Results 1 to 8 of 8

Thread: Attention NESSUS users...

  1. #1
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885

    Attention NESSUS users...

    Many of you use the NessusWX Win32 front-end with Nessus. As of the 2.2.0 release of Nessus, the NessusWX front-end no longer works properly. Through some efforts, I found out that no one has stepped up to continue development of the WX client. If you update your Nessus server and find that things no longer work in WX, this would be the reason. If you have never scanned using the command line on the nessus server and you think that a quick tutorial would be helpful, just let me know and I will right a quickstart tut for command line Nessus syntax.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  2. #2
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    Or if you are the reading inclined, here is a neat flash video that can get you started with using Nessus, however it doesnt give much insight on the dozens of commands for nessus. Thats where thehorse comes in.

    http://www.whitehat.co.il/movies/fla...essus-new.html

    Cheers
    The command completed successfully.


    \"They drew first blood not me.\"

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    All is not lost. Renaud, the developer of Nessus, has this to say about future GUI support:

    "In Nessus 2.4, the GTK GUI will be improved greatly (you can already have a glimpse of it in HEAD - aka Nessus 2.3 - however it is not considered as stable yet). Once the GUI work is done, it will be ported to Windows, thus offering the same experience on both Unix and Win32 platforms."

    -- Renaud

    Time to DL the 2.3 build and go on a bug hunt. ;-)

    **NOTE** Someone released a NessusWX1.4.4-NP build that is *supposed* to fix the 2.2.0 Nessus issue though I have not tested it myself. You can grab it at www.nessus.org.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    UPDATE:

    This is great news. Another reason I love the Nessus project....


    Hello everyone,

    I'd like to do several announcements today :


    1. Change in policy in the Nessus Plugin Feed
    2. Nessus 2.2.1 has been released
    3. NessusWX workaround
    4. Nessus.org got a facelift


    1. Change in policy in the Nessus Plugin Feed
    ---------------------------------------------

    We have decided to change the way the new plugins are being released and published. Today, whenever a user types 'nessus-update-plugins', he receives all the newest plugins from http://www.nessus.org/nasl/all-2.0.tar.gz.


    Basically, several changes are occuring :

    - The first one, is that the current feed will only contain GPL plugins
    (ie: currently about 2,000 plugins). This means that the current command "nessus-update-plugins" will continue to work properly, but you will get less plugins than what you can get today, as (as many of you have noticed), plugins released by my company (Tenable) are *not* released under the GPL

    - When downloading Nessus 2.2.1 (and newer), you now have the opportunity to "register". ie: submit your email address and you will receive an "activation code", which will entitle you to receive a full plugin feed (GPL + Tenable). We do not intend to contact you thru this email address, except to send you an activation code and to inform you if you generate too much traffic (believe it or not, there are people out there downloading all the Nessus plugins _EVERY MINUTE_). To use the activation code, you'll need to upgrade to Nessus 2.2.1 and use the new 'nessus-fetch' command line utility.

    - Users now have the opportunity to buy access to a "Direct Plugin Feed". What this really means is that the free feed will actually be delayed by seven days for non-GPL plugins. If you are one of these companies who need to be 100% up-to-date, such a subscription will be of some interest to you. More information at :

    http://www.tenablesecurity.com/products/direct.shtml


    So there are three ways to update plugins now :

    - a GPL feed containing the plugins submitted by the community ;

    - a Registered feed containing the latest plugins submitted by
    the community, and the plugins written by Tenable delayed
    by 7 days ;

    - a commercial Direct Feed which contains all the newest and greatest
    plugins ;



    2. Nessus 2.2.1 has been released
    ---------------------------------

    I am very happy with the whole Nessus 2.2.x serie - there has been no showstopper so far, apart from minor bugs. Nessus 2.2.1 contains the following fixes and improvements :

    - We now turned on TCP buffering for every TCP sockets, which should reduce the number of system calls and lower the load on a given host. That allowed us to spot a minor bug in the buffering code that we fixed as well ;

    - We added a new utility called "nessus-fetch" which is intended to be a replacement for wget/lynx/curl/whatever was used by nessus-update-plugins.

    - Michel wrote a new TCP port scanner which replaces nmap_tcp_connect.nes, which not only performs a port scan but also grabs banners on the fly, which in turn makes find_service.nes much faster.

    - We fixed two bugs:
    - bug#1065: nessusd would do an endless stream of
    gethostbyname() when testing a non-existant host name

    - bug#1076: The nessus scripts would not work under bash 3.0


    3. NessusWX work around
    -----------------------

    Nicolas Pouvesle attempted to fix a bug in NessusWX which prevents it to work with Nessus 2.2.0. We've (re-)released NessusWX-1.4.4-NP which is an unoffocial version which now works. If you tried it yesterday,
    try the new binary we uploaded this morning.


    4. Nessus.org got a facelift
    ----------------------------

    The Nessus website has been re-done ! The new website is hopefully cleaner and clearer. If you encounter dead links, typos or any other problem, please let me know !



    Thanks,

    -- Renaud
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    From thehorse13: If you have never scanned using the command line on the nessus server and you think that a quick tutorial would be helpful, just let me know and I will right a quickstart tut for command line Nessus syntax.
    Would you consider writing a quickstart for the command line for Nessus please? I saw you have a tut for the installation (http://www.antionline.com/showthread...hreadid=247255) and I was looking for a quick guide on how to use it best. Thanks in advance for considering it.

    Also - being new to network security, I was trying to find out if NESSUS or security scanners in general will work across differnent networks?

    I've been assigned to do some security scanning on a recently acquired company, but they have their own network and firewall. I was able to use SuperScan and get some results, but I need to tell them if they have any vulnerabilities, but I am thinking that NESSUS is not made to scan in front of firewalls -- and I don't want to knock down any servers in the process.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Sure. In fact, I was just mucking with the command line NASL engine the entire week.

    This will be a VERY short quickstart guide. I will have it posted by late today or possibly early Monday. On weekends, TheHorse13 does not go near computers unless absolutely necessary.


    but I am thinking that NESSUS is not made to scan in front of firewalls -- and I don't want to knock down any servers in the process.
    On the contrary, it is indeed designed for this and you can run the W32 GUI with safechecks and non DOS plugins so that you don't crush anything.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    TheHorse,
    I have never used Nessus. I think a tutorial for the command line interface would be great, as well as a how-to-guide using the GUI interface. I bet there are guides out there, and if so I shall start looking. If you created these tutorials, I would definately pay attention to them.

  8. #8
    Sure. In fact, I was just mucking with the command line NASL engine the entire week. This will be a VERY short quickstart guide. I will have it posted by late today or possibly early Monday. On weekends, TheHorse13 does not go near computers unless absolutely necessary.
    Thanks in advance - from all of us! Also - I completely understand about weekends and computers with no-touchee - the boss - the real boss - doesn't like it when I do - so I don'ts.

    On the contrary, it is indeed designed for this and you can run the W32 GUI with safechecks and non DOS plugins so that you don't crush anything.
    Coolness - we were digging around for documentation on the matter - and your reply sped that process up for finding an answer to our query - thanks again. I have also asked the site in question if they run ISS or NESSUS on a continual basis - so that we can review their reports (I'm thinking the most current and N-1).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •