lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAHQyu3xuyTUu/N16o+kH9scKAAAAQAAAAEYloDitMT0eflXVWfLpUrwEAAAAA@comcast.net>
Date: Tue Oct 11 14:45:20 2005
From: adesautels at comcast.net (Adriel Desautels)
Subject: Call to participate: GNessUs security scanner

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tim, 
	I'd actually be more interested in seeing an open source version of
Core Impact released. I'd love to see a tool that we could build
signatures for and a common language. For example nessus + metasploit
in one framework. All in all nessus is a great tool, but why not
create our own free tool?  

- --> -----Original Message-----
- --> From: full-disclosure-bounces@...ts.grok.org.uk 
- --> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On 
- --> Behalf Of security curmudgeon
- --> Sent: Monday, October 10, 2005 10:07 PM
- --> To: Tim Brown
- --> Cc: full-disclosure@...ts.grok.org.uk
- --> Subject: Re: [Full-disclosure] Call to participate: GNessUs 
- --> security scanner
- --> 
- --> 
- --> Hi Tim,
- --> 
- --> Don't take this as anything but honest questions please! I 
- --> am curious about everyone's thoughts and opinions on this, 
- --> as I have mostly seen Renaud/Ron/Tenable pointing out some 
- --> facts, and most replies being a bit lacking in reason and 
- --> explanation. I ask these questions to *anyone* that has 
- --> replied to the Nessus announcement.
- --> 
- --> : GNessUs is a GPL fork of the Nessus security scanner. As 
- --> a result of
- --> : recent announcements by Tenable, we believe a fork of 
- --> Nessus is required
- --> : to allow future free development of this tool.
- --> : 
- --> : Whilst we would like to believe that we will be able to 
- --> continue to take
- --> : updates of the Nessus 2 source code from the Nessus web 
- --> site we will be
- --> : endeavoring to add fresh functionality and plugins as part of
the
- --> : GNessUs project. The fork will be based on the current 
- --> nessus 2.2.5
- --> : packages from GNU/Debian, the source of which can be 
- --> found above in a
- --> : slightly modified form. We would welcome contact from any 
- --> interested
- --> : developers.
- --> 
- --> Nessus has been open source for a long time. Despite that, 
- --> the majority of contributions have come from a very small 
- --> amount of people. Even with plugins, some 95% (i think) 
- --> were written by the Nessus team, not outside contributors.
- --> 
- --> Recently on DailyDave, Ron Gula replied:
- --> 
- -->   > Now that it is being closed, I wonder how long it takes 
- --> before the
- -->   > community once supporting Renauld will fork the current 
- -->  code and
- -->   > carry on by themselves.
- --> 
- -->   We haven't had any support of this kind. I really feel 
- --> there are very
- -->   capable programers out there who can contribute to 
- --> Nessus, but to date
- -->   we haven't really gotten any. Even on the NASL vuln check side,
a
- -->   majority of the plugins are Tenable.
- --> 
- --> Renaud has also pointed this out, although I can't find the 
- --> exact quote/list post. As far as the Nessus engine and 
- --> functionality, there have been basically no real 
- --> contributions or enhancements from anyone other than the 
- --> core team/Tenable.
- --> 
- --> All that said, my questions: Why do you see a need to fork 
- --> the Nessus tree at this time? Why haven't you or anyone 
- --> else contributed in the past? 
- --> Finally, do you think that if more people supported Nessus 
- --> with contributions of code/time/enhancements, that they 
- --> would have kept things the same?
- --> _______________________________________________
- --> Full-Disclosure - We believe in it.
- --> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
- --> Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
Comment: http://www.secnetops.com

iQA/AwUBQ0shxpNLRT/rHZe1EQKM4gCfeBoiLqR9nXhlPqEZvjWSkI6/WLQAn33I
pJ2jHrqZh7CTZI3FBPGLd+hm
=xAv3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ