RE: [Full-disclosure] Call to participate: GNessUs security scanner

From: Adriel Desautels (adesautels_at_comcast.net)
Date: 10/11/05

  • Next message: Mary Landesman: "Re: [Full-disclosure] PAYPAL security, hundred or thausend of buyers under cc fraud"
    To: "'security curmudgeon'" <jericho@attrition.org>, "'Tim Brown'" <timb@gnessus.org>
    Date: Mon, 10 Oct 2005 22:21:58 -0400
    
    

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Tim,
            I'd actually be more interested in seeing an open source version of
    Core Impact released. I'd love to see a tool that we could build
    signatures for and a common language. For example nessus + metasploit
    in one framework. All in all nessus is a great tool, but why not
    create our own free tool?

    - --> -----Original Message-----
    - --> From: full-disclosure-bounces@lists.grok.org.uk
    - --> [mailto:full-disclosure-bounces@lists.grok.org.uk] On
    - --> Behalf Of security curmudgeon
    - --> Sent: Monday, October 10, 2005 10:07 PM
    - --> To: Tim Brown
    - --> Cc: full-disclosure@lists.grok.org.uk
    - --> Subject: Re: [Full-disclosure] Call to participate: GNessUs
    - --> security scanner
    - -->
    - -->
    - --> Hi Tim,
    - -->
    - --> Don't take this as anything but honest questions please! I
    - --> am curious about everyone's thoughts and opinions on this,
    - --> as I have mostly seen Renaud/Ron/Tenable pointing out some
    - --> facts, and most replies being a bit lacking in reason and
    - --> explanation. I ask these questions to *anyone* that has
    - --> replied to the Nessus announcement.
    - -->
    - --> : GNessUs is a GPL fork of the Nessus security scanner. As
    - --> a result of
    - --> : recent announcements by Tenable, we believe a fork of
    - --> Nessus is required
    - --> : to allow future free development of this tool.
    - --> :
    - --> : Whilst we would like to believe that we will be able to
    - --> continue to take
    - --> : updates of the Nessus 2 source code from the Nessus web
    - --> site we will be
    - --> : endeavoring to add fresh functionality and plugins as part of
    the
    - --> : GNessUs project. The fork will be based on the current
    - --> nessus 2.2.5
    - --> : packages from GNU/Debian, the source of which can be
    - --> found above in a
    - --> : slightly modified form. We would welcome contact from any
    - --> interested
    - --> : developers.
    - -->
    - --> Nessus has been open source for a long time. Despite that,
    - --> the majority of contributions have come from a very small
    - --> amount of people. Even with plugins, some 95% (i think)
    - --> were written by the Nessus team, not outside contributors.
    - -->
    - --> Recently on DailyDave, Ron Gula replied:
    - -->
    - --> > Now that it is being closed, I wonder how long it takes
    - --> before the
    - --> > community once supporting Renauld will fork the current
    - --> code and
    - --> > carry on by themselves.
    - -->
    - --> We haven't had any support of this kind. I really feel
    - --> there are very
    - --> capable programers out there who can contribute to
    - --> Nessus, but to date
    - --> we haven't really gotten any. Even on the NASL vuln check side,
    a
    - --> majority of the plugins are Tenable.
    - -->
    - --> Renaud has also pointed this out, although I can't find the
    - --> exact quote/list post. As far as the Nessus engine and
    - --> functionality, there have been basically no real
    - --> contributions or enhancements from anyone other than the
    - --> core team/Tenable.
    - -->
    - --> All that said, my questions: Why do you see a need to fork
    - --> the Nessus tree at this time? Why haven't you or anyone
    - --> else contributed in the past?
    - --> Finally, do you think that if more people supported Nessus
    - --> with contributions of code/time/enhancements, that they
    - --> would have kept things the same?
    - --> _______________________________________________
    - --> Full-Disclosure - We believe in it.
    - --> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    - --> Hosted and sponsored by Secunia - http://secunia.com/

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.1
    Comment: http://www.secnetops.com

    iQA/AwUBQ0shxpNLRT/rHZe1EQKM4gCfeBoiLqR9nXhlPqEZvjWSkI6/WLQAn33I
    pJ2jHrqZh7CTZI3FBPGLd+hm
    =xAv3
    -----END PGP SIGNATURE-----

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: Mary Landesman: "Re: [Full-disclosure] PAYPAL security, hundred or thausend of buyers under cc fraud"

    Relevant Pages