O'Reilly Network    

 Published on The O'Reilly Network (http://www.oreillynet.com/)

Mac OS X port of Nessus Now Available (Universal Binary)

by Nitesh Dhanjani
Mar. 29, 2006


Tenable just released a Mac OS X port of the Nessus vulnerability scanner (Nessus 3.0.2 beta). Get it from the download page. It is a beta version, so handle with care.

As stated on nessus.org, "Nessus for Mac OS X is not just a port of the Unix server to the Mac environment, it also bundles a native interface to manage the server and the client." Awesome!

I just installed it on my shiny new Macbook Pro, and things went quite well. Note: If you primarily use Mac OS X with a non-admin user account (which you should), the installer will ask you to authenticate with a admin account during installation. This is fine, but when you start up /Applications/Nessus/Nessus Client.app to connect to the Nessus server, you will need access to /Library/Nessus/Connections.xml which contains credentials to log on to the server locally. Since this file is only readable by an admin account, you may want to copy it to ~/Library/Nessus/ before launching /Applications/Nessus/Nessus Client.app. Once you do this, you will be able to connect to the Nessus server by clicking on the Connect button, and choosing "Local server."

Also, the wonderful NASL scripts are located in /Library/Nessus/run/lib/nessus/plugins/.

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.

oreillynet.com Copyright © 2006 O'Reilly Media, Inc.