Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Call to participate: GNessUs security scanner
From: "Adriel Desautels" <adesautels () comcast net>
Date: Mon, 10 Oct 2005 22:21:58 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim, 
        I'd actually be more interested in seeing an open source version of
Core Impact released. I'd love to see a tool that we could build
signatures for and a common language. For example nessus + metasploit
in one framework. All in all nessus is a great tool, but why not
create our own free tool?  

- --> -----Original Message-----
- --> From: full-disclosure-bounces () lists grok org uk 
- --> [mailto:full-disclosure-bounces () lists grok org uk] On 
- --> Behalf Of security curmudgeon
- --> Sent: Monday, October 10, 2005 10:07 PM
- --> To: Tim Brown
- --> Cc: full-disclosure () lists grok org uk
- --> Subject: Re: [Full-disclosure] Call to participate: GNessUs 
- --> security scanner
- --> 
- --> 
- --> Hi Tim,
- --> 
- --> Don't take this as anything but honest questions please! I 
- --> am curious about everyone's thoughts and opinions on this, 
- --> as I have mostly seen Renaud/Ron/Tenable pointing out some 
- --> facts, and most replies being a bit lacking in reason and 
- --> explanation. I ask these questions to *anyone* that has 
- --> replied to the Nessus announcement.
- --> 
- --> : GNessUs is a GPL fork of the Nessus security scanner. As 
- --> a result of
- --> : recent announcements by Tenable, we believe a fork of 
- --> Nessus is required
- --> : to allow future free development of this tool.
- --> : 
- --> : Whilst we would like to believe that we will be able to 
- --> continue to take
- --> : updates of the Nessus 2 source code from the Nessus web 
- --> site we will be
- --> : endeavoring to add fresh functionality and plugins as part of
the
- --> : GNessUs project. The fork will be based on the current 
- --> nessus 2.2.5
- --> : packages from GNU/Debian, the source of which can be 
- --> found above in a
- --> : slightly modified form. We would welcome contact from any 
- --> interested
- --> : developers.
- --> 
- --> Nessus has been open source for a long time. Despite that, 
- --> the majority of contributions have come from a very small 
- --> amount of people. Even with plugins, some 95% (i think) 
- --> were written by the Nessus team, not outside contributors.
- --> 
- --> Recently on DailyDave, Ron Gula replied:
- --> 
- -->   > Now that it is being closed, I wonder how long it takes 
- --> before the
- -->   > community once supporting Renauld will fork the current 
- -->  code and
- -->   > carry on by themselves.
- --> 
- -->   We haven't had any support of this kind. I really feel 
- --> there are very
- -->   capable programers out there who can contribute to 
- --> Nessus, but to date
- -->   we haven't really gotten any. Even on the NASL vuln check side,
a
- -->   majority of the plugins are Tenable.
- --> 
- --> Renaud has also pointed this out, although I can't find the 
- --> exact quote/list post. As far as the Nessus engine and 
- --> functionality, there have been basically no real 
- --> contributions or enhancements from anyone other than the 
- --> core team/Tenable.
- --> 
- --> All that said, my questions: Why do you see a need to fork 
- --> the Nessus tree at this time? Why haven't you or anyone 
- --> else contributed in the past? 
- --> Finally, do you think that if more people supported Nessus 
- --> with contributions of code/time/enhancements, that they 
- --> would have kept things the same?
- --> _______________________________________________
- --> Full-Disclosure - We believe in it.
- --> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
- --> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: http://www.secnetops.com

iQA/AwUBQ0shxpNLRT/rHZe1EQKM4gCfeBoiLqR9nXhlPqEZvjWSkI6/WLQAn33I
pJ2jHrqZh7CTZI3FBPGLd+hm
=xAv3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault