5104860 2000-05-17 21:04 /86 rader/ Postmaster Mottagare: Bugtraq (import) <10880> Ärende: announce : Nessus 1.0 released ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: BUGTRAQ@SECURITYFOCUS.COM X-Sender: renaud@prof.fr.nessus.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: <Pine.LNX.4.21.0005171224270.2198-100000@prof.fr.nessus.org> Date: Wed, 17 May 2000 12:25:49 +0200 Reply-To: Renaud Deraison <deraison@CVS.NESSUS.ORG> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Renaud Deraison <deraison@CVS.NESSUS.ORG> Organization: The Nessus Project <http://www.nessus.org> X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM The Nessus team is pleased to announce the availability of Nessus 1.0 Nessus is a remote security scanner which has been developped over the last two years. It is free, open-sourced (GPLed), and updated very regularly. Nessus performs as many security checks as you could expect from a commercial security scanner (over 400) and is very up-to-date regarding this issue. It also has its own unique features, such as services recognition (so that a web server running on port 8080 will _also_ be tested), its own scripting language, and many more (see http://www.nessus.org/features.html). It can export reports in several format : HTML, "Spiffy HTML" (with pies and graphs), ascii text, LaTeX, and an easy to parse file format. It is made up of a client (the interface) and a server (which performs the attacks). The client runs under Linux, FreeBSD, Solaris and WindowsNT. It optionally requires GTK (a command-line only client can be built), and may work under other operating systems which have gcc installed. The server runs under Linux, FreeBSD, OpenBSD and Solaris. There is a *very experimental* HP/UX support, although we do not make any garantees regarding it. <rant> We have had reports saying that some commercial vendors are spreading FUD about Nessus. Such as "are you ready to test the security of your network with a tool whose developement may be stopped when the authors are bored with it ?". As we have no plans to drop this project, you should not only have NO fear to use it regularly to audit your network, but you should also yell at the guy who tells you that. And throw something at his head too. To prevent this, we announce that we have formed a company to sell services and support to Nessus users. (the scanner itself continues to be free and maintained). (and to these commercials guys : WE KNOW WHO YOU ARE) </rant> Because we do not consider bugtraq as an advertisement channel, the name of this company nor its web site will be mentionned. (although they are easy to guess :) They will be mentionned on the Nessus web page in a few weeks. For now, just remember : "Nessus won't be dropped" URLs : The Nessus site : http://www.nessus.org Direct download : http://www.nessus.org/download/ List of security checks : http://cgi.nessus.org/plugins/ Screenshots and sample reports are available on the web site. Thanks to Max Vision and Andrew Fried for having hosted / hosting the Nessus website Thanks to Jim Brachuk for hosting the Nessus mailing list Thanks to every mirrorer of the Nessus web site and Ftp archives Thanks to every Nessus user who submitted bug reports and requests for enhancements over the last two years. Bug reports should be sent to bugs@cvs.nessus.org, not to me. -- Renaud (5104860) ------------------------------------------(Ombruten)