{"id":16,"date":"2005-05-31T22:05:03","date_gmt":"2005-06-01T02:05:03","guid":{"rendered":"http:\/\/blogs.law.harvard.edu\/zeroday\/2005\/05\/31\/nessus-outlaws-text-editors\/"},"modified":"2005-05-31T22:05:03","modified_gmt":"2005-06-01T02:05:03","slug":"nessus-outlaws-text-editors","status":"publish","type":"post","link":"https:\/\/archive.blogs.harvard.edu\/zeroday\/2005\/05\/31\/nessus-outlaws-text-editors\/","title":{"rendered":"Nessus outlaws text editors"},"content":{"rendered":"<p><a name='a22'><\/a><\/p>\n<p>I&#8217;m working on creating a vulnerability scanning engine which will be offered free to non profits.  I have the machine and the open source code is mostly there.  I went to the scanning engines web site tonight to download a copy for the test machine.  There was a special note for anyone who is a consultant or MSP (Managed Service Provder).  Even though I&#8217;m doing this for free and only to non-profits who can&#8217;t afford to pay someone (like Qualys) to scan them I do qualify as a MSP.  So I was directed to a form that I have to sign and fax in to make sure he knows that I&#8217;m possibly making money from his open source project.<br \/>\nOne important piece of information here is that the engine itself isn&#8217;t what the (now) company is charging for.  It is the plug-ins.  The plug-ins can tell the engine what a vulnerable host looks like.  It&#8217;s like a definition file for an anti virus program.  What&#8217;s interesting is NASL (Nessus Audit Scripting Language)is written in plain text.  They are just text files that are put into a directory and read by the scanning engine.  Here is the <a href=\"http:\/\/cvsweb.nessus.org\/cgi-bin\/cvsweb.cgi\/~checkout~\/nessus-plugins\/scripts\/tcp_options_dos.nasl?content-type=text\/plain\"> LINK <\/a> to one and notice the copyright on it.<br \/>\nOne paragraph in the consultant and MSP contract states that we may not reverse engineer or decompile the scripts.  How do you decompile or reverse engineer a text file?  Hex Editor?<\/p>\n<p>&#8220;CIVIL AND CRIMINAL FINES AND PENALTIES under all applicable laws, including,<br \/>\nwithout limitation, 17 U.S.C. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;m working on creating a vulnerability scanning engine which will be offered free to non profits. I have the machine and the open source code is mostly there. I went to the scanning engines web site tonight to download a copy for the test machine. There was a special note for anyone who is a [&hellip;]<\/p>\n","protected":false},"author":214,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-16","post","type-post","status-publish","format-standard","hentry"],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/16","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/users\/214"}],"replies":[{"embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":0,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"wp:attachment":[{"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/archive.blogs.harvard.edu\/zeroday\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}