This announcement covers the following topics :
- Nessus 2.2 has been released
- Nessus Book
- Nessus 2.4 release plans
1. Nessus 2.2 has been released
---------------------------------------------------------------------
I'm happy to announce the availability of Nessus 2.2.0.
Nessus 2.2 is now considered as being stable, which means that there
should not be any new update to Nessus 2.0.x.
We'll keep the Nessus 2.2 scripts backward compatible (when possible)
with Nessus 2.0 for a given period of time (about six months), however
I strongly suggest you to upgrade to Nessus 2.2 as soon as possible.
Nessus 2.2 is a new major release of Nessus. It features several
improvements over Nessus 2.0, in particular :
- The ability to log into remote host using SSH to determine the list
of missing patches ;
- The support for signed NASL scripts. A signed NASL script is given
more privileges than regular scripts, and have the ability to execute
commands on the local host ;
- NASL has been extended. NASL scripts can now share sockets and have
more functions at their disposal ;
- Signed plugin update. The tool 'nessus-update-plugins' will now make
sure that the archive you are downloading has been signed properly ;
- An improved knowledge base backend. The new KB can now handle many
more entries, which in turn will give us more flexibility to write
scripts which cooperate even better ;
- The number of cross-references a script can handle (BID, CVE, OSVDB,
etc...) has been increased by a factor of ten ;
- Several memory leaks which in some case would impede with the
execution speed of several NASL scripts
Thanks to everyone who contributed their feedback regarding Nessus
2.2.0RC1 and who helped during the whole 2.1.x cycle.
Note that I have had reports of issues regarding the use of NessusWX and
Nessus 2.2.x - apparently there seems to be too many plugins and
NessusWX does not enable all of them when doing a scan.
At this time, I do not recommend using NessusWX to perform security
assessments and I'll try to come up with a solution soon.
2. Nessus Book
------------------------------------------------------------------------
"Nessus Network Auditing" is a book which has been released by Syngress
Publishing and to which a variety of people contributed.
If you are looking for a guide not only to install Nessus and get it
running, but also to get tips on how to perform large scales scans,
I definitely recommend you have a look at it. A sample chapter is
on-line at <http://www.syngress.com/catalog/sg_main.cfm?pid=2850>
3. Nessus 2.4 release plans
-------------------------------------------------------------------------
Work on Nessus 2.4 is already underway. Nessus 2.4 will contain a
redesigned and unified GUI which works both on Unix and Windows,
IPv6 support, and many other improvements.
At this time, the estimated release date for Nessus 2.4 is early Q1 2005.
-- Renaud
- Nessus 2.2 has been released
- Nessus Book
- Nessus 2.4 release plans
1. Nessus 2.2 has been released
---------------------------------------------------------------------
I'm happy to announce the availability of Nessus 2.2.0.
Nessus 2.2 is now considered as being stable, which means that there
should not be any new update to Nessus 2.0.x.
We'll keep the Nessus 2.2 scripts backward compatible (when possible)
with Nessus 2.0 for a given period of time (about six months), however
I strongly suggest you to upgrade to Nessus 2.2 as soon as possible.
Nessus 2.2 is a new major release of Nessus. It features several
improvements over Nessus 2.0, in particular :
- The ability to log into remote host using SSH to determine the list
of missing patches ;
- The support for signed NASL scripts. A signed NASL script is given
more privileges than regular scripts, and have the ability to execute
commands on the local host ;
- NASL has been extended. NASL scripts can now share sockets and have
more functions at their disposal ;
- Signed plugin update. The tool 'nessus-update-plugins' will now make
sure that the archive you are downloading has been signed properly ;
- An improved knowledge base backend. The new KB can now handle many
more entries, which in turn will give us more flexibility to write
scripts which cooperate even better ;
- The number of cross-references a script can handle (BID, CVE, OSVDB,
etc...) has been increased by a factor of ten ;
- Several memory leaks which in some case would impede with the
execution speed of several NASL scripts
Thanks to everyone who contributed their feedback regarding Nessus
2.2.0RC1 and who helped during the whole 2.1.x cycle.
Note that I have had reports of issues regarding the use of NessusWX and
Nessus 2.2.x - apparently there seems to be too many plugins and
NessusWX does not enable all of them when doing a scan.
At this time, I do not recommend using NessusWX to perform security
assessments and I'll try to come up with a solution soon.
2. Nessus Book
------------------------------------------------------------------------
"Nessus Network Auditing" is a book which has been released by Syngress
Publishing and to which a variety of people contributed.
If you are looking for a guide not only to install Nessus and get it
running, but also to get tips on how to perform large scales scans,
I definitely recommend you have a look at it. A sample chapter is
on-line at <http://www.syngress.com/catalog/sg_main.cfm?pid=2850>
3. Nessus 2.4 release plans
-------------------------------------------------------------------------
Work on Nessus 2.4 is already underway. Nessus 2.4 will contain a
redesigned and unified GUI which works both on Unix and Windows,
IPv6 support, and many other improvements.
At this time, the estimated release date for Nessus 2.4 is early Q1 2005.
-- Renaud