What is Nessus?

Nessus is a renown software from Tenable Network Security. It specifies in monitoring and scanning for security vulnerabilities. The initial release of this software was free to use for non-enterprise clients. According to, it ranked the first vulnerability scanner and the most common among its counterparts in years of 2000, 2003, and 2006.



There are four main types of Nessus software. There is Nessus Cloud which represents a Software as a Service (SaaS) platform. Another type is Nessus Manager, which serves as a physical or virtual vulnerability manager. Nessus Professional is a version that could run a device such as a laptop device or a Personal Computer (PC). Finally, the free type of Nessus is its Home which is for home-user customers.

Historical Overview


In 1998, Renaud Deraison aimed to create a free remote security scanner and publish it online, making it available for all people around the world. Back then, the project was an open source project. This was until the year 2005 when it turned to a closed source owned by Tenable Network Security, cofounded by Deraison.

In 2005, Tenable Network Security established that more that seventy-five thousand organizations around the world used it. At that time, it was Nessus 3 which existed, and until the moment its engine is free to use, but it costs $100/month per scanner. Nessus 3 supports Microsoft Windows, Unix, Linux, and some other operating systems.

However, before Nessus 3 existed Nessus 2 which required an agent to operate its functions on several operating systems. There is no need to mention how slow it was to use it back then. Nessus 2 operated under the General Public License (GPL), paving the way for developing similar projects like OpenVAS and Porz-Wahn, which are both open source projects. Despite this fact, there was an implementation of many updates on this version of Nessus by Tenable Network Security even after Nessus 3 came to existence.

In 2008, status got better to some extent from the original company’s and users’ perspectives. when a free version for home users became available to plugin feeds. Meanwhile, enterprises had –and still have—to pay for using the software for commercial purposes.

In 2009, Tenable Network Security released Nessus 4. It would later release Nessus 5 in 2012 and later the newest version, Nessus 6, in 2014.

What does Nessus do?


Let’s now discover what features it has, and to what extent such software could be beneficial for security purposes. First of all, let me begin with some services that Nessus 3 and its descendants are able to provide their holders with.

  • It automaticity scans for vulnerabilities and analyzes them in order to prioritize recommended remediation.
  • Every-day plug-ins are fed to customers’ computers to update them with any new emerging vulnerabilities –being revealed in public– that could be detected subsequently.
  • Supports Supervisory Control and Data Acquisition (SCADA) audits.
  • Supports audit on Embedded Devices
  • It offers mobile device scanning.
  • A web application and a cloud environment are also available for harnessing by it.
  • It could search for any sensitive data such as social security numbers, credit card details, and much other confidential information.
  • Nessus 3 offers a means of technical support for an organization
  • It can audit Anti-Virus configurations.
  • It can audit Federal Desktop Core Configuration (FDCC) standards
  • Nessus 3 supports the audit of The Payment Card Industry Data Security Standards (PCI-DSS) as well.

Now, why don’t we break down the types of vulnerabilities detectable when scanning through it?

  1. Vulnerabilities related to passwords such
    • System accounts having no passwords
    • System accounts having default passwords or those consisting of those passwords provided on initial setup or after reset
  2. Vulnerabilities with which remote exploitations could grant access to sensitive data
  3. Misconfiguration vulnerabilities such as missing software patches, or open mail relay
  4. Vulnerabilities related to Denial of Service attack of TCP/IP stack via sending some mangled packets through the network
  5. Arrangements for conducting PCI DSS audits

Is Nessus actually necessary?

The answer to this question is logically deductible after summarizing its unique capabilities. These abilities could help determine the reasons for choosing it.

  • Some endpoint agents could be configured on a device:
    • They allow for offline scans and report results to Nessus Cloud and Nessus Manage administrators whenever an internet connection gets established.
    • They have also the ability to scan devices for malware.
  • Upon buying Nessus professional for a particular organization, or even hosting on Nessus Cloud and Nessus Manager, technical support for any issue related to it is always available.
  • On-demand – and completely free– training are offered either physically in specified centers of Tenable Network Security, virtually, or even on-site where the customer is based.
  • Nessus console has an enhanced user-friendly Graphical User Interface (GUI).
    • One can apply Security policies by a bunch of clicks and checks.
    • Email notifications could be targeted by administrators of an organization for scan results and recommended remediation to apply.
    • Preconfigured reports or customized ones could be run as a host by administrators.
  • It utilizes the Representational State Transfer Application Program Interface (RESTful API) to easily integrate into any organization.
  • CyberArk is supported to be integrated with by both Nessus Cloud and Nessus Manager for the sake of credential management, with various patch management systems. To illustrate some of the companies providing the entitled Systems:
    • For computer systems: Microsoft, Dell, IBM, and Redhat.
    • For mobile systems: Apple, Microsoft, AirWatch, and MobileIron.

Given all of these premises and depending on several business practices, my answer to the initial question is definitely yes. All of the aforementioned characteristics distinguish it from all of its other software counterparts. Some other scanners may have one of these characteristics, yet it is almost impossible so far to find something containing all of such powers.

How to use Nessus for Penetration testing?

Nessus is not actually a penetration testing tool. However, its scanning results –when combined with all penetration testing tools—could be an indicator of the security risk of a computer system. Testing tools which could be for example utilized in this regard are Immunity CANVAS, Core IMPACT, and definitely Metasploit. In addition, in the case of any password-related vulnerability, it has the power to use the password cracking tool named Hydra to get the password and get access afterward.

One, for instance, could harness the tools of Nessus Home to the maximum to help with penetration testing. Nessus Home is a free version as mentioned before.


  1. Download it and install it.
  2. Set Up Nessus Account and Activate the installed copy through the activation codeNessus
  3. Start a Vulnerability ScanNessus
  4. Understand the results: In case we choose Basic Network Scan, check through each given device Internet Protocol (IP) address and understand from where the vulnerabilities are actually originated from.NessusNessusNessus
  5. Discover how to exploit such devices. Though it doesn’t have a specialty in this matter, it will show you where to go.Nessus

Try Certified Ethical Hacker for FREE!!!



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.