Nessus 4.2 released

Nessus is a vulnerability scanner which in version 4.2 includes several enhancements including a new Flash-based interface. With this interface, scan results and policies are stored on the server instead of in a client. Multiple users can log into the web-based interface concurrently and can use a “compare” function to show differences against a previous scan. It is now possible to log out of the interface and log back in without disrupting scans that are in progress, and an administrative user now has the ability to pause or stop the scan of another user.

Other notable enhancements and improvements are noted below:

Reporting

  • When a service is identified against a given port, the port name is now set to the service name.
  • An updated .nessus file format (.nessus v2) is now available, which allows for easier parsing of report data Descriptions can now be split into different labels such as CVSS base scores, risk factors and more. A “HostProperties” section contains information about each host which can be extracted easily (MAC addresses, operating system, etc.)
  • Nessus 4.2 has a new HTML export format. More exports will soon be available through the plugin feed.

Performance improvements

  • Nessus 4.2 requires less memory and can complete scans in less time than previous versions.
  • The SYN port scanner is now much faster against a firewalled host with all ports closed.

ProfessionalFeed enhancements

  • New policies, audit files and other enhancements to the Nessus web interface are distributed through the ProfessionalFeed, which allows more frequent product updates without the need for downloading and upgrading Nessus manually.

Support for new platforms

  • Fedora 12, SUSE 10 Enterprise and Ubuntu 9.10 are now officially supported.

Plugin enhancements

  • All plugins have been converted to a new registration API splitting the different labels (synopsis, description, solution, etc. are split into different calls, which is needed for the new .nessus format).
  • Most plugins have been updated to include standardized titles with more details of the issue. Over 99.9% of plugins now have a direct CVSS score included and use a new format for consistency and easier parsing.

Don't miss