RE: Nessus - open or closed source?

From: Juan Carlos Reyes Muñoz (jcreyes_at_etb.net.co)
Date: 11/06/05

  • Next message: S.A.B.R.O. Net Security: "Re: Nessus - open or closed source?"
    To: <linux-fan@onda.com.br>, <pen-test@securityfocus.com>
    Date: Sun, 6 Nov 2005 11:00:32 -0500
    
    

    Folks,

    I am sure that if Nessus become closed source it will bring many other
    efforts to maintain Nessus-clones open source, maybe with a better design.

    The matter is, I really like Nessus, but recently it is becoming unpractical
    if it keeps relying on the large and endless growing plug-in database....

    Time to search for alternate tools!

    Juan Carlos Reyes Muñoz
    GIAC Certified Forensic Analyst - SANS Institute
    ____________________________________
    Consultor en Seguridad Informática
    Móvil: (57 311) 513 92 80
    Bogotá - Colombia - South America
     
    Miami Mailbox
    1900 N.W. 97th Avenue
    Suite No. 722-1971
    Miami, FL 33172
    ____________________________________
     
    Las opiniones expresadas en esta comunicación son enteramente personales. De
    igual manera, esta comunicación y todos sus datos adjuntos pueden ser
    confidenciales y exclusivamente para el destinatario. Si por algún motivo
    recibe esta comunicación y usted NO es el destinatario, hágamelo saber
    respondiendo a este correo y por favor destruya cualquier copia del mismo y
    de los datos adjuntos. Por favor tambien trate de olvidar cualquier cosa que
    haya leido en esta comunicación, excepto en esta parte. Está prohibido
    cualquier uso inadecuado de esta información, así como la generación de
    copias de este mensaje. Gracias.
     
    The contents and thoughts included in this e-mail are completely personal.
    This e-mail message and any attachments may be confidential and privileged.
    If you are not the intended recipient, please notify me immediately by
    replying to this message and please destroy all copies of this message and
    attachments.Please also try to forget everything you have read that was
    contained in this E-Mail message, except this part. Misuse, copying and
    redistribution of this e-mail are forbidden. Thank you.

    -----Mensaje original-----
    De: Giancarlo Razzolini [mailto:linux-fan@onda.com.br]
    Enviado el: Viernes, 04 de Noviembre de 2005 01:54 p.m.
    Para: pen-test@securityfocus.com
    Asunto: Re: Nessus - open or closed source?

    Joachim Schipper wrote:
    > On Fri, Nov 04, 2005 at 06:44:17PM +1100, Serg B. wrote:
    >
    >>Hi All,
    >>
    >>I don't recall where I read it, but... Something about Nessus going into
    >>proprietry market and that future releases of the scanner will not be
    >>available under GPL licence.
    >>
    >>Could someone confirm that or...?
    >>
    >> Serg
    >
    >
    > If I'm not mistaken, it's Full-Disclosure you're thinking of.
    >
    > See
    >
    http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037863.html
    > and the thread following it.
    >
    > Though the information in there could be more complete... search around.
    >
    > Joachim
    >
    >
    ----------------------------------------------------------------------------

    --
    > Audit your website security with Acunetix Web Vulnerability Scanner: 
    > 
    > Hackers are concentrating their efforts on attacking applications on your 
    > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    > login pages, dynamic content etc. Firewalls, SSL and locked-down servers
    are 
    > futile against web application hacking. Check your website for
    vulnerabilities 
    > to SQL injection, Cross site scripting and other web attacks before
    hackers do! 
    > Download Trial at:
    > 
    > http://www.securityfocus.com/sponsor/pen-test_050831
    >
    ----------------------------------------------------------------------------
    ---
    > 
    > 
    Right now the plugin feeds of the nessus are under the tenable license.
    Only the client and the server are under GPL. The OpenVAS project is the
    continuation of the gnessus project. It's a great loss for the security
    guys that rely on nessus for making their pen tests. I hope that the
    OpenVAS project does keep the same quality level of the nessus project.
    -- 
    Giancarlo Razzolini
    Linux User 172199
    Moleque Sem Conteudo Numero #002
    Slackware Current
    Snike Tecnologia em Informática
    4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85
    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner: 
    Hackers are concentrating their efforts on attacking applications on your 
    website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
    futile against web application hacking. Check your website for vulnerabilities 
    to SQL injection, Cross site scripting and other web attacks before hackers do! 
    Download Trial at:
    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------
    

  • Next message: S.A.B.R.O. Net Security: "Re: Nessus - open or closed source?"

    Relevant Pages

    • RE: Nessus - open or closed source?
      ... Does Nessus hit on something that ISS missed, yes sometimes, ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ... Check your website ...
      (Pen-Test)
    • Re: Vuln Scanning software choices
      ... The more people who use and contribute to the GPL fork of Nessus, ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: Nessus - open or closed source?
      ... While I cannot state who I work for due to security reasons, ... whether it be nessus or others. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
      (Pen-Test)
    • Re: Nessus - open or closed source?
      ... open-source release of Nessus. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: Vuln Scanner
      ... > A) Is as effective as nessus. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)