Hi,
I've just released Nessus 1.1.5 (experimental). A lot of changes went
through, which is mostly why it took so long between 1.1.4 and 1.1.5.
In a nutshell, here are the changes :
- The client/server communication is now done on top of OpenSSL instead
of PEKS (which means an 1.1.5 client can only talk to a 1.1.5 server)
Note that at this time, the client does not check the server
certificate, which means it's vulnerable to man-in-the-middle attacks.
This will be addressed in 1.1.6 (or later on, but before 1.2 ;)
- Optimizations were done all over the place, so if you want to rely on
banners, you should see extremely few false positives (let me know if
you see any)
- There's a new GUI for the reports. The nice thing is that it can
handle a large number of hosts without needing additional memory.
Let me know what you think about it.
- A kazillion of bugfixes went through.
The usual warning :
*** Nessus 1.1.x is labeled as being experimental. This means that you
*** should not expect things to be completely polished. For instance
*** the server spits a lot of SSL debug messages which are not pretty,
*** or some functionality may not work as expected...
*** "Experimental" also means that things may crash, as the code was
*** less tested
You can download it at :
ftp://ftp.nessus.org/pub/nessus/unstable/nessus-1.1.5/
or
http://www.nessus.org/experimental.html
Thanks for your bug reports,
-- Renaud
I've just released Nessus 1.1.5 (experimental). A lot of changes went
through, which is mostly why it took so long between 1.1.4 and 1.1.5.
In a nutshell, here are the changes :
- The client/server communication is now done on top of OpenSSL instead
of PEKS (which means an 1.1.5 client can only talk to a 1.1.5 server)
Note that at this time, the client does not check the server
certificate, which means it's vulnerable to man-in-the-middle attacks.
This will be addressed in 1.1.6 (or later on, but before 1.2 ;)
- Optimizations were done all over the place, so if you want to rely on
banners, you should see extremely few false positives (let me know if
you see any)
- There's a new GUI for the reports. The nice thing is that it can
handle a large number of hosts without needing additional memory.
Let me know what you think about it.
- A kazillion of bugfixes went through.
The usual warning :
*** Nessus 1.1.x is labeled as being experimental. This means that you
*** should not expect things to be completely polished. For instance
*** the server spits a lot of SSL debug messages which are not pretty,
*** or some functionality may not work as expected...
*** "Experimental" also means that things may crash, as the code was
*** less tested
You can download it at :
ftp://ftp.nessus.org/pub/nessus/unstable/nessus-1.1.5/
or
http://www.nessus.org/experimental.html
Thanks for your bug reports,
-- Renaud