Security Basics mailing list archives

RE: Architecture of NESSUS

From: "Rocky Heckman" <rocky.he () g-wizinnovations com>
Date: Mon, 07 Nov 2005 19:37:11 -0700 (PDT)

With all due Respect, I'd have to agree with Clement. 
If you want to know how Nessus does all this stuff, download the code (http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/ ) 
read it and learn what it does.  I'm not trying to be cruel here, but if you can't read the code, and figure out how it 
works, you have almost zero chance of being able to write one that even works much less is better.
Study Nessus. It hasn't been the best vulnerability scanner for so long without reason. 

RH

---------- Original Message -------------
Subject: RE: Architecture of NESSUS
Date: Mon, 7 Nov 2005 10:16:19 -0500
From: "Clement Dupuis" <cdupuis () cccure org>
To: <koreshicsi () inbox ru>, <security-basics () securityfocus com>


Good day to the Boffins,

I do not want to be a pessimist but I do not understand how you could come
out with a better replacement that is simpler if you cannot answer your own
questions below.

This is all very well documented and by looking at the code you will be able
to find out exactly how it is currently done.

I guess your first step would be to study what is currently being done, come
out with how can it be done better, and then start coding using your group
and the community input.

Best of luck

Clement

-----Original Message-----
From: koreshicsi () inbox ru [mailto:koreshicsi () inbox ru]
Sent: Saturday, November 05, 2005 7:13 AM
To: security-basics () securityfocus com
Subject: Re: Architecture of NESSUS

Good time of you...
We is group of boffins, who want to do more simple scanner then NESSUS.
Now there isn't leader of scanners, we want to try to do it. Help us.

we need to know the details about NESSUS vulnerability scanner.
Like.
1. The ARCHITECTURE of nessus(nessus client and daemon).
2. How nessus is using different O/S tools like, NMAP, HYDRA..
3. Which module is responsible for what? means which module of nessus is
interacting with NMAP, which is for HYDRA and HOW?
4. Which module is responsible for customization to scan.
5. How to write plug in for nessus and also enable and disable the
plug-in(not by using UI)
6. How to customize the report generation of nessus.
7. How can one integrate nessus with IDS to correlate the report and
alert to reduce false alert .
8. How each and every module is interacting with each-other.





-- 
Rocky Heckman
Director G-Wiz Innovations Pty Ltd

Current thread:

Re: Architecture of NESSUS koreshicsi (Nov 07)
- RE: Architecture of NESSUS Clement Dupuis (Nov 07)
- Re: Architecture of NESSUS Aaron Phillips (Nov 08)
  - Re: Architecture of NESSUS Li Yinchao (Nov 09)
- <Possible follow-ups>
- RE: Architecture of NESSUS Rocky Heckman (Nov 08)