Results 1 to 10 of 10

Thread: Nasl

  1. #1
    Senior Member
    Join Date
    Nov 2002
    Posts
    339

    Nasl

    For those of you that don't know what nessus is or maybe you've heard of it but maybe havent put any time into gathering info on it, it is THE best vulnerbility scanner in my opion, and I will tell you why:
    1)You can review the source-code of the main tool and any of the security checks to look for dangerous functions

    2)A large group of developers are involved in seeing at its success

    3)It is free

    4)You can write your ver own vulnerbility checks and incorporate them into the scanner

    And it is this last reason that I post this thread, for those of you wishing to learn the architecture behind this great program and write your own scripts. Here it is http://www.nessus.org/doc/nasl.html
    I suggest for any of you that are serious about getting into security that you take the time to learn about this program, hope this helps someone.Take it easy people.
    Don\'t be a bitch! Use Slackware.

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Good Post.........Interesting stuff. I'd give you some positive points but Im only at 46 so they'd only be grey. Good job though.

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    i heard of the tool ..but didnt gather information on what it does ...now i'll make sure i download it ...

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    115
    when using nessus, please be careful, especially if you're running at work since some of the plugins are capable of DoS.

    w0rm3y

  5. #5
    Senior Member
    Join Date
    Nov 2002
    Posts
    339
    w0rm: for most situations, there are exceptions, you should always have the DoS plug in turned off, sending only a few packets can take a host off line, so yes good call. It should be pretty common sense what the plug ins do, and if you are unsure, you should have no problem finding the answers in the man pages or a quick search online.
    Don\'t be a bitch! Use Slackware.

  6. #6
    str34m3r
    Guest
    I just hope nessus doesn't go the way SAINT did. I remember the good old days when SAINT was free. Now you pay thousands of dollars up front plus a subscription fee every year. As long as nessus stays free, I'll continue to sing its praises. It's always nice to know that if something goes wrong, I can run into the source code and fix it.

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    Originally posted here by w0rm3y
    when using nessus, please be careful, especially if you're running at work since some of the plugins are capable of DoS.

    w0rm3y
    Hi,
    If you select "Enable All" in plugins box, there is a high probability that you will cause the targeted machine/your box to crash ( yes don't use someone else box! it's illegal without permission, so please be careful ) and the better way to choose the plugins is..choose "Enable All but Dangerous Plugins".


    Just my opinion though

    Cheerss
    Not an image or image does not exist!
    Not an image or image does not exist!

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    You can actually generate a **** storm of traffic with NESSUS but it has a nice safeguard in that even if you choose to run 1000 simultanious scans against a single host, you still can't go higher than 10 scans unless "be_nice =" is set to "no" in the nessusd.conf file.

    Yes, I tried a demo copy of SAINT and while it seems to do a decent job, it is very cumbersome to configure these days (as far as scan options go, not setup). It seems that every option in the world is on one HTML page. In my opinion, NESSUS is far superior.

    -TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    115
    well actually, denaud did start tenablesecurity.com which is commercial version, but i think they're moving ahead with the open source support still.

    -w0rm3y

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    well actually, denaud
    LOL, it's Renaud (I know that you fat fingered the name) and yes they have both a commercial and open source line of products. They are right in Columbia MD, a stones throw down the road from my office. What's funny is that most people think that Renaud is an old guy but he is only about 23 years old.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •