Penetration Testing mailing list archives
Re: Nessus 3.0 released
From: Erin Carroll <amoeba () amoebazone com>
Date: Tue, 13 Dec 2005 15:43:42 -0500 (EST)
On Tue, 13 Dec 2005, Renaud Deraison wrote: Thanks for the response Renaud. My comments are inline below:
In terms of performance, the "raw" nasl3 performance is roughly 16x faster than nasl2, which puts the language on par with more traditional languages like perl (and faster than python). In some corner cases you can get an even more impressive performance improvement, for instance when using recursive functions. Of course, since Nessus is a _network_ scanner, the bottleneck in the end is the network itself, so a nasl engine which is N times faster does not imply a scanner which is N times faster. An overall scan of our lab (local network) takes twice as less time as it used to. However some hosts are much faster -- in particular the Windows boxes (the reason is that our SMB API is more complex code-wise that what it used to be, so that's where one can see the biggest boost).
Sweet. Can't wait to test it out and crunch some comparisons myself. One key performance issue I've run into (and I'm prbably not alone here) is the inability to easily manage the nessus server-side resource utilization when working with large numbers of hosts. While you can of course limit the number of consecutive scans, or even nice nessusd itself, there are many cases where the resource bottleneck is due to a particular plugin or a well filtered host (as you allude). Is there capability within the engine itself (or plans to implement) a way for nessusd to set resource limits that don't rely on variables like the # of scanned hosts/concurrent scan threads? I.e. nessus can use up to X %age of available memory/cpu/IO and self-throttle. Trying to find that sweet spot for # of host scanned vs. memory/resource utilization can sometimes mean the difference between a scan taking several hours and a couple of *days*... and the less juggling/guesswork on where that sweetspot would make me a happy camper.
- We have also fixed many false positives over the last months. To such an extent that we'll soon announce a "contest" were anyone helping us fix 10 different false positives (and negatives) will obtain a free direct feed, so we can be sure the nail the remaining plugins which sometimes do not behave as expected (I'll repost about that very soon).
Please let me know when you plan to roll that out and I'll make sure to pass it on to the pen-test list members. -Erin Carroll Moderator SecurityFocus pen-test list ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Renaud Deraison (Dec 13)
- Re: Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Renaud Deraison (Dec 14)
- Re: Nessus 3.0 released Erin Carroll (Dec 13)
- Re: Nessus 3.0 released Brian Smith-Sweeney (Dec 13)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap Renaud Deraison (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap Brian Smith-Sweeney (Dec 14)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 18)
- Nessus and Hydra Fabien Degouet (Dec 31)
- Re: Nessus 3.0 released - nikto, hydra, amap RaMatkal (Dec 14)
- Re: Nessus 3.0 released Renaud Deraison (Dec 13)
- <Possible follow-ups>
- RE: Nessus 3.0 released Josh Perrymon (Dec 13)
- RE: Nessus 3.0 released Josh Perrymon (Dec 14)
- Re: RE: Nessus 3.0 released nospam (Dec 17)