Nessus Vulnerability Scanner

Nessus screenshot

Nessus is a freely available, open-source network vulnerability scanner.

This is a legacy article regarding Nessus. Nessis is now offered as Nessus Home, Nessus Professional, Nessus Manager, and Nessus Cloud. You can compare these products on Tenable's Nessus Product Page.

Why Use Nessus?:

The power and performance of Nessus, combined with the price- FREE- make it a compelling choice for a vulnerability scanner.

Nessus also makes no assumptions regarding what services are running on what ports and it actively attempts to exploit vulnerabilities rather than just comparing version numbers of the active services.

What Are The System Requirements?:

The Nessus Server component requires a POSIX system such as FreeBSD, GNU/Linux, NetBSD or Solaris.

The Nessus Client component is available for all Linux / Unix systems. There is also a Win32 GUI client that works with any version of Microsoft Windows.

Features of Nessus:

The Nessus vulnerability database is updated daily. However, because of the modularity of Nessus it is also possible for you to create your own unique plugins to test against. Nessus is also smart enough to test services running on non-standard ports, or to test multiple instances of a service (for instance if you are running an HTTP server on both port 80 and port 8080). For a complete list of features click here: Nessus Features.

Nessus Plugins:

There are a host of plugins that can be used in conjunction with Nessus to provide increased functionality and reporting capabilities. You can see the plugins availabe here: Nessus Plugins

Nessus Snapshot:

We downloaded the Nessus Server component and attempted to install it- Linux-style. There isn't an EXE file that you just double-click. You must compile the code first and then run the installation. There are complete instructions available on the Nessus site.

We ran into a glitch though. We were told that we needed to install "sharutils" in order for the installation to work. Not being a Linux guru we turned to one of our compatriots for assistance. With some help from Sonny Discini, Sr. Network Security Engineer for Montgomery County Government (aka thehorse13), we were able to get the code compiled, installed and ready to run on our Redhat Linux machine.

We then installed the Win32 GUI Nessus Client component on our Windows XP Pro machine. That installation process was a little more "straight-forward" for someone familiar with Windows.

Nessus gives you a lot of options when it comes to running the actual vulnerability scan. You can scan individual computers, ranges of IP addresses or complete subnets. You can test against the entire collection of over 1200 vulnerability plugins, or you can specify an individual or set of specific vulnerabilities to test for.

Unlike some other open source and commercially available vulnerability scanners, Nessus does not assume that common services will be running on common ports. If you run an HTTP service on port 8000 it will still find vulnerabilities rather than assuming that it should find HTTP on port 80. It also does not simply check the version number of the services running and assume the system is vulnerable. Nessus actively attempts to exploit the vulnerabilities.

With such powerful and comprehensive tools available for free, it is difficult to make a case for spending thousand or tens of thousands of dollars to implement a commercial vulnerability scanning product. If you are in the market- we certainly suggest you add Nessus to your short list of products to test and consider.