RE: [Full-disclosure] Call to participate: GNessUs security scanner
From: Adriel Desautels (adesautels_at_comcast.net)
To: "'security curmudgeon'" <firstname.lastname@example.org>, "'Tim Brown'" <email@example.com> Date: Mon, 10 Oct 2005 22:21:58 -0400
-----BEGIN PGP SIGNED MESSAGE-----
I'd actually be more interested in seeing an open source version of
Core Impact released. I'd love to see a tool that we could build
signatures for and a common language. For example nessus + metasploit
in one framework. All in all nessus is a great tool, but why not
create our own free tool?
- --> -----Original Message-----
- --> From: firstname.lastname@example.org
- --> [mailto:email@example.com] On
- --> Behalf Of security curmudgeon
- --> Sent: Monday, October 10, 2005 10:07 PM
- --> To: Tim Brown
- --> Cc: firstname.lastname@example.org
- --> Subject: Re: [Full-disclosure] Call to participate: GNessUs
- --> security scanner
- --> Hi Tim,
- --> Don't take this as anything but honest questions please! I
- --> am curious about everyone's thoughts and opinions on this,
- --> as I have mostly seen Renaud/Ron/Tenable pointing out some
- --> facts, and most replies being a bit lacking in reason and
- --> explanation. I ask these questions to *anyone* that has
- --> replied to the Nessus announcement.
- --> : GNessUs is a GPL fork of the Nessus security scanner. As
- --> a result of
- --> : recent announcements by Tenable, we believe a fork of
- --> Nessus is required
- --> : to allow future free development of this tool.
- --> :
- --> : Whilst we would like to believe that we will be able to
- --> continue to take
- --> : updates of the Nessus 2 source code from the Nessus web
- --> site we will be
- --> : endeavoring to add fresh functionality and plugins as part of
- --> : GNessUs project. The fork will be based on the current
- --> nessus 2.2.5
- --> : packages from GNU/Debian, the source of which can be
- --> found above in a
- --> : slightly modified form. We would welcome contact from any
- --> interested
- --> : developers.
- --> Nessus has been open source for a long time. Despite that,
- --> the majority of contributions have come from a very small
- --> amount of people. Even with plugins, some 95% (i think)
- --> were written by the Nessus team, not outside contributors.
- --> Recently on DailyDave, Ron Gula replied:
- --> > Now that it is being closed, I wonder how long it takes
- --> before the
- --> > community once supporting Renauld will fork the current
- --> code and
- --> > carry on by themselves.
- --> We haven't had any support of this kind. I really feel
- --> there are very
- --> capable programers out there who can contribute to
- --> Nessus, but to date
- --> we haven't really gotten any. Even on the NASL vuln check side,
- --> majority of the plugins are Tenable.
- --> Renaud has also pointed this out, although I can't find the
- --> exact quote/list post. As far as the Nessus engine and
- --> functionality, there have been basically no real
- --> contributions or enhancements from anyone other than the
- --> core team/Tenable.
- --> All that said, my questions: Why do you see a need to fork
- --> the Nessus tree at this time? Why haven't you or anyone
- --> else contributed in the past?
- --> Finally, do you think that if more people supported Nessus
- --> with contributions of code/time/enhancements, that they
- --> would have kept things the same?
- --> _______________________________________________
- --> Full-Disclosure - We believe in it.
- --> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
- --> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/