Wikipedia

Nessus (software)

Nessus Vulnerability Scanner
Nessus-Professional-FullColor-RGB.svg
Developer(s)Tenable, Inc.
Stable release
8.11.1 / August 20, 2020 (2020-08-20)[1]
RepositoryNone available
Operating systemCross-platform
PlatformMac, Windows, Linux
TypeVulnerability scanner
LicenseProprietary; GPL (2.2.11 and earlier)
Website[1]

Nessus is a proprietary vulnerability scanner developed by Tenable, Inc. (NASDAQ: TENB)

Operation

Examples of vulnerabilities and exposures Nessus can scan for include:

  • Vulnerabilities that could allow unauthorized control or access to sensitive data on a system.
  • Misconfiguration (e.g. open mail relay, missing patches, etc.).
  • Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
  • Denials of service vulnerabilities

Nessus scans cover a wide range of technologies including operating systems, network devices, hypervisors, databases, web servers, and critical infrastructure.

The results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for debugging. On UNIX, scanning can be automated through the use of a command-line client. There exist many different commercial, free and open source tools for both UNIX and Windows to manage individual or distributed Nessus scanners.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system. Nessus can also support configuration and compliance audits, SCADA audits, and PCI compliance.

History

The Nessus Project was started by Renaud Deraison in 1998 to provide to the Internet community with a free remote security scanner.[2] On October 5, 2005, Tenable Network Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license.[3]

The Nessus 2 engine and a minority of the plugins are still GPL, leading to forked open source projects based on Nessus like OpenVAS and Porz-Wahn.[2][4]

Today, the product still exists in two formats; a limited, free version and a full-feature paid subscription option. Nessus is available for Linux, Windows, and macOS. Tenable, Inc. went public on July 26, 2018, twenty years after Nessus’ creation.

See also

References

  1. ^ "Nessus Release Notes". Tenable Network Security. Retrieved 2020-10-06.
  2. ^ a b Carey, Mark; Russ Rogers; Paul Criscuolo; Mike Petruzzi. Nessus Network Auditing. O'reilly. ISBN 978-1-59749-208-9.
  3. ^ Olenick, Doug (2019-03-09). "SC 30th Anniversary Awards". SC Media.
  4. ^ "OpenVAS". Retrieved 2009-10-21.

External links

This article is copied from an article on Wikipedia® - the free encyclopedia created and edited by its online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of Wikipedia® encyclopedia articles provide accurate and timely information, please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Copyright © 2003-2025 Farlex, Inc Disclaimer
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.