Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: announce

Nessus 1.1.5 (experimental) has been released

 

 

Nessus announce RSS feed   Index | Previous | View Threaded


deraison at cvs

Oct 5, 2001, 4:57 PM

Post #1 of 1 (1031 views)
Permalink
Nessus 1.1.5 (experimental) has been released

Hi,

I've just released Nessus 1.1.5 (experimental). A lot of changes went
through, which is mostly why it took so long between 1.1.4 and 1.1.5.

In a nutshell, here are the changes :

- The client/server communication is now done on top of OpenSSL instead
of PEKS (which means an 1.1.5 client can only talk to a 1.1.5 server)
Note that at this time, the client does not check the server
certificate, which means it's vulnerable to man-in-the-middle attacks.
This will be addressed in 1.1.6 (or later on, but before 1.2 ;)

- Optimizations were done all over the place, so if you want to rely on
banners, you should see extremely few false positives (let me know if
you see any)

- There's a new GUI for the reports. The nice thing is that it can
handle a large number of hosts without needing additional memory.
Let me know what you think about it.

- A kazillion of bugfixes went through.

The usual warning :

*** Nessus 1.1.x is labeled as being experimental. This means that you
*** should not expect things to be completely polished. For instance
*** the server spits a lot of SSL debug messages which are not pretty,
*** or some functionality may not work as expected...
*** "Experimental" also means that things may crash, as the code was

*** less tested


You can download it at :


ftp://ftp.nessus.org/pub/nessus/unstable/nessus-1.1.5/

or
http://www.nessus.org/experimental.html


Thanks for your bug reports,

-- Renaud

Nessus announce RSS feed   Index | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.