Nessus 1.2.0 has been released. Woowoo - it's supposed to be stable
now :)
Here are the changes since Nessus 1.1.14 :
. changes by Nicolas Dubee (ndubee@secway.com) :
- Better support for AF_UNIX sockets
. changes by Brian (bmc@snort.org) :
- CVE references
- several bugfixes in the plugins
. changes by Peter Gründl (pgrundl@kpmg.dk) and
Carsten Joergensen (carstenjoergensen@kpmg.dk) :
- Extensive review of the plugins and therefore numerous fixes
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- FD leak in save_kb.c fixed
. changes by Renaud Deraison (deraison at nessus.org)
<a href="../0112/0003.html#0007qlink1">- It is now possible to upload files to the server when using
the command line client
- lrand48() portability problems worked around
- fixed a bug in the report window that would make it crash
randomly
And here's the official announcement :
The Nessus Team is pleased to announce the availability of Nessus 1.2.0
Nessus is a remote security scanner which has been developped since 1998.
It is free, open-sourced (GPLed) and updated very regularly (and currently
performs over 900 security checks)
What is new in Nessus 1.2, in comparison of Nessus 1.0 ?
--------------------------------------------------------
A lot of changes took place during the two years Nessus 1.2 has been worked
on. Here's a non-exhaustive list :
- Security checks are run in parallel ;
- Full SSL support ;
- "safe checks" option (makes nessusd rely on a banner rather than take
the risk to disable the remote service) ;
- "optimisations" option (make nessusd run "focused" tests (ie: IIS-specific
tests on IIS, and so on...)
- Better CGI auditing ;
- IDS evasion options ;
- KB saving support (can be used for off-line security audits) ;
- Session saving support ;
- Differential scans ;
- New reports file formats ;
- Tuned security checks (for better performance) ;
- More configurable ;
- Improved SMB support (Nessus can log into a domain, and extracts more
information from the tested hosts).
- Scales __much__ better ;
- Kazillions of bugs fixed ;
- And more !
Note that Nessus 1.2.x is the result of two years of work and
improvements, so not everything can be listed. Have a look at the changelogs
for full details (in nessus-core/CHANGES)
Where to get it
---------------
Nessus is available at :
http://www.nessus.org/
and
ftp://ftp.nessus.org/pub/nessus/nessus-1.2.0/
Portability
-----------
Nessus 1.2.0 can be compiled on a wide range of Unixes, including :
- Solaris
- OpenBSD
- FreeBSD
- NetBSD
- Red Hat Linux (and probably other distros)
- Darwin / MacOS X
- ...
A Win32 client (NessusWX) is available for the Win32 platform
(at http://nessuswx.nessus.org)
More toys soon
--------------
A web interface allowing you to mount your own ASP business will be released
soon - keep an eye on our website for details about this :)
Bugs ? What bugs ??
-------------------
If you find bugs or have enhancement requests, please send them to me
(deraison@nessus.org)
Thanks
------
I'd like to thank everyone who tested and improved Nessus when it was labelled
as being unstable.
I would like to thank in particular Michel Arboi (arboi@noos.fr) and
Michael Scheidell (scheidell@fdma.com) who both did an insanely big
amount of work for Nessus 1.2
Thanks,
-- Renaud
now :)
Here are the changes since Nessus 1.1.14 :
. changes by Nicolas Dubee (ndubee@secway.com) :
- Better support for AF_UNIX sockets
. changes by Brian (bmc@snort.org) :
- CVE references
- several bugfixes in the plugins
. changes by Peter Gründl (pgrundl@kpmg.dk) and
Carsten Joergensen (carstenjoergensen@kpmg.dk) :
- Extensive review of the plugins and therefore numerous fixes
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- FD leak in save_kb.c fixed
. changes by Renaud Deraison (deraison at nessus.org)
<a href="../0112/0003.html#0007qlink1">- It is now possible to upload files to the server when using
the command line client
- lrand48() portability problems worked around
- fixed a bug in the report window that would make it crash
randomly
And here's the official announcement :
The Nessus Team is pleased to announce the availability of Nessus 1.2.0
Nessus is a remote security scanner which has been developped since 1998.
It is free, open-sourced (GPLed) and updated very regularly (and currently
performs over 900 security checks)
What is new in Nessus 1.2, in comparison of Nessus 1.0 ?
--------------------------------------------------------
A lot of changes took place during the two years Nessus 1.2 has been worked
on. Here's a non-exhaustive list :
- Security checks are run in parallel ;
- Full SSL support ;
- "safe checks" option (makes nessusd rely on a banner rather than take
the risk to disable the remote service) ;
- "optimisations" option (make nessusd run "focused" tests (ie: IIS-specific
tests on IIS, and so on...)
- Better CGI auditing ;
- IDS evasion options ;
- KB saving support (can be used for off-line security audits) ;
- Session saving support ;
- Differential scans ;
- New reports file formats ;
- Tuned security checks (for better performance) ;
- More configurable ;
- Improved SMB support (Nessus can log into a domain, and extracts more
information from the tested hosts).
- Scales __much__ better ;
- Kazillions of bugs fixed ;
- And more !
Note that Nessus 1.2.x is the result of two years of work and
improvements, so not everything can be listed. Have a look at the changelogs
for full details (in nessus-core/CHANGES)
Where to get it
---------------
Nessus is available at :
http://www.nessus.org/
and
ftp://ftp.nessus.org/pub/nessus/nessus-1.2.0/
Portability
-----------
Nessus 1.2.0 can be compiled on a wide range of Unixes, including :
- Solaris
- OpenBSD
- FreeBSD
- NetBSD
- Red Hat Linux (and probably other distros)
- Darwin / MacOS X
- ...
A Win32 client (NessusWX) is available for the Win32 platform
(at http://nessuswx.nessus.org)
More toys soon
--------------
A web interface allowing you to mount your own ASP business will be released
soon - keep an eye on our website for details about this :)
Bugs ? What bugs ??
-------------------
If you find bugs or have enhancement requests, please send them to me
(deraison@nessus.org)
Thanks
------
I'd like to thank everyone who tested and improved Nessus when it was labelled
as being unstable.
I would like to thank in particular Michel Arboi (arboi@noos.fr) and
Michael Scheidell (scheidell@fdma.com) who both did an insanely big
amount of work for Nessus 1.2
Thanks,
-- Renaud