Specifications
Copyright © 2015. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc.
6
CVE Compatible – Most plugins link to CVE for administrators to retrieve further information on published
vulnerabilities. They also frequently include references to Bugtraq (BID), OSVDB, and vendor security alerts.
Plugin Architecture – Each security test is written as an external plugin and grouped into one of the plugin
families. This way, you can easily add your own tests, select specific plugins, or choose an entire family without
having to read the code of the Nessus server engine, nessusd. The complete list of the Nessus plugins is
available at http://www.nessus.org/plugins/index.php?view=all.
NASL – The Nessus scanner includes NASL (Nessus Attack Scripting Language), a language designed
specifically to write security tests easily and quickly.
Up-to-date Security Vulnerability Database – Tenable focuses on the development of security checks for newly
disclosed vulnerabilities. Our security check database is updated on a daily basis and all the newest security
checks are available at http://www.tenable.com/plugins/index.php?view=newest.
Tests Multiple Hosts Simultaneously – Depending on the configuration of the Nessus scanner system, you can
test a large number of hosts concurrently.
Smart Service Recognition – Nessus does not expect the target hosts to respect IANA assigned port numbers.
This means that it will recognize a FTP server running on a non-standard port (e.g., 31337) or a web server
running on port 8080 instead of 80.
Multiple Services – If two or more web servers are run on a host (e.g., one on TCP port 80 and another on TCP
port 8080), Nessus will identify and test all of them.
Plugin Cooperation – The security tests performed by Nessus plugins cooperate so that unnecessary checks
are not performed. If your FTP server does not offer anonymous logins, then anonymous login related security
checks will not be performed.
Complete Reports – Nessus will not only tell you what security vulnerabilities exist on your network and the risk
level of each (Info, Low, Medium, High, and Critical), but it will also tell you how to mitigate them by offering
solutions.
Full SSL/TLS Support – Nessus has the ability to test services offered over SSL such as HTTPS, SMTPS,
IMAPS, and more.
Smart Plugins (optional) – Nessus has an “optimization” option that will determine which plugins should or
should not be launched against the remote host. For example, Nessus will not test sendmail vulnerabilities
against Postfix.
Non-Destructive (optional) – Certain checks can be detrimental to specific network services. If you do not want
to risk causing a service failure on your network, enable the “safe checks” option of Nessus, which will make
Nessus rely on banners rather than exploiting real flaws to determine if a vulnerability is present.
Open Forum – Found a bug? Questions about Nessus? Start a discussion at https://discussions.nessus.org/.
Prerequisites
Tenable recommends the following hardware depending on how Nessus is used. Note that these resources are
recommended specifically for running Nessus. Additional software or workload on the machine warrants additional
resources.
Scenario
CPU/Memory
Disk Space
Nessus scanning smaller networks
CPU: 1 Dual-core 2GHz Intel CPU (dual-core Intel® for Mac
OS X)
30 GB