Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Announce : Nessus Alpha 1

Announce : Nessus Alpha 1

Renaud Deraison (deraisonWORLDNET.FR)
Sat, 4 Apr 1998 15:00:35 +0200

                                  N E S S U S

                                    Alpha 1

                                 April 4th, 1998

                     - Yet another security auditing tool -

        I am pleased to announce the availability of the first public
        alpha of Nessus.

        Nessus is a completely new security auditing tool, released freely
        to the public. However, it's an *alpha* version,  so do not expect
        anything fancy yet...

  What is the aim of Nessus project ?

        The aim of the Nessus project is to provide an up-to-date and easy to
        use security auditing tool that can be used  by everyone --  not only
        those who can afford it or experts who can understand it.

  Key Nessus Features :

        o Multihost testing :

          The concept of Nessus is not to test a single workstation, but
          all the  workstations that may have  some  relationship with a
          given host. This includes workstations that belong to the same
          domain and those that can mount exported filesystems  of other

        o Multithreading :

          Because  the  security  test of a  whole network can take some
          time if  the  network  is big, Nessus is multithread,  and can
          test an great number of hosts at the same time ( depending  on
          your CPU power... )

        o Plugin support :

          Nessus is based upon  the support of plugins,  which  contains
          the attacks that are launched against the tested workstations.
          Using this method, Nessus will hopefully stay up-to-date...
          This  alpha  version  of  Nessus  has 46  plugins  of  several
          categories (CGI abuses, Denial of Service, remote file access,
          information gathering, and so on...)

        o Easy-to-write plugins :

          Nessus offers a simple and  clear  API that helps  the plugin
          developer to write what he wants to. The plugins  are written
          in C.

        o Easy-to-use reporting system :

          Nessus reports the holes of your network in  a  clear  maneer,
          with a easy to use X11 interface, based upon GTK.

  Supported Platforms :

        Nessus currently  compiles  and  (hopefully)  runs  under  Linux

        I am currently  able to support intel Linux as  well  as  PowerPC

  Needed software :

        In order to compile Nessus properly, you need the gtk library.
        (I'm using 0.99.3, but any recent version should work).
        You can get the gtk library at : ftp.gimp.org

  Licensing :

        Nessus librairies are  licensed under  the  LGPL and the applications
        (Nessus is made up of a server and a client) are  licensed  under the

  Call for volunteers :

        This is an alpha version, thus there is a lot of things to
        do, and since I am alone, I can not do everything...

        I need volunteers to port Nessus to other platforms (especially
        BSD) as well as to write more plugins.

        I also need volunteers to improve the functionalities of Nessus
        and to report me all  the  bugs/compilation  troubleshoots they
        may encounter

  Disclaimers :

        Nessus is ALPHA. This  means  that  it's  not  stable  and that
        it might not work nor compile on your system.

        Also,  because  Nessus  is  made  up of  a  server  and client,
        it can create a large security hole in your workstation if  you
        decide to let it run all the time (read the documentation about
        that subject).

        Nessus should only  be  used  against  *your* own  network, not
        someone's else. If you do not  know whether you are allowed  to
        use it against a given network or not, then do not use it.

  Download :

        You can download Nessus from the following locations :

        (those servers are in France -- mirroring in others states
         are welcome)

  Bug Reports :

        Please your bug reports to Renaud Deraison <deraisonworldnet.fr>,
        with the  words  "Nessus bug"  somewhere  in  the  subject.

        By the way : I'm leaving France next Monday until next Wednesday,
        so I won't be able to answer to your bugs until this date. You
        may send your bug reports to <alexisbmygale.org> while I'm not
        here -- he will pass them on/or answer to your questions if he
        finds the answer by himself...

        There is (currently) no mailing lists about Nessus

  Thanks :

        Thanks to fyodor <fyodordhp.com> for letting me use his
        excellent port scanner Nmap <http://www.dhp.com/~fyodor/nmap>

        Thanks to the authors of GTK who have made a really good work

        Thanks to the KDE team, the announcements of which have
        served to made up this one :)

        Thanks to anyone willing to pass out this message.

        -- Renaud Deraison <deraisonworldnet.fr>