Everhart,Glenn From: Renaud Deraison [deraison@WORLDNET.FR] Sent: Saturday, April 04, 1998 8:01 AM To: BUGTRAQ@NETSPACE.ORG Subject: Announce : Nessus Alpha 1 N E S S U S Alpha 1 April 4th, 1998 - Yet another security auditing tool - I am pleased to announce the availability of the first public alpha of Nessus. Nessus is a completely new security auditing tool, released freely to the public. However, it's an *alpha* version, so do not expect anything fancy yet... What is the aim of Nessus project ? The aim of the Nessus project is to provide an up-to-date and easy to use security auditing tool that can be used by everyone -- not only those who can afford it or experts who can understand it. Key Nessus Features : o Multihost testing : The concept of Nessus is not to test a single workstation, but all the workstations that may have some relationship with a given host. This includes workstations that belong to the same domain and those that can mount exported filesystems of other servers. o Multithreading : Because the security test of a whole network can take some time if the network is big, Nessus is multithread, and can test an great number of hosts at the same time ( depending on your CPU power... ) o Plugin support : Nessus is based upon the support of plugins, which contains the attacks that are launched against the tested workstations. Using this method, Nessus will hopefully stay up-to-date... This alpha version of Nessus has 46 plugins of several categories (CGI abuses, Denial of Service, remote file access, information gathering, and so on...) o Easy-to-write plugins : Nessus offers a simple and clear API that helps the plugin developer to write what he wants to. The plugins are written in C. o Easy-to-use reporting system : Nessus reports the holes of your network in a clear maneer, with a easy to use X11 interface, based upon GTK. Supported Platforms : Nessus currently compiles and (hopefully) runs under Linux I am currently able to support intel Linux as well as PowerPC Linux. Needed software : In order to compile Nessus properly, you need the gtk library. (I'm using 0.99.3, but any recent version should work). You can get the gtk library at : ftp.gimp.org Licensing : Nessus librairies are licensed under the LGPL and the applications (Nessus is made up of a server and a client) are licensed under the GPL. Call for volunteers : This is an alpha version, thus there is a lot of things to do, and since I am alone, I can not do everything... I need volunteers to port Nessus to other platforms (especially BSD) as well as to write more plugins. I also need volunteers to improve the functionalities of Nessus and to report me all the bugs/compilation troubleshoots they may encounter Disclaimers : Nessus is ALPHA. This means that it's not stable and that it might not work nor compile on your system. Also, because Nessus is made up of a server and client, it can create a large security hole in your workstation if you decide to let it run all the time (read the documentation about that subject). Nessus should only be used against *your* own network, not someone's else. If you do not know whether you are allowed to use it against a given network or not, then do not use it. Download : You can download Nessus from the following locations : (those servers are in France -- mirroring in others states are welcome) http://www.mygale.org/~nessus/ http://www.worldnet.fr/~deraison/ Bug Reports : Please your bug reports to Renaud Deraison , with the words "Nessus bug" somewhere in the subject. By the way : I'm leaving France next Monday until next Wednesday, so I won't be able to answer to your bugs until this date. You may send your bug reports to while I'm not here -- he will pass them on/or answer to your questions if he finds the answer by himself... There is (currently) no mailing lists about Nessus Thanks : Thanks to fyodor for letting me use his excellent port scanner Nmap Thanks to the authors of GTK who have made a really good work Thanks to the KDE team, the announcements of which have served to made up this one :) Thanks to anyone willing to pass out this message. -- Renaud Deraison