Tomorrow I will be speaking at Tenable Security Day. My presentation is called "Blind spots in the Knowledge Bases of Vulnerability scanners". Now I want to present the full reports that I generated so that you can have a look. I compared knowledge bases of Nessus and OpenVAS (GVM + GCF).
1. I took 352 CVEs from the CISA Known Exploited Vulnerabilities Catalog and used VulnKBDiff to see which ones are in Nessus and OpenVAS [1]. Not all CVEs from the сatalog are covered.
2. I took 20131 CVEs published in 2021 and used VulnKBDiff to see which ones are in Nessus and OpenVAS [2] . Nessus can't detect 14606 [3] vulnerabilities, so I decided to take a closer look at them.
3. Using Vulristics, I identified 1389 [4] of 14606 vulnerabilities that have a public exploit and made a full Vulristics report [5] (3,6 mb) for them based on Vulners data.