[LWN Logo]

Date:         Wed, 17 May 2000 12:25:49 +0200
From: Renaud Deraison <deraison@CVS.NESSUS.ORG>
Subject:      announce : Nessus 1.0 released
To: BUGTRAQ@SECURITYFOCUS.COM

The Nessus team is pleased to announce the availability of Nessus 1.0


Nessus is a remote security scanner which has been developped over the last
two years. It is free, open-sourced (GPLed), and updated very regularly.

Nessus performs as many security checks as you could expect from a commercial
security scanner (over 400) and is very up-to-date regarding this issue.
It also has its own unique features, such as services recognition (so that
a web server running on port 8080 will _also_ be tested), its own scripting
language, and many more (see http://www.nessus.org/features.html).

It can export reports in several format : HTML, "Spiffy HTML" (with pies and
graphs), ascii text, LaTeX, and an easy to parse file format.

It is made up of a client (the interface) and a server (which performs the
attacks).

The client runs under Linux, FreeBSD, Solaris and WindowsNT. It optionally
requires GTK (a command-line only client can be built), and
may work under other operating systems which have gcc installed.

The server runs under Linux, FreeBSD, OpenBSD and Solaris. There is a
*very experimental* HP/UX support, although we do not make any garantees
regarding it.

<rant>
We have had reports saying that some commercial vendors are spreading FUD
about Nessus. Such as "are you ready to test the security of your
network with a tool whose developement may be stopped when the authors
are bored with it ?".

As we have no plans to drop this project, you should not only
have NO fear to use it regularly to audit your network, but you should also
yell at the guy who tells you that. And throw something at his head too.

To prevent this, we announce that we have formed a company to sell services
and support to Nessus users. (the scanner itself continues to be free and
maintained). (and to these commercials guys : WE KNOW WHO YOU ARE)
</rant>

Because we do not consider bugtraq as an advertisement channel, the name
of this company nor its web site will be mentionned. (although they
are easy to guess :) They will be mentionned on the Nessus web page
in a few weeks. For now, just remember : "Nessus won't be dropped"


URLs :

The Nessus site : http://www.nessus.org
Direct download : http://www.nessus.org/download/

List of security checks : http://cgi.nessus.org/plugins/


Screenshots and sample reports are available on the web site.


Thanks to Max Vision and Andrew Fried for having hosted / hosting the Nessus
website
Thanks to Jim Brachuk for hosting the Nessus mailing list
Thanks to every mirrorer of the Nessus web site and Ftp archives
Thanks to every Nessus user who submitted bug reports and requests
for enhancements over the last two years.

Bug reports should be sent to bugs@cvs.nessus.org, not to me.




				-- Renaud