Mailing List Archive

Nessus 2.0.2 released
I'm glad to announce the availability of Nessus 2.0.2.

The big news in Nessus 2.0.2 is the support for NTLM authentication for SMB
checks, a total rewrite of webmirror.nasl, the port of smtpscan.nasl and
the extension of find_services.nes

NTLM authentication

It now is safe to give your domain admin login and password to nessusd
(in the 'Prefs' tab, in the section 'Logins'). If you do so, Nessus will
connect to every Windows host and will client-side vulnerabilities as well
as the remote ones (ie: an old version of the flash plugin which can be
overflown by a rogue web site). Nessus has had this capability for a long
time, but sicne the password was sent in clear text, we did not emphasize
it too much.

Nessus supports NTLMv1 and NTLMv2 authentication (and always try NTLMv2


The plugin webmirror.nasl has been completely rewritten from scratch. It's now
much more efficient and it cooperates with DDI_Directory_Scanner.nasl to make
a mirror as complete as possible. Basically, DDI_Directory_Scanner will attempt
to find "hidden" directories (/admin, /secret and so on), and webmirror will
mirror them (as well as the top-level directory, obviously). During the
mirroring process, webmirror.nasl :

- Stores the location of the CGIs it finds (so that if all your CGIs
are in /foo-cgi, then all the CGI-related checks will also look

- Stores the content of the remote server, by extension (so that it
can find all the .php files in a snap)

- Stores the list of CGIs found and attempts to do "common" attacks
on them (thru torturecgis.nasl).

All in all, webmirror.nasl makes Nessus "learn" about the remote web site
before testing it. As a negative side effect, the audit of a web server will
take a little longer than in 2.0.1, but it's way more effective.


Julien Bordet wrote SMTPScan , a small perl script which will fingerprint
the remote SMTP servers. Michel Arboi ported this script to NASL, which
means Nessus should be able to recognize your SMTP server even if you did not
set the banner correctly. If the identification failed, the fingerprint of the
server will show up in the report for you to forward it to us


Thanks to user contributed signatures, find_services.nes now recognize of fifty
different protocols.

Other things

- Now that Nessus 2.0.x has been released and has proved to be very stable, we

focused on the completion of security checks, hence the huge number of plugins
that have been added since the last release.

- Ron Gula and I will present the new features of Nessus 2.0 at our talk at

CanSecWest ( Be sure to attend !

- has changed servers ! It's now on a dual-T3, for better

availability and bandwidth - thanks to the guys at
for helping us this way !

As a result, we now offer downloads via FTP _and_ HTTP.


Nessus 2.0.2 is available at :

Original changelog :

. changes by Michel Arboi (

- NASL port of smtpscan (original Perl program by Julien Bordet)

- Nasty bug made loop stop prematurely on rare cases

. changes by Renaud Deraison (

- Re-wrote webmirror.nasl from scratch. The new version has a real parser

built-in and is much faster

- Added checks for older Microsoft Advisories

- SMB plugins now use NTMLv1 authentication, ie: they don't send passwords

in clear text over the network any more

- Added new crypto functions, taken from samba, in libnasl/

- Repaired detached scans

- Fixed IP ranges notation (10.1.1-9.1-254 did not work any more)

- Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222,

#220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205

- nessus-update-plugins properly calls chown under FreeBSD, no matter how

many plugins there are

- find_services.nes recognizes even more protocols

. changes by Xueyong Zhi <>