Announce : Nessus Alpha 1

Renaud Deraison (deraison@WORLDNET.FR)
Sat, 04 Apr 1998 15:00:35 +0200

N E S S U S

Alpha 1

April 4th, 1998

- Yet another security auditing tool -

I am pleased to announce the availability of the first public
alpha of Nessus.

Nessus is a completely new security auditing tool, released freely
to the public. However, it's an *alpha* version, so do not expect
anything fancy yet...

What is the aim of Nessus project ?

The aim of the Nessus project is to provide an up-to-date and easy to
use security auditing tool that can be used by everyone -- not only
those who can afford it or experts who can understand it.

Key Nessus Features :

o Multihost testing :

The concept of Nessus is not to test a single workstation, but
all the workstations that may have some relationship with a
given host. This includes workstations that belong to the same
domain and those that can mount exported filesystems of other
servers.

o Multithreading :

Because the security test of a whole network can take some
time if the network is big, Nessus is multithread, and can
test an great number of hosts at the same time ( depending on
your CPU power... )

o Plugin support :

Nessus is based upon the support of plugins, which contains
the attacks that are launched against the tested workstations.
Using this method, Nessus will hopefully stay up-to-date...
This alpha version of Nessus has 46 plugins of several
categories (CGI abuses, Denial of Service, remote file access,
information gathering, and so on...)

o Easy-to-write plugins :

Nessus offers a simple and clear API that helps the plugin
developer to write what he wants to. The plugins are written
in C.

o Easy-to-use reporting system :

Nessus reports the holes of your network in a clear maneer,
with a easy to use X11 interface, based upon GTK.

Supported Platforms :

Nessus currently compiles and (hopefully) runs under Linux

I am currently able to support intel Linux as well as PowerPC
Linux.

Needed software :

In order to compile Nessus properly, you need the gtk library.
(I'm using 0.99.3, but any recent version should work).
You can get the gtk library at : ftp.gimp.org

Licensing :

Nessus librairies are licensed under the LGPL and the applications
(Nessus is made up of a server and a client) are licensed under the
GPL.

Call for volunteers :

This is an alpha version, thus there is a lot of things to
do, and since I am alone, I can not do everything...

I need volunteers to port Nessus to other platforms (especially
BSD) as well as to write more plugins.

I also need volunteers to improve the functionalities of Nessus
and to report me all the bugs/compilation troubleshoots they
may encounter

Disclaimers :

Nessus is ALPHA. This means that it's not stable and that
it might not work nor compile on your system.

Also, because Nessus is made up of a server and client,
it can create a large security hole in your workstation if you
decide to let it run all the time (read the documentation about
that subject).

Nessus should only be used against *your* own network, not
someone's else. If you do not know whether you are allowed to
use it against a given network or not, then do not use it.

Download :

You can download Nessus from the following locations :

(those servers are in France -- mirroring in others states
are welcome)
http://www.mygale.org/~nessus/
http://www.worldnet.fr/~deraison/

Bug Reports :

Please your bug reports to Renaud Deraison <deraison@worldnet.fr>,
with the words "Nessus bug" somewhere in the subject.

By the way : I'm leaving France next Monday until next Wednesday,
so I won't be able to answer to your bugs until this date. You
may send your bug reports to <alexisb@mygale.org> while I'm not
here -- he will pass them on/or answer to your questions if he
finds the answer by himself...

There is (currently) no mailing lists about Nessus

Thanks :

Thanks to fyodor <fyodor@dhp.com> for letting me use his
excellent port scanner Nmap <http://www.dhp.com/~fyodor/nmap>

Thanks to the authors of GTK who have made a really good work

Thanks to the KDE team, the announcements of which have
served to made up this one :)

Thanks to anyone willing to pass out this message.

-- Renaud Deraison <deraison@worldnet.fr>