Nessus (software)

Nessus Vulnerability Scanner
Nessus Vulnerability Scanner Logo.png
Developer(s)Tenable Network Security
Stable release
7.1.2 / June 26, 2018 (2018-06-26)[1]
RepositoryNone available
Operating systemCross-platform
TypeVulnerability scanner
LicenseProprietary; GPL (2.2.11 and earlier)
WebsiteNessus Vulnerability Scanner Homepage

Nessus is a proprietary vulnerability scanner developed by Tenable Network Security. It is free of charge for personal use in a non-enterprise environment.

According to surveys done in 2009 by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey.[2] Tenable Network Security estimated in 2005 that it was used by over 75,000 organizations worldwide.[3]

Operation

Nessus allows scans for the following types of vulnerabilities:

Initially, Nessus consisted of two main components; nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. Later versions of Nessus (4 and greater) utilize a web server which provides the same functionality as the client.

In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use AmapM[4] or Nmap[5]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.

Tenable Network Security at It-sa tradefair in Nürnberg 2017

Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public; commercial customers are not allowed to use this Home Feed any more. The Professional Feed (which is not free) also give access to support and additional capabilities (e.g. audit files, compliance tests, additional vulnerability detection plugins).

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus' vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers. This functionality utilizes Tenable's proprietary audit files or Security Content Automation Protocol (SCAP) content.

Other Languages
العربية: نيساس
español: Nessus
euskara: Nessus
italiano: Nessus
עברית: Nessus
magyar: Nessus
Nederlands: Nessus (software)
日本語: Nessus
português: Nessus Cloud
русский: Nessus
Türkçe: Nessus
українська: Nessus
Tiếng Việt: Nessus (phần mềm)
中文: Nessus