summaryrefslogtreecommitdiff
path: root/security/libnasl
AgeCommit message (Collapse)AuthorFilesLines
2005-12-05Ran "pkglint --autofix", which corrected some of the quoting issues inrillig1-2/+2
CONFIGURE_ARGS.
2005-12-05Fixed pkglint warnings. The warnings are mostly quoting issues, forrillig1-2/+2
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-04-11Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.tv1-2/+1
2005-04-04Changes 2.2.4:adam2-7/+7
* Fixed several bugs which may impact scanning performance * Reduced CPU usage * A new SMB API to log into the remote Windows host
2005-02-24Add RMD160 digests.agc1-1/+2
2005-02-21Changes 2.2.3:adam3-11/+10
Nessus 2.2.3 contains a new option called "silent dependencies" which can be used to filter out the noise generated by some plugins not directly enabled by the user. It also contains a slightly more intuitive GUI which now contains a "Credentials" tab to put Windows and SSH usernames and passwords.
2005-01-11Changes 2.2.2a:adam1-3/+3
* nessus-fetch would not build under Solaris * the detached scans in Nessus 2.2.x were broken * improved http-proxy support over SSL
2004-11-02- Update nessus to 2.2.0adrianp3-8/+9
- ok'ed frueauf - specify local state dir Local security checks over SSH : Nessus can now log into the remote hosts to determine their patch levels and missing updates A rewritten internal knowledge base API : the new knowledge base API makes KB access faster and lets the plugins store any amount of data An improved internal communication between the various nessusd processes, thus reducing the overhead it takes to handle the results of the plugins and pass them to the client An improved plugin scheduler which reduces the time Nessus needs to organize the order in which plugins should be launched Sensitive scripts (which can execute commands over SSH) are cryptographically signed
2004-10-03Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10tv2-3/+5
in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
2004-09-22Mechanical changes to package PLISTs to make use of LIBTOOLIZE_PLIST.jlam1-5/+1
All library names listed by *.la files no longer need to be listed in the PLIST, e.g., instead of: lib/libfoo.a lib/libfoo.la lib/libfoo.so lib/libfoo.so.0 lib/libfoo.so.0.1 one simply needs: lib/libfoo.la and bsd.pkg.mk will automatically ensure that the additional library names are listed in the installed package +CONTENTS file. Also make LIBTOOLIZE_PLIST default to "yes".
2004-07-22Changes 2.0.12:adam4-10/+12
* Fixed a bug in ./configure which would sometimes assume that GTK is not installed whereas it actually is * Fixed a race condition in nessus-adduser for users who do not configure their TMPDIR variable (thanks to Cyrille Barthelemy) * Fixed a bug in nessus-update-plugins which would not update the plugins properly on all systems (thanks to Keith Butler) * Fixed the installer to compile Nessus with GTK support if gtk-config OR pkg-config is installed.
2004-07-20Changes 2.0.11:adam2-5/+5
* Solaris support fix * HTML support fix * Supports GTK+ 2.x * Minor speed improvements in client-server communication
2004-05-19Changes 2.0.10a:adam3-7/+6
* Fixed MacOS X portability issues * Non-intrusive OS-fingerprinting (based on xprobe's techniques) * DNS fingerprinting * killall -1 nessusd does not restart the bpf server on BSD systems * longer connect() timeout for TCP sockets * Fixed hydra.nes * WWW fingerprinting * IP addresses are now sorted in EVERY reports * Automagically rewrite banners to handle distributions which do backporting of security fixes (ie: Debian)
2004-05-03Convert to buildlink3.snj3-24/+23
2004-03-26PKGREVISION bump after openssl-security-fix-update to 0.9.6m.wiz2-2/+4
Buildlink files: RECOMMENDED version changed to current version.
2004-01-20Move WRKSRC definition away from the first paragraph in a Makefile.agc1-2/+2
2003-11-12Convect to using buildlink2 framework which fixes dependence problemtron1-4/+3
caused by "openssl" package version bump madness.
2003-11-08Upgrade nessus and friends to 2.0.9.xtraeme3-7/+7
This closes PR pkg/23159 by Adrian Portelli. Changes since 2.0.7: o The bpf sharing system now works fine on BSD systems, so Nessus now only requires one /dev/bpf to work correctly, no matter how many hosts are being tested o A bug in tcp_ping() would make some probes have a source port set to 0 o Minor bug fixes o Added functions in libnasl (join_multicast_group(), unixtime(), and more...) o All SSL operations now use non-blocking sockets instead of the alarm() trick to handle timeouts o Minimize the number of pixmaps that need to be created in the Nessus client by re-using them Review the Changelog file to see a complete list of changes.
2003-09-02Update libnasl, nessus{-core,-libraries,-plugins} to 2.0.7.frueauf3-7/+7
Based on pr pkg/22356 by Adrian Portelli. Changes since 2.0.6a: . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed bad performances issues when pinging dead hosts - Fixed a bug which would prevent to store items larger than 2kb in the KB - NFS and SMB file-related functions completed (open, read and cwd are implemented) - Plugins support for Windows 2003 - Network IPs can now be evenly sliced instead of being scanned sequentially - User-definable source-IP(s) for the checks (nessusd -S) - Fixed a possible message corruption problem if a plugin was to send a too long message back to nessusd - Fixed a possible plugin corruption problem when the client overwrites existing plugins - Fixed various false positives and wording issues in several plugins
2003-06-09Update libnasl and nessus{-core,-libraries,-plugins} to 2.0.6a.frueauf5-17/+16
This also includes changes offered in pr pkg/18734 and pr pkg/20796 submitted by Adrian Portelli. Thanks & Sorry that it took that long to pick them up. 2.0.6 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Support for the keyword 'default' as a port range in nmap_wrapper.nes - Fixed a zombie issue in nmap_wrapper.nes - Fixed various issues which could allow a NASL script to crash the NASL interpretor - Improved the process management in find_services.nes 2.0.5 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a rare race condition which may make the scan hang - Fixed SMB related issues - Entering "default" as the port range will make nessusd scan the ports listed in the Nessus services file. - Even more sigs in find_services.nes . changes by Julien Bordet (zejames@greyhats.org) - Added over 3,000 signatures to smtpscan.nasl (thanks to the data provided by the Nessus team) 2.0.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - fixed the SIGCHLD handler which would not work properly and leave zombies on the system - fixed a race condition when testing a great number of hosts which would cause a testing process to slow down a whole audit or even hang it totally - When a great number of host names is passed to nessusd as a target, they are resolved by chunks of 64 instead of trying to resolve everything then starting the test - RedHat 9 support (in spite of their attempt to make their distro incompatible with everyone else) . changes by Gabriel L. Somlo <somlo@acns.colostate.edu> - The nessus can save the reports to stdout and read them from stdin 2.0.3 : - fixed a compilation error which would prevent find_services from working properly 2.0.2 : . changes by Michel Arboi (arboi@alussinan.org) - NASL port of smtpscan (original Perl program by Julien Bordet) - Nasty bug made loop stop prematurely on rare cases . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-wrote webmirror.nasl from scratch. The new version has a real parser built-in and is much faster - Added checks for older Microsoft Advisories - SMB plugins now use NTMLv1 authentication, ie: they don't send passwords in clear text over the network any more - Added new crypto functions, taken from samba, in libnasl/ - Repaired detached scans - Fixed IP ranges notation (10.1.1-9.1-254 did not work any more) - Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205 - nessus-update-plugins properly calls chown under FreeBSD, no matter how many plugins there are - find_services.nes recognizes even more protocols . changes by Xueyong Zhi <zhi@mail.eecis.udel.edu> - Added NTLMv2 authentication . changes by Frank Migge (frank.migge@oracle.com) - nessus-mkcert-client creates the auth/rules file properly 2.0.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204) - Fixed the "pink" graphical report issue - Added http keep-alive support in the CGI related plugins - Fixed a bug in the function get_kb_list() which would not always work properly - Fixed an issue where in some situations, some HTTP services would not be tested for flaws if they have not been port-scanned first - Added new signatures in find_services.nes . changes by Stephen Friedl (steve@unixwiz.net) - Fixed bugs and warnings in nessus-libraries 2.0.0 : . changes by Michel Arboi (arboi@alussinan.org) - NASL2 : Implement >!< "strings don't match" operator - NASL2 : fixed a vicious case of freed memory copy. . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a small bug in the plugin scheduler - Ported to IRIX - Several small bugfixes . changes by Xueyong Zhi <zhi@mail.eecis.udel.edu> - Added nmap_osfingerprint 1.3.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-written the process manager for the hosts - Lots of bugfixes in the plugins text store manager - New port scanner "synscan" which uses the RTT of the packets to do its job. - Fixed several small issues in nasl and nessusd (bug fixes, code cleanup) - Added cryptographic hashing functions in NASL - Added the function get_kb_list() which returns the content of a KB without forking the plugin - Updated the manpages of nessusd and nasl . changes by Michel Arboi (arboi@alussinan.org) - Fixed scanner_get_port() when running in standalone mode - Fixed possible uninitiliazed memory issues in libnasl - Started to write the NASL2 reference guide (to be found in libnasl/doc/) 1.3.3 : . changes by Michel Arboi (arboi@alussinan.org) - Implement bit xor, logical & aithmetic right shift, power - Fix operator precedence - Added new NASL functions . changes by Renaud Deraison (deraison@cvs.nessus.org) - The plugin texts are not loaded in memory any more, thus reducing the consumption of the nessus daemon of two megs. This also speeds up the loading of nessusd. - Fixed a bug in the plugins scheduler (if optimizations were enabled, the scan would sometime hang) - Added a new NASL function (int()) - Fixed strings substraction to handle null values properly - find_services.nes runs in parallel mode, for improved speed - new plugin (synscan) which should perform well against firewalled hosts (computes the RTT before the scan) 1.3.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with the latest version of GCC - Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not be reset, causing plugins which call bpf_next() to sometimes crash - Set the timer of bpf_share.c to a much lower value, thus making it work much better - Improved tcp_ping() - Fixed two bugs in the plugins scheduler : - If the option "enable dependencies at runtime" is set, it would enable ALL the plugins which are depended on, instead of only those we use ; - In some cases, it may terminate too early, thus preventing a scan from being complete - DESTDIR support 1.3.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Rewrote the plugins scheduler (which determines the order in which the plugins are to be launched). The new one is much more efficient but as a result, it is not possible to accurately determine the order in which the plugins will be ran, so the 'plugin name' in the client is now totally bogus - Fixed various issues with NASL scripts so that they work better with NASL2 - Fixed bugs relative to the creation of icmp and udp packets in nasl - Fixed some fatal bugs in the bpf sharer - NASL scripts do not read /dev/urandom any more, and use time() as a random seed instead. As a result, the loading and execution of nasl scripts if faster on systems where /dev/urandom can be blocking - Fixed the tcp NIDS evasion techniques on BSD systems - Full support for Bugtraq IDs - The HTML reports add links for URLs, and show the ID number of the plugin that issues the report. - Speed up the calls to arg_get_value() by using a hash of the name being searched for. - Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi) . changes by Michel Arboi (arboi@alussinan.org) - Better handling of the arrays in NASL2 . changes by Erik Anderson (eanders@carmichaelsecurity.com) - CVE and bugtraq cross references . changes by Jay (jay@kinetic.org) - Fixed multiple typos in the plugins . changes by Javier Fernandez-Sanguino (jfernandez@germinus.com) - Nessus now ships Hydra 2.2 - Fixed various compilation scritps (see bug#63) 1.3.0 : . changes by Michel Arboi (arboi@alussinan.org) - Use our own nessus-services file (re-generated at first start to include /etc/services and nmap-services) - Added new families of plugins (ACT_KILL_HOST and ACT_END) - Rewrote libnasl . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) - Helped Michel Arboi to give the last touches to the new libnasl . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report
2003-03-29Place WRKSRC where it belongs, to make pkglint happy; ok'ed by wiz.jmmv1-3/+2
2002-12-19Update nessus{-core,-libraries,-plugins} and libnasl to 1.2.7.frueauf4-12/+12
Based on pr pkg/19438 by Adrian Portelli. Changes since 1.2.6: . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report
2002-10-25Add buildlink2.mk.wiz1-0/+20
2002-10-13Update nessus{-libraries,-core,-plugins} and libnasl to 1.2.6.frueauf2-5/+5
Changes since 1.2.0: 1.2.6 : . changes by Michael Slifcak (Michael.Slifcak@guardent.com) - Added Bugtraq cross reference in the plugins - Added support for BID in nessusd (this has yet to be done on the client side) . changes by Axel Nennker (Axel.Nennker@t-systems.com) - fixed the xml and html outputs - fixed array issues in a couple of plugins . changes by Michel Arboi (arboi@bigfoot.com) - find_service now detects services protected by TCP wrappers or ACL - find_service detects gnuserv - ptyexecvp() replaced by nessus_popen() (*) . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which may make nasl interpret backquoted strings (\n and \r) received from the network (problem noted by Pavel Kankovsky) - nmap_wrapper.nes calls _exit() instead of exit() (*) - Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by sharing _one_ among all the Nessus processes. As a result, Nessus's ping is much more effective on these platforms - bugfix in plug_set_key() which would eventually make some scripts take too long when writing in the KB - Plugins of family ACT_SETTINGS are run *after* plugins of family ACT_SCANNERS - replaced the implementation of md5 which was used when OpenSSL is disabled by the one from RSA (the old one would not work on a big-endian host) - Fixed plugins build issues on MacOS X - The nessus client compiles and links against GTK+-2.0. Of course, it will be horrible and instable, as the GTK team does not care about backward compatibility (*) These two modifications solve the problems of nmap hanging under FreeBSD 1.2.5 : . changes by Michel Arboi (arboi@bigfoot.com) - find_service now displays unknown services that run on assigned ports - read_stream_connection smarter (smaller timeout) - find_service sometimes declared IDENT as "unknown" . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a deadlock that would prevent some plugins from completing - Fixed a possible (although rare) corruption issue in the reports (the script IDs could under some circumstances be random) - Fixed a potential segfault in the execution of nasl scripts 1.2.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Reverted back to autoconf 2.13. - Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances, data might have be lost in the reports - Fixed a bug in several plugins for web checks (under some circumstances, a plugin would do N x N checks against the remote web servers (where N equals to the number of web servers running on the remote host) 1.2.3 : . changes by Isaac Dawson (idawson@securitymanagementpartners.com) - New html output layout. . changes by Pasi Eronen (pasi.eronen@nixu.com) - fix in nmap_wrapper . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which could make, under some circumstances, make nessusd crash the host it is running on. - If the option log_whole_attack is set to "no", then only the begining and the end of the attack is logged (and not the time each plugin takes) - Improved no404.nasl to further reduce false positives - Bug fix in nessusd - under some rare circumstances, report data could be lost (if many many plugins were enabled at the same time and were sending data at the same time). - UDP packets are resent while we wait for a reply (avoids to loose packets en route) - Fixed the option "auto_enable_dependencies" which would not always work - Sending a SIGTERM to the nessus client during a command line scan forces it to save its result to the current test file - Non-printables characters are not shown in the report any more 1.2.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - In the GUI, while running a scan, plugins names are only updated once in a while (saves CPU) - Bugfix in the client : some host names would make the client crash - Repaired the '-P' switch in the client 1.2.1 : . changes by Simon Law (sfllaw@engmail.uwaterloo.ca) - Made a manpage for nessus-mkcert-client(1) and have it installed by the Makefile - Revised most other manpages for missing information and to increase clarity
2002-05-10Update libnasl, nessus{-core,-libraries,-plugins} to 1.2.0.frueauf3-6/+20
1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi at algoriel.fr) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi at algoriel.fr) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak <Michael.Slifcak at guardent.com> - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi at algoriel.fr) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi at algoriel.fr) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi at noos.fr) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis <alexisb at tpfh.org) : - fixed ftp_write_dirs.nes 1.1.3 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'torturecgis.nasl' which supplies bogus args to the remote CGIs, in order to find the most blantantly broken ones - webmirror.nasl now retrieves the list of arguments of each CGI. - added filter support in the client. Use the key 'l' to filter out plugins you don't want to see. - added the 'safe checks' option which allow the user to not disturb the network (but which weakens the Nessus tests) - disabled backward support for port 3001 - the official port is 1241 now. 1.1.2 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'webmirror.nasl', which extracts the list of CGIs used by a remote web server (and will do much more). - fixed a problem in NASL due to the SSL patch that would cause a fd leak with some plugins. - added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins that may harm the remote host. - SSL certificates & key can be imported - corrected a bug introduced in 1.1.0 that would make the client not display the name of the plugin currently being run. - sending signal SIGUSR1 to nessusd makes the grandfather process (the one who listens on tcp ports) die without killing its children, thus allowing a smooth upgrade of nessusd - updated config.guess and config.sub 1.1.1 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed mem leaks in NASL - fixed a bug introduced in 1.1.0 regarding recv_line() - fixed a bug introduced in 1.1.0 in the process management of the plugins (all the KB would not be filled, resulting in incomplete tests) - smb_sid2user.nasl is twice as fast ;) 1.1.0 : . changes by Devin Kowatch (devink at SDSC.EDU) : - fixed communication problem between client and server - user-defined timing policy in nmap - nessus-update-plugins uses wget (or any user-supplied command at compilation time) if available. . changes by Michel Arboi (arboi at bigfoot.com) : - support for the -T option of nmap - SSL support . changes by Zorgon (zorgon at antionline.org) : - support for the --os_guess option of nmap . changes by Renaud Deraison (deraison at nessus.org) : - the user can upload files to plugins through the client (ie: it is possible to upload nmap's results directly to the nmap plugin) - tests can be run in parallel now - each user is now granted a home by nessus-adduser - added nessus-rmuser - per users plugins Of course several new plugins were added as well.
2001-12-30Update libnasl, nessus{-core,-plugins,-libraries} to 1.0.10.frueauf2-5/+5
1.0.10 : Changes by Michael Scheidell <scheidell@fdma.com> : - Backported Nessus 1.1.x plugins changes in nessus-plugins Changes by Renaud Deraison <deraison@nessus.org> : - Minor fixes
2001-11-01Move pkg/ files into package's toplevel directoryzuntum2-1/+1
2001-08-16Update libnasl and nessus{-core,-libraries,plugins} to 1.0.9.frueauf2-5/+5
- increased login timeout - fixed a possible deadlock in libpeks - fixed a bug which would cause the client to crash when sending a too long plugin list - fixed the 'too many plugins selected' bug that would make the client crash - workaround for a Linux bug^H^H^Hfeature that makes recv() behave completely differently than the rest of the world (thanks to Andreas Steinmetz) - fixed http://install.nessus.org to better work on Solaris - various minor issues - several new plugins
2001-06-17Update nessus to 1.0.8.frueauf2-5/+5
- various bugfixes - fixed fd leak in KB and session saving - possibly fixed connections problems between the client and the server - updated config.guess and config.sub - many new plugins
2001-04-19Move to sha1 digests, add distfile sizes.agc1-2/+3
2001-04-17+ move the distfile digest/checksum value from files/md5 to distinfoagc1-1/+1
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-03-10Update nessus to 1.0.7a.frueauf1-2/+2
Mainly some minor bugfixes and 6 new plugins. Unfortunatly no entry in CHANGELOG for this minor update.
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+3
2001-01-28Update nessus to 1.0.7.frueauf2-4/+4
Besides several new plugins, the following changed since 1.0.6: . changes by Jordan Hrycaj (jordan at nessus.org) : - added support for iana port 1241 while 3001 open at the same time, nin-compat mode (disabling 3001) as sn experimantal configure option - nessus-adduser allows to create local users with immediate key exchange (no passphrase procedure needed) - nessusd allows to speciphy user logins with netmasks (as with the public key tags and passwords) in the nessusd.users file - some options added to nessus, and nessusd - you can force the compilation/installation of the getopt_long() function(s) by a configure option . changes by Renaud Deraison (deraison at nessus.org) : - http virtual hosts can now be tested - user-modifiable per-plugin timeout - detached scans can now be stopped from the client - fixed issues in detached scan - implemented plugins_reload() which loads new plugins in memory - get_host_name() returns the name of host, as entered by the user (and not a resolve(ip(name_of_host))) - added the function cgibin() in NASL, which returns the paths to use to get to the CGIs (default : /cgi-bin) . changes by Loren Bandiera (lorenb at shelluser.net) : - XML output improved
2001-01-04The way that shared objects were handled in the PLISTs and bsd.pkg.mk wasagc1-1/+3
out of date - it was based on a.out OBJECT_FMT, and added entries in the generated PLISTs to reflect the symlinks that ELF packages uses. It also tried to be clever, and removed and recreated any symbolic links that were created, which has resulted in some fun, especially with packages which use dlopen(3) to load modules. Some recent changes to our ld.so to bring it more into line with other Operating Systems also exposed some cracks. + Modify bsd.pkg.mk and its shared object handling, so that PLISTs now contain the ELF symlinks. + Don't mess about with file system entries when handling shared objects in bsd.pkg.mk, since it's likely that libtool and the BSD *.mk processing will have got it right, and have a much better idea than we do. + Modify PLISTs to contain "ELF symlinks" + On a.out platforms, delete any "ELF symlinks" from the generated PLISTs + On ELF platforms, no extra processing needs to be done in bsd.pkg.mk + Modify print-PLIST target in bsd.pkg.mk to add dummy symlink entries on a.out platforms + Update the documentation in Packages.txt With many thanks to Thomas Klausner for keeping me honest with this.
2000-11-12Update nessus to 1.0.6.frueauf2-4/+4
. changes by Renaud Deraison (deraison at nessus.org) : - detached scans can send their result to a given email address (experimental, see http://www.nessus.org/doc/detached_scan.html) - diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html) - probably fixed a bug which would prevent, under rare circumstances, a scan to finish - NASL plugins can have no timeout - minor change in the LaTeX report - Support for Sun Workshop 5 compiler - IRIX 6.2 support - HP/UX 10.20 support - Fixed a problem in report saving (saving as HTML would produce an XML file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com) . changes by Jordan Hrycaj (jordan@mjh.teddy-net.com) - Fixed a problem in the random number generator
2000-10-15Update nessus to 1.0.5.frueauf2-4/+4
. changes by Renaud Deraison (deraison at nessus.org) : - added experimental KB saving, to prevent the audit to restart from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html for details - added experimental detached scans. See http://www.nessus.org/doc/detached_scan.html for details - bug in the test of DoS attacks fixed (thanks to Christophe Grenier, Christophe.Grenier@esiea.fr) - minor changes in nessus-adduser - scripts that open a UDP socket read the result of a UDP scan first - when it receives a SIGHUP, nessusd first frees memory. It also closes and re-opens the nessusd.messages file - the plugin timeout is now user definable, in nessusd.conf - 64 bit compatible (nessusd would produce warnings when running on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team for having given me access to an IA-64 to compile and try Nessus. . Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com> - faster cipher layer . Other changes : - a GTK error would sometime be produced when the client is run in batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
2000-08-03Update nessus to 1.0.4.frueauf2-4/+4
What is new in Nessus 1.0.4 : changes by Christoph Puppe (pluto at defcom-sec.com) : added "Sort by Port" to the report window. Reports are sorted first by holes, then by warnings, then by notes. Previous version only sorted by holes. changes by Renaud Deraison (renaud at nessus.org) : ftp related checks : the user can now supply a login/password for the ftp checks, and relies on the ftp banner if nessusd can't log into the ftp server (requested by Jens.Oeser at connector.de). libnessus : ftp_log_in() would sometime fail against some ftp servers better handling of large reports on the client side tests are saved on the server side and can be restored. Note that this is experimental and disabled by default. Do ./configure --enable-save-sessions to enable this feature, and read doc/session_saving.txt for details. better handling of targets with multiple web servers running continue to launch the DoS if the state of the remote host can not be determined fixed a bug in smb_login_as_users.nasl, and improved smb_accessible_shares.nasl added checks for unpassworded MySQLs and PostgreSQL databases nessusd uses less memory changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) : fixed a possible deadlock in the nessusd internal communication fixed a problem in the client that would make it crash if it received a malformed message from the server the client would not detect the death of the server when run in batch mode possible header confusion (with regex.h) fixed possible signal deadlock when exiting fixed Other changes : fixed a problem in the function is_cgi_installed() that may sometime not work against odd clients (Thomas Reinke (reinke at e-softinc.com)) fixed a bug in snmp_default_communities.nasl (Lionel Cons (lionel.cons at cern.ch)) fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu)) typo in showmount.nasl would prevent it to work over udp (ctor at krixor.xy.org)
2000-07-30Initial import of libnasl, a Nessus Attack Scripting Language library.frueauf5-0/+29
Based on work Hubert Feyrer did for some former version.