|| ||Renaud Deraison <rderaison-AT-tenablesecurity.com>|
|| ||nessus-AT-list.nessus.org, nessus-announce-AT-list.nessus.org|
|| ||Nessus Roadmap / Nessus 3.0.0rc1 testers wanted|
|| ||Wed, 5 Oct 2005 12:16:45 -0400|
We are a few weeks away from releasing Nessus 3.0.0, and I'd like to
take some time to explain our roadmap in this regard.
Nessus 3 / Nessus 2 Roadmap
Nessus 3 is major enhancement of the key components of the Nessus
engine - the NASL3 intepreter has been rewritten from scratch, the
process management has changed to reduce the overhead of executing a
plugin (instead of creating NxM processes, nessusd now only creates N
processes), the way plugins are stored has been improved to reduce
disk usage, etc...
Nessus 3 also contains a lot of built-in features and checks to debug
crashes and mis-behaving plugins more easily, and to catch
As a result, Nessus 3 is much faster than Nessus 2 and less resource
intensive. Your mileage may vary, but when scanning a local network,
Nessus 3 is on average twice as fast as Nessus 2, with spikes going
as high as 5 times faster when scanning desktop windows systems.
Nessus 3 will be available free of charge, including on the Windows
platform, but will not be released under the GPL.
Nessus 3 will be available for many platforms, but do understand that
we won't be able to support every distribution / operating system
available. I also understand that some free software advocates won't
want to use a binary-only Nessus 3. This is why Nessus 2 will
continue to be maintained and will stay under the GPL.
To make things simple :
- Nessus 2 : GPL, will have regular releases containing bug fixes
- Nessus 3 : free of charge, contains major improvements
The two versions can share most of their plugins -- we intend to
maintain backward compatibility whenever possible for most
vulnerability checks. Some checks will only work on Nessus 3 (ie: we
are about to release a set of plugins to determine policy
compliance), but the huge majority will work on either platform
Finally, the Nessus GUI has been split in a separate project
(NessusClient) which is released under the GPL. The 'nessus' client
in Nessus3 is CLI only, as it will be in Nessus 2.4.x. For a GUI, use
That being said, we are looking for experienced Nessus users who
would want to try Nessus 3.0.0rc1. For the sake of simplicity, we
would like users running on Red Hat ES3 or ES4 platforms or
compatible. We are looking for people scanning big networks, mostly
to collect performance information. Keep in mind that Nessus3 is CLI
only, so you'll have to use NessusWX or be familiar with the CLI.
If you are interested in testing Nessus 3.0.0rc1, please drop me a
line at <email@example.com> (no @gmail/@hotmail/@anonymous accounts
Nessus mailing list
to post comments)