NessusWC is a new client written from scratch as a web frontend to a Nessus Daemon.
Nessus is a free security vulnerability scanner.
- Create a Nessus Client software package that can be compiled and installed independently of Nessus.
- The web interface should rely purely on CGI technology and be as simple and robust as possible.
· OpenSSL library and headers
· libcgi library and headers
Apart from the Makefiles in the root and src/ dirextories,
check the file nessuswc.h in the src/ directory. the upper
section can be configured to set the URL location and the
default nessus login parameters.
NessusWC depends on the OpenSSL libraries and on libcgic
Common compilation problems are:
Installing libcgic or openssl libraries in a nonstandard path
and/or not setting /etc/ld.so.conf and running ldconfig.
You can work around it by setting the path to the includes/libs
explicit in the Makefile by adding the -I< /path/to/includes >
and -L< path/to/libs > to the compiler options.
Add the cgi path to the webservers configuration, i.e. for apache 1.3 add a line like this to httpd.conf:
ScriptAlias /nessuswc/cgi-bin/ "/var/apache/htdocs/nessuswc/cgi-bin/"
The software is compiled with a "default" nessus server IP, port and nessus user using client certificate authentication.
Create the user on the nessus server using < nessus-home >/bin/
nessus-mkcert-client. Copy the generated client certificate
to the < nessuswc-home >/etc directory and make it readable to the webserver.
Also, you'll need to create a < nessuswc-home >/results directory that is writeable by the webserver. A detailled description can be found in INSTALL.
What's New in This Release:
· Correct error handling was implemented for when the Nessus server plugin list exhausts the maximum number of plugins defined in NessusWC.
· The MAXPLUGS default value was raised from 20000 to 40000.
· This was noticed when the plugin count reached 20667.