Alpha 1
April 4th, 1998
- Yet another security auditing tool -
I am pleased to announce the availability of the first public
alpha of Nessus.
Nessus is a completely new security auditing tool, released freely
to the public. However, it's an *alpha* version, so do not expect
anything fancy yet...
What is the aim of Nessus project ?
The aim of the Nessus project is to provide an up-to-date and easy to
use security auditing tool that can be used by everyone -- not only
those who can afford it or experts who can understand it.
Key Nessus Features :
o Multihost testing :
The concept of Nessus is not to test a single workstation, but
all the workstations that may have some relationship with a
given host. This includes workstations that belong to the same
domain and those that can mount exported filesystems of other
servers.
o Multithreading :
Because the security test of a whole network can take some
time if the network is big, Nessus is multithread, and can
test an great number of hosts at the same time ( depending on
your CPU power... )
o Plugin support :
Nessus is based upon the support of plugins, which contains
the attacks that are launched against the tested workstations.
Using this method, Nessus will hopefully stay up-to-date...
This alpha version of Nessus has 46 plugins of several
categories (CGI abuses, Denial of Service, remote file access,
information gathering, and so on...)
o Easy-to-write plugins :
Nessus offers a simple and clear API that helps the plugin
developer to write what he wants to. The plugins are written
in C.
o Easy-to-use reporting system :
Nessus reports the holes of your network in a clear maneer,
with a easy to use X11 interface, based upon GTK.
Supported Platforms :
Nessus currently compiles and (hopefully) runs under Linux
I am currently able to support intel Linux as well as PowerPC
Linux.
Needed software :
In order to compile Nessus properly, you need the gtk library.
(I'm using 0.99.3, but any recent version should work).
You can get the gtk library at : ftp.gimp.org
Licensing :
Nessus librairies are licensed under the LGPL and the applications
(Nessus is made up of a server and a client) are licensed under the
GPL.
Call for volunteers :
This is an alpha version, thus there is a lot of things to
do, and since I am alone, I can not do everything...
I need volunteers to port Nessus to other platforms (especially
BSD) as well as to write more plugins.
I also need volunteers to improve the functionalities of Nessus
and to report me all the bugs/compilation troubleshoots they
may encounter
Disclaimers :
Nessus is ALPHA. This means that it's not stable and that
it might not work nor compile on your system.
Also, because Nessus is made up of a server and client,
it can create a large security hole in your workstation if you
decide to let it run all the time (read the documentation about
that subject).
Nessus should only be used against *your* own network, not
someone's else. If you do not know whether you are allowed to
use it against a given network or not, then do not use it.
Download :
You can download Nessus from the following locations :
(those servers are in France -- mirroring in others states
are welcome)
http://www.mygale.org/~nessus/
http://www.worldnet.fr/~deraison/
Bug Reports :
Please your bug reports to Renaud Deraison <deraison@worldnet.fr>,
with the words "Nessus bug" somewhere in the subject.
By the way : I'm leaving France next Monday until next Wednesday,
so I won't be able to answer to your bugs until this date. You
may send your bug reports to <alexisb@mygale.org> while I'm not
here -- he will pass them on/or answer to your questions if he
finds the answer by himself...
There is (currently) no mailing lists about Nessus
Thanks :
Thanks to fyodor <fyodor@dhp.com> for letting me use his
excellent port scanner Nmap <http://www.dhp.com/~fyodor/nmap>
Thanks to the authors of GTK who have made a really good work
Thanks to the KDE team, the announcements of which have
served to made up this one :)
Thanks to anyone willing to pass out this message.
-- Renaud Deraison <deraison@worldnet.fr>