Nessus 4.2 Released!

Another Milestone, Nessus 4.2

Long-time users of Nessus have probably noticed that significant improvements have been made over the past several years. For example, Nessus version 3 introduced many performance enhancements due to an overhaul of the NASL interpreter. Nessus version 4 introduced several more improvements, including multi-threading and 64-bit support, in addition to unifying the code base across multiple platforms (Windows, Linux, and Mac OS X). Tenable is proud to introduce the next evolution to the Nessus vulnerability scanner with version 4.2, which includes several enhancements including an all-new Flash-based interface. With the new Nessus 4.2 interface, scan results and policies are stored on the server instead of in a client. Multiple users can log into the web-based interface concurrently and can use a “compare” function to show differences against a previous scan. It is now possible to log out of the interface and log back in without disrupting scans that are in progress,and an administrative user now has the ability to pause or stop the scan of another user. I strongly recommend that everyone view the video preview below to see the new Nessus interface in action:

Other notable enhancements and improvements are noted below:

Reporting

• When a service is identified against a given port, the port name is now set to the service name.
• An updated .nessus file format (.nessus v2) is now available, which allows for easier parsing of report data Descriptions can now be split into different labels such as CVSS base scores, risk factors and more. A “HostProperties” section contains information about each host which can be extracted easily (MAC addresses, operating system, etc.)
• Nessus 4.2 has a new HTML export format. More exports will soon be available through the plugin feed.

Performance improvements

• Nessus 4.2 requires less memory and can complete scans in less time than previous versions.
• The SYN port scanner is now much faster against a firewalled host with all ports closed.

Engine enhancements

• The default HTTP user-agent is now set to IE8
• OpenSSL has been upgraded to 0.9.8l on Windows.

• nasl -VVVV

  will now list the dependencies of a given script (even nbin)
• Fixed SSL issues occurring on Mac OS X

ProfessionalFeed enhancements

• New policies, audit files and other enhancements to the Nessus web interface are distributed through the ProfessionalFeed, which allows more frequent product updates without the need for downloading and upgrading Nessus manually.

Support for new platforms

• Fedora 12, SUSE 10 Enterprise and Ubuntu 9.10 are now officially supported.

Plugin enhancements

• All plugins have been converted to a new registration API splitting the different labels (synopsis, description, solution, etc. are split into different calls, which is needed for the new .nessus format).
• Most plugins have been updated to include standardized titles with more details of the issue. Over 99.9% of plugins now have a direct CVSS score included and use a new format for consistency and easier parsing.

New customers can download and evaluate Nessus for free by visiting the Nessus homepage. Existing customers can download the new version from the Tenable Support Portal. Detailed instructions and notes on upgrading are located in the Nessus 4.2 Installation Guide. Please contact Tenable Support ([email protected]) with any questions regarding the upgrade to Nessus 4.2.