You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

Nessus outlaws text editors

I’m working on creating a vulnerability scanning engine which will be offered free to non profits. I have the machine and the open source code is mostly there. I went to the scanning engines web site tonight to download a copy for the test machine. There was a special note for anyone who is a consultant or MSP (Managed Service Provder). Even though I’m doing this for free and only to non-profits who can’t afford to pay someone (like Qualys) to scan them I do qualify as a MSP. So I was directed to a form that I have to sign and fax in to make sure he knows that I’m possibly making money from his open source project.
One important piece of information here is that the engine itself isn’t what the (now) company is charging for. It is the plug-ins. The plug-ins can tell the engine what a vulnerable host looks like. It’s like a definition file for an anti virus program. What’s interesting is NASL (Nessus Audit Scripting Language)is written in plain text. They are just text files that are put into a directory and read by the scanning engine. Here is the LINK to one and notice the copyright on it.
One paragraph in the consultant and MSP contract states that we may not reverse engineer or decompile the scripts. How do you decompile or reverse engineer a text file? Hex Editor?

“CIVIL AND CRIMINAL FINES AND PENALTIES under all applicable laws, including,
without limitation, 17 U.S.C.

Post a Comment

You must be logged in to post a comment.