I often review various vulnerability scanners. When I review them, I look at several different things:
- were they able to find a vulnerability I previously missed?
- are they accurate in their findings?
- how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
- sometimes I will also grab the tcpdumps of the audits for even further analysis
- how accessible and easy are they to use by “skiddies”?
- based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?