
Nessus 1.2 Roadmap
-------------------------------------------------------------------------------


	The goal of Nessus 1.2 is to provide users with a very stable,
reliable and scalable security scanner.

Release date : November 2001 (postponed again :()

Note that these items are not the only things that went through/will go
through Nessus 1.2.


NESSUSD :
---------


- IPv6 support - this should not be too difficult. It just requires some 
  changes in libnasl/, and in the way the targets are handled. [POSTPONED]

- nessusd which would scan continusly a network, slowly, and which would test hosts that have not been tested for N days [DONE] [DOC DONE]

- differential scans [DONE] [DOC DONE]

- differential scans -> send a mail to the user if something differs between
  two scans done in background  [DONE] [DOC DONE]

		-> Note : it would be interesting to support
		   "multilevel" diff scan - that is, not compare
		   the current scan with the one done before, but
		   compare the scan with the N scans done before
		   (or with some older scan). This allows the
		   detection of patterns (status a -> b -> a -> b)
		   and regression problems ("yesterday's flaw is here
		   again").

- per-user ACLs for the display of plugins (ie: "foo can see all plugins
  except A,B and C" and "foo can see no plugins except A,B and C")

- new user management 
	 	-> /usr/local/var/nessus/<username>/auth/password [DONE]
		-> /usr/local/var/nessus/<username>/auth/rules    [DONE]
		-> /usr/local/var/nessus/<username>/auth/plugins 
		-> /usr/local/var/nessus/<username>/auth/pubkey   [DONE]

	AND
		-> /usr/local/var/nessus/<username>/plugins/*.nasl [DONE]
							     


- new process  mgmt : reduce the number of processes to two layers [POSTPONED
  TO NESSUS 2.0]

- multiple plugins running in parrallel [DONE]

- new messaging protocol between client & server [POSTPONED TO NESSUS 2.0] 

- distributed scans [HANDLED DIFFERENTLY]

- fix mem leaks in nessusd [DONE]

LOGS:
-----
- put in the logs the fact that a test was negative or positive
- create logs levels, in multiple files (nessusd.messages, nessusd.plugins,
  nessusd.error, ...)

REPORTS:
--------
		
- stricter report output, to make information gathering easier
- display the KB in the report
- SQLizable reports
- better XML output [DONE]
- include date in .nsr reports.


PLUGINS :
---------
- script_exports() and script_imports() to make developement easier
  and more comprehensive.
- script_require_udp()
- get_port_state_udp() [DONE]
- create spools of nmaps, to save memory
- configurable scripts timeout as well as per-script timeout [DONE]
- configurable find_service
- script_severity()
- user-defineable severity
- script_keywords() [DONE, but unused yet]
- websuck plugin  [IN PROGRESS]
- importable nmap results to gain time [DONE]
- importable SSL certs [DONE]
- easily translatable plugins [POSTPONED]
- use of include() for SMB plugins

NASL:
-----
- documentation regarding NASL and plugins developement  
- 'sh -x' for NASL
- stricter NASL interpretor [DONE - partially :]
- plugins tutorial
- rewrite NASL using lex & yacc [PROBABLY POSTPONED]

CLIENT:
-------

- rewrite client from scratch [POSTPONED TO NESSUS 2.0]
- filter the list of plugins in the client, with keywords and regexps [DONE]
- CLI which allows the selection of plugins
- verbose CLI
- profiles
- use plugins ID rather than plugins names in ~/.nessusrc  [DONE]
- save the client preferences on the server side [OPTIONAL]
- better scalability when testing huge networks [DONE]
- API for report exports
- new GUI for the reports


MISC:
-----


- openssl support for https [DONE]

- openssl transport layer instead of PEKS [DONE]

- per-plugin timeout. Ie, in the preferences : 
	timeout.<PluginID> = X		[DONE]


- Writeable FTP configurable timeout	[DONE - due to above]

- centralize the reports on the server [PARTIALLY DONE - session saving]
- mark that a saved session is complete
- Kerberos authentication of the clients [POSTPONED]
- nessus-rmuser [DONE]
- no404 web servers [DONE]
- HTTP 'authorization:' support [DONE]

- KB support for network discovery [DONE]


