91528 2003-02-24 21:11 /130 rader/ Renaud Deraison <renaud@tenablesecurity.com> Importerad: 2003-02-24 21:11 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <3645> Ärende: Nessus 2.0 is out ------------------------------------------------------------ I'm pleased to announce the availability of Nessus 2.0. What is Nessus -------------- Nessus is a vulnerability assessment tool available under the GNU General Public Licence (GPL). It runs on many Unix-like systems (Linux/FreeBSD/OpenBSD/ Solaris/IRIX/MacOSX and probably others) but can audit a wide range of hosts, ranging from HP printers to Windows XP. Its complete list of features is available at http://www.nessus.org/features.html What is new in Nessus 2.0 ------------------------- The focus of Nessus 2.0 was to clean up the code and greatly improve the speed of nessusd. As a result, the major changes are : - Brand new NASL interpretor, totally re-written from scratch - Extended the NASL language to support new operators and functions - Smarter plugin scheduling algorithms, for better parallelism - New ways to perform service detection - each plugin which positively identifies a service registers it in the knowledge base. At the end of the scan, services which have not been recognized are flagged and appear in the report - Greatly reduced memory usage - Support for multiple CVE ids per plugin - Support for Bugtraq IDs in the plugins - New port scanner (synscan.nes) which computes the round trip time to the remote host. As a result, scanning firewalled hosts is faster - Slightly improved the HTML reporting What is *not* new in Nessus 2.0 -------------------------------- We did not change the GUI, so if you expect shiny new buttons, they're not there. We prefered to focus on the engine for this release, the rest will follow during the 2.1.x developement cycle. Availability ------------ Nessus 2.0 is available at http://www.nessus.org/download.html Talk ---- I will briefly present the speed improvements of Nessus 2.0 during the talk Ron Gula and I will do about distributed scanning and IDS correlation at CanSecWest (www.cansecwest.com) Release notes ------------ These are platform-specific release notes : o Linux synscan.nes does not work against localhost, because of the way the libpcap-0.4.x performs packet capture on the loopback interface. o FreeBSD / OpenBSD / NetBSD Be sure to create a lot of /dev/bpf on your system before installing Nessus. You may want to check http://cvs.nessus.org/cgi-bin/cvsweb.cgi/~checkout~/nessus-libraries/README.BPF before installing Nessus o Mac OS X MacOS X is supported, provided you installed the developer tools, Apple's X11 server and optionally GTK. Because of the very limited number of BPFs, you may want to disable the 'ping host' plugin and use the tcp connect() port scanner, as there is no easy way to increase those. Nessus includes a workaround but we suggest you avoid using it at this time. o Solaris Be sure to use Bison 1.75 and gnu M4 when compiling Nessus o IRIX Packet capture does not work, so the 'ping host' plugin will always return every host as being dead. Disable it, and use the tcp connect() port scanner. Thanks ------ I would like to thank everyone who took part to the developement process of Nessus 2.0, and in particular : Michel Arboi (who did the NASL rewriting) Javier Fernandez-Sanguino Jay(@kinetic.org) Erik Anderson Michael Scheidell and to everyone who reported bugs, made suggestions, and sent feedback during the whole 1.3.x developement cycle. -- Renaud Deraison Director of Research Tenable Network Security http://www.tenablesecurity.com (91528) /Renaud Deraison <renaud@tenablesecurity.com>/(Ombruten)