • Integrates seamlessly with your development tools and DevSecOps processes 

Price

Custom quote on application

Qualys

Known for its broad scanning capabilities and flexibility, Qualys can scan multiple systems from a single console, including cloud environments and your internal network. You can create custom reports that segment and prioritize analytical data, and can be scheduled for more responsive vulnerability management. It can suffer from poor support and lack of integrations.

Key features of Qualys

  • Single pane of glass to view all your assets, vulnerabilities, and compliance status
  • Constantly updated with latest CVEs so new threats don’t go undetected 
  • Discovers forgotten devices and helps your internal teams better organize host assets 

Price

Free trial available, price on application

‍5 top manual pentesting tools 

When it comes to professional penetration testing, a human tester will use specialist software like network sniffers or password crackers. There are many to consider, but here are our top picks for IT professionals taking their first steps into manual pen testing, including open source tools and paid pen testing tools. 

Kali Linux 

Kali Linux is an operating system built specifically for penetration testers. It comes bundled with approximately 600 tools for reconnaissance, discovery and exploitation of vulnerabilities, post-exploitation, forensics and more. 

Pros 

  • Pre-installed toolset: Having these tools pre-installed and automatically maintained means pen testers can spend more time focused on their engagements. 
  • Community and support: Kali Linux has a large community of users and developers, which means there's extensive documentation, tutorials, and forums available for support.

Cons

  • Not best for customizing: Can be customized, but is best used out of the box. Installing additional tools can be challenging without corrupting the build, so building your own Linux-based OS is preferable for more advanced users.

Pricing 

Free 

Nmap 

Nmap (short for network mapper), initially released 25 years ago, is the tried and tested penetration testing tool for reconnaissance and network security scanning. Nmap's probes let testers discover hosts and services within computer networks. Once identified, Nmap's scripting engine and version identification capabilities will give testers the ability to map out a network's attack surface, which will then direct exploitation efforts.

Pros 

  • Fast: It's generally very quick and efficient to run scans with Nmap, including for large networks. 
  • Highly configurable: Nmap offers extensive configurations and its own scripting engine, so you can tailor it to meet your specific requirements. 
  • Compatible: Nmap works on all major operating systems, including Windows, Linux, and macOS. 

 Cons 

  •  No GUI: Nmap is primarily a command line tool. Though there are GUI versions available (Zenmap), it still requires users to read and understand various port scanning flags, and the GUI does not add significant value or ease of use.

Pricing 

Free

Metasploit 

Metasploit is a platform of penetration testing tools and modules for conducting offensive operations. The framework allows testers to carry out vulnerability scans, search for and launch exploits, and manage compromised systems, including a wide array of post-exploitation helpers.

Pros 

  • Exploit database: Metasploit provides a vast database of exploits, payloads, and tools for developing and executing exploits. 
  • Integrations: It integrates well with other tools and can be extended with custom modules and scripts, making it highly flexible. 
  • Ease of use: It has both a command-line interface and a graphical user interface (Pro version), making it accessible to both beginners and experienced users.

Cons 

  • Limited documentation: Certain modules or features are not well-documented, which can make it challenging to implement more advanced functionalities. 
  • Not always up to date: Metasploit's exploit database is not always up to date, so sometimes users must source the latest exploits from elsewhere.

Pricing 

  • Free version available 
  • Pro version (price available on request)

SQLmap 

SQLmap is a pen testing tool for automatically detecting and exploiting SQL injection vulnerabilities in web applications. It automates away the nitty-gritty complexities and lets testers focus on getting impactful results through the extraction, querying and modification of compromised databases.

Pros 

  • Find vulnerabilities quickly: SQLmap automates the process of detecting and exploiting SQL injection flaws, which helps users find vulnerabilities quickly. 
  • Support for multiple databases: It supports a wide range of databases, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and more. 
  • Automated exploitation: SQLmap can automate complex exploitation to extract information from a database which would otherwise require writing custom scripts. For example, extracting a database's contents via a Blind SQL injection weakness. 

Cons 

  • Manual verification required: SQLmap may sometimes produce false positives or miss complex vulnerabilities, requiring manual verification. 
  • Limited scope: SQLmap's crawling capabilities are limited, and it's best used against an endpoint which already appears vulnerable. As such, it's usually required to chain multiple tools, and use another tool to crawl/spider a site and pass off interesting requests for further scanning. 

Pricing 

Free 

Burp Suite 

Burp Suite is an attack proxy and vulnerability scanner used to carry out web application security assessments. Burp allows testers to map out applications, carry out automated scans and identify weaknesses through the interception and replaying of web traffic. Augmenting this is a wide library of free and paid for extensions which can be passively or actively used to help the tester discover vulnerabilities. 

Pros 

  • Automations: Burp Suite's Pro plan offers a range of automations that can detect a wide range of weaknesses. 
  • Plugins: Users can install a wide range of plugins from the Burp Suite BApp Store to extend its capabilities. 
  • User-friendly: The tool provides a graphical interface that is easy to navigate. 

Cons 

  • Pay wall: Burp Suite's most useful features are available only on the Professional subscription, which is not free. 

Pricing 

  • Burp Suite Community Edition is free 
  • Burp Suite Professional subscription starts at $449 for one user 

Try Intruder to automate your penetration testing

Some of these tools are virtual Swiss Army knives that run a range of different types of tests, while others are more specialized. Most testers will have several in their armoury, but a vulnerability scanner like Intruder is an ideal place to start. One customer describes it as "convenient but thorough penetration and vulnerability testing wrapped in an affordable package!” Why not try our scanner free for 14 days and put it through its paces? Or get in touch for more information.

Release Date
Level of Ideal
Comments
Before CVE details are published
🥳
Limited public information is available about the vulnerability.

Red teamers, security researchers, detection engineers, threat actors have to actively research type of vulnerability, location in vulnerable software and build an associated exploit.

Tenable release checks for 47.43% of the CVEs they cover in this window, and Greenbone release 32.96%.
Day of CVE publish
😊
Vulnerability information is publicly accessible.

Red teamers, security researchers, detection engineers and threat actors now have access to some of the information they were previously having to hunt themselves, speeding up potential exploit creation.

Tenable release checks for 17.12% of the CVEs they cover in this window, and Greenbone release 17.69%.
First week since CVE publish
😐
Vulnerability information has been publicly available for up to 1 week.

The likelihood that exploitation in the wild is going to be happening is steadily increasing.

Tenable release checks for 10.9% of the CVEs they cover in this window, and Greenbone release 20.69%.
Between 1 week and 1 month since CVE publish
🥺
Vulnerability information has been publicly available for up to 1 month, and some very clever people have had time to craft an exploit.

We’re starting to lose some of the benefit of rapid, automated vulnerability detection.

Tenable release checks for 9.58% of the CVEs they cover in this window, and Greenbone release 12.43%.
After 1 month since CVE publish
😨
Information has been publicly available for more than 31 days.

Any detection released a month after the details are publicly available is decreasing in value for me.

Tenable release checks for 14.97% of the CVEs they cover over a month after the CVE details have been published, and Greenbone release 16.23%.

With this information in mind, I wanted to check what is the delay for both Tenable and Greenbone to release a detection for their scanners. The following section will focus on vulnerabilities which:

  • Have CVSSv2 rating of 10
  • Are exploitable over the network
  • Require no user interaction

These are the ones where an attacker can point their exploit code at your vulnerable system and gain unauthorised access.

We’ve seen previously that Tenable have remote checks for 643 critical vulnerabilities, and OpenVAS have remote checks for 450 critical vulnerabilities. Tenable release remote checks for critical vulnerabilities within 1 month of the details being made public 58.4% of the time, but Greenbone release their checks within 1 month 76.8% of the time. So, even though OpenVAS has fewer checks for those critical vulnerabilities, you are more likely to get them within 1 month of the details being made public. Let’s break that down further.

In Figure 10 we can see the absolute number of remote checks released on a given day after a CVE for a critical vulnerability has been published. What you can immediately see is that both Tenable and OpenVAS release the majority of their checks on or before the CVE details are made public; Tenable have released checks for 247 CVEs, and OpenVAS have released checks for 144 CVEs. Then since 2010 Tenable have remote released checks for 147 critical CVEs and OpenVAS 79 critical CVEs on the same day as the vulnerability details were published. The number of vulnerabilities then drops off across the first week and drops further after 1 week, as we would hope for in an efficient time-to-release scenario.

Figure 10: Absolute numbers of critical CVEs with a remote check release date from the date a CVE is published

While raw numbers are good, Tenable have a larger number of checks available so it could be unfair to go on raw numbers alone. It’s potentially more important to understand the likelihood that OpenVAS or Tenable will release a check of a vulnerability on any given day after a CVE for a critical vulnerability is released. In Figure 11 we can see that Tenable release 61% their checks on or before the date that a CVE is published, and OpenVAS release a shade under 50% of their checks on or before the day that a CVE is published.

Figure 11: Percentage chance of delay for critical vulnerabilities

So, since 2010 Tenable has more frequently released their checks before or on the same day as the CVE details have been published for critical vulnerabilities. While Tenable is leading at this point, Greenbone’s community feed still gets a considerable percentage of their checks out on or before day 0.

I thought I’d go another step further and try and see if I could identify any trend in each organisations release delay, are they getting better year-on-year or are their releases getting later? In Figure 12 I’ve taken the mean delay for critical vulnerabilities per year and plotted them. The mean as a metric is particularly influenced by outliers in a data set, so I expected some wackiness and limited the mean to only checks released 180 days prior to a CVE being published and 31 days after a CVE being published. These seem to me like reasonable limits, as anything greater than 6 months prior to CVE details being released is potentially a quirk of the check details and anything after a 1-month delay is less important for us.

What can we take away from Figure 12?

  • We can see that between 2011 and 2014 Greenbone’s release delay was better than that of Tenable, by between 5 and 10 days.
  • In 2015 things reverse and for 3 years Tenable is considerably ahead of Greenbone by a matter of weeks.
  • But, then in 2019 things get much closer and Greenbone seem to be releasing on average about a day earlier than Tenable.
  • For both the trendline over an 11-year period is very close, with Tenable marginally beating Greenbone.
  • We have yet to have any data for 2021 for OpenVAS checks for critical show-stopper CVEs.
Figure 12: Release delay year-on-year (lower is better)

With the larger number of checks, and still being able to release a greater percentage of their remote checks for critical vulnerabilities Tenable could win this category. However, the delay time from 2019 and 2020 going to OpenVAS, and the trend lines being so close, I am going to declare this one a tie. It’s a tie.

The takeaway from this is that both vendors are getting their checks out the majority of the time either before the CVE details are published or on the day the details are published. This is overwhelmingly positive for both scanning solutions. Over time both also appear to be releasing remote checks for critical vulnerabilities more quickly.

Get Our Free "Ultimate Guide to Vulnerability Scanning"
Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.
DOWNLOAD OUR FREE PDF GUIDE 

Written by

James Harrison

Recommended articles

9 best DevSecOps tools for 2024 
Christian Gonzalez
November 29, 2023

9 best DevSecOps tools for 2024 

DevSecOps tools help identify security vulnerabilities early in your development process. Explore our list of the best tools for 2024.
Better together: Nuclei and Tenable
James Harrison
February 1, 2024

Better together: Nuclei and Tenable

How do Tenable and Nuclei compare? We researched both to see how they work together for even better coverage.
Is the XZ Utils CVE-2024-3094 as bad as we fear?
Benjamin Marr
April 3, 2024

Is the XZ Utils CVE-2024-3094 as bad as we fear?

Find out everything you need to know about the xz-utils vulnerability (CVE-2024-3094) and what you should do if your systems are at risk.
Ready to get started with your 14-day trial?
Try for free
try for free