Description
Nessus is a distributed engine, which could do much more than network auditing. In this class, Nicolas Pouvesle and Renaud Deraison will detail the Nessus architecture, the scripting language API and available functions, and will show to the students how they can turn Nessus into a potentially more powerful and agressive tool.
The goal of this course is to explain the Nessus architecture and how can take advantage of it to tailor it to its needs -- whether it is network auditing, system monitoring, and a massive pen-test".
They will then teach to the students how they can write their own NASL scripts to perform their own network checks. In particular, the SMB and SSH APIs will be explained so that students can learn how to write scripts digging information from remote Windows and Unix hosts by using the APIs provided by Nessus.
Prerequisites
The students should have a laptop running Nessus 2.2.7 or 3.0.x
The students should be familiar with either perl, php or preferably NASL
Instructor: Renaud Deraison
Renaud is the Chief Research Officer at Tenable Network Security. Founder and the primary author of the open-source Nessus vulnerability scanner project. He has worked for SolSoft, and founded his own computing security consulting company, 'Nessus Consulting S.A.R.L.' Nessus detects network vulnerabilities and is in use at more than 50,000 worldwide organizations. Under Renaud's leadership, the Nessus project has won numerous awards, including the 2002 Network Computing 'Well Connected' award and PC Magazine's 2003 'Open Source Product of the Year' award. Mr. Deraison also is an editorial board member of the Common Vulnerabilities and Exposures Organization, has presented at a variety of security conferences and has had his work published in several magazines and books.
Instructor: Nicolas Pouvesle
No bio.