Nessus (software)

For other uses, see Nessus.
Nessus
Developed by
Tenable Network Security
Latest release
3.2.1 / May 30, 2008

OS
Cross-platform

Type
Vulnerability scanner

License
Proprietary

Website
www.nessus.org

In computer security, Nessus is a proprietary comprehensive vulnerability scanning software. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:
• Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
• Misconfiguration (e.g. open mail relay, missing patches, etc).
• Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
• Denials of service against the TCP/IP stack by using mangled packets
On UNIX (including Mac OS X), it consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which controls scans and presents the vulnerability results to the user. For Windows, Nessus 3 installs as an executable and has a self-contained scanning, reporting and management system.
Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations worldwide. It took first place in the 2000, 2003, and 2006 security tools survey from SecTools.Org.
Operation
In typical operation, Nessus begins by doing a port scan with one of its four internal portscanners (or it can optionally use Amap or Nmap [1]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
Tenable Network Security produces several dozen new vulnerability checks (called plugins) each week, usually on a daily basis. These checks are available for free to the general public seven days after they are initially published. Nessus users who require support and the latest vulnerability checks should contact Tenable Network Security for a Direct Feed subscription which is not free. Commercial customers are also allowed to access vulnerability checks without the seven-day delay.
Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for reference against future vulnerability scans. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.
If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.
Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.
History
The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet community a free remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organizations such as the SANS Institute.
On October 5, 2005, Tenable Network Security [2], the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license [3]. The Nessus 3 engine is still free of charge, though Tenable charges $100/month per scanner for the ability to perform configuration audits for PCI, CIS, FDCC and other configuration standards, technical support, SCADA vulnerability audits, the latest network checks and patch audits, the ability to audit anti-virus configurations and the ability for Nessus to perform sensitive data searches to look for credit card, social security number and many other types of corporate data. Nessus 3 is also roughly 10 times faster [4] than Nessus 2.
As of July 31, 2008, Tenable sent out a revision of the feed license which will allow home users full access to plugin feeds. A professional license is available for commercial use[5].
The Nessus 2 engine and a minority of the plugins are still GPL. Some developers have forked independent open source projects based on Nessus, but none of them achieved a stable state yet. Tenable Network Security has still maintained the Nessus 2 engine and has updated it several times since the release of Nessus 3.
Nessus 3 is available for many different UNIX and Windows systems, offers patch auditing of UNIX and Windows hosts without the need for an agent and is 2-5 times faster [6] than Nessus 2.
There is a split-off project called OpenVAS that continues to develop a GPLed vulnerability scanner based on Nessus 2.