Hi,
my name is Markus Kämmerer and I'm working as software developer for
probusiness AG in Hannover, Germany. Me and my team is working on an
offer for an invitation to bid from BSI ("Bundesamt für Sicherheit in
der Informationstechnik", german goverment for security in information
technology, http://www.bsi.de/english/index.htm).
The goal of the project is to develop a GUI which allows to call and
access external security tools and collects information created by
these tools. In first stage of development these external tools are
"TIGER, LSOF, NESSUS, SAINT, CRACK, TCP-WRAPPER".
Our plan is to add a c plugin for each external program to nessusd.
The plugin has to manage every special thing about the tool. They
should be startable like any other nessus plugin. If there are common
functions, which can be used with more than one external tool, they
should be included directly in nessusd.
To display the results we want to use the standard nessus interface to
give short description about the problem and security risk. Because
these external tools are more complex and produce more complex output
(and do not follow a common standard) than a standard NASL plugin we
want develop a way to send more than the standard reporting data to
the client. We think, this data can be embedded in special records,
which are plugin depended and are only shown when a client is used,
which supports displaying this information.
To show these special reports to the user we want to improve
NessusWeb. NessusWeb should get extra plugins for these external
tools. This may be necessary for configuring these tools, too. Because
we are not allowed to use JavaScript and ActiveX (for security
reasons) we want to improve NessusWeb to use HTML without embedded
code. We also need a tree display of plugins and a comprehensive help
function. We have to support german and english as languages as far as
possible.
It is important for us and the BSI that this project is supported by
the community. So I want to introduce you this project and ask you if
you want support such a tool. We also want to know if the core
developers of nessus are interested in doing payed development for
this project (especially for the server side daemon nessusd).
Markus
--
Markus Kämmerer Team Software Solutions
pro|business AG, EXPO Plaza 1, 30539 Hannover
E-Mail: MKaemmerer@probusiness.de, Phone.: 0511/60066-0
WWW: http://www.probusiness.de/, Mobile: 0177/5990932
my name is Markus Kämmerer and I'm working as software developer for
probusiness AG in Hannover, Germany. Me and my team is working on an
offer for an invitation to bid from BSI ("Bundesamt für Sicherheit in
der Informationstechnik", german goverment for security in information
technology, http://www.bsi.de/english/index.htm).
The goal of the project is to develop a GUI which allows to call and
access external security tools and collects information created by
these tools. In first stage of development these external tools are
"TIGER, LSOF, NESSUS, SAINT, CRACK, TCP-WRAPPER".
Our plan is to add a c plugin for each external program to nessusd.
The plugin has to manage every special thing about the tool. They
should be startable like any other nessus plugin. If there are common
functions, which can be used with more than one external tool, they
should be included directly in nessusd.
To display the results we want to use the standard nessus interface to
give short description about the problem and security risk. Because
these external tools are more complex and produce more complex output
(and do not follow a common standard) than a standard NASL plugin we
want develop a way to send more than the standard reporting data to
the client. We think, this data can be embedded in special records,
which are plugin depended and are only shown when a client is used,
which supports displaying this information.
To show these special reports to the user we want to improve
NessusWeb. NessusWeb should get extra plugins for these external
tools. This may be necessary for configuring these tools, too. Because
we are not allowed to use JavaScript and ActiveX (for security
reasons) we want to improve NessusWeb to use HTML without embedded
code. We also need a tree display of plugins and a comprehensive help
function. We have to support german and english as languages as far as
possible.
It is important for us and the BSI that this project is supported by
the community. So I want to introduce you this project and ask you if
you want support such a tool. We also want to know if the core
developers of nessus are interested in doing payed development for
this project (especially for the server side daemon nessusd).
Markus
--
Markus Kämmerer Team Software Solutions
pro|business AG, EXPO Plaza 1, 30539 Hannover
E-Mail: MKaemmerer@probusiness.de, Phone.: 0511/60066-0
WWW: http://www.probusiness.de/, Mobile: 0177/5990932