Nessus (software)

From Wikipedia, the free encyclopedia

For other uses of the word "Nessus", please refer to Nessus.

In computer security, Nessus is a comprehensive vulnerability scanning program. It consists of nessusd, the Nessus daemon, which does the scanning, and nessus, the client, which presents the results to the user.

Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations world-wide. It took first place in the 2000, 2003, and 2006 security tools survey from SecTools.Org.

[edit] How it works

In typical operation, nessus begins by doing a port scan with its own internal portscanner (or it can optionally use Nmap [1]) to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as a large body of plugins, are written in NASL (Nessus Attack Scripting Language), a scripting language optimised for custom network interaction.

Optionally, the results of the scan can be reported in various formats, such as plain text, XML, HTML and LaTeX. The results can also be saved in a knowledge base for reference against future vulnerability scans. Scanning can be automated through the use of a command-line client.

If the user chooses to do so (by disabling the option 'safe checks'), some of Nessus's vulnerability tests may try to cause vulnerable services or operating systems to crash. This lets a user test the resistance of a device before putting it in production.

Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods.

[edit] History

The "Nessus" Project was started by Renaud Deraison in 1998 to provide to the Internet community a free, powerful, up-to-date and easy to use remote security scanner. Nessus is currently rated among the top products of its type throughout the security industry and is endorsed by professional information security organisations such as the SANS Institute.

On October 5th 2005, Tenable Security, the company Renaud Deraison co-founded, changed Nessus 3 to a proprietary (closed source) license [2]. The Nessus 3 engine is still free of charge, though Tenable charges for the latest plugins. The Nessus 2 engine and a minority of the plugins are still GPL. Some developers have forked independent open source projects based on Nessus as a consequence. Examples are OpenVAS and Porz-Wahn (see External links, below).

Nessus.org is reporting that for the first time the Nessus server will be able to run from a Windows 2000/XP machine. Currently to use on the windows box a person would have to use NessusWX. This is all going to change in the beginning of 2006.