Nessus Review

key review info
application features
  • Up-to-date security vulnerability database
  • (12 more, see all...)

I'm so excited, I just can't hide it, I know, I know, I know, I know I like it! It's no doubt in my mind that Nessus is the best free-of-charge vulnerability scanner in the world.

I feel obliged to warn you from the start that this is not a tool for the average user. It's a tool for network administrators and security experts but if you are a curios person, I can't see why you can't give Nessus a try.

Nessus is mainly composed of a server which is usually accompanied by a client. This design allows you to deploy your Nessus infrastructure in respect to the design of your network and opens a broad range of possibilities. In large corporate networks, where security is treated seriously in a possible setup, several Nessus servers should be deployed to perform scans either from inside the network, perhaps on different subnets and also from outside the network. From a central client or multiple ones, all the servers could be controlled allowing you to perform a tremendous amount of scans considering different scenarios at the same time. While the servers will most probably use all the power available, the client could be run from some of the most modest machines. The server contains all cool features that give Nessus an incredible power that comes from the smart design of the software and the client provides the software with a user friendly interface.

I was able to install both the server and the client with no special intervention but I must confess that an installer and different directory structure would be very nice for this excellent piece of software. Setting up a Nessus computer is by no means user friendly, but... it doesn't necessary have to be.

Perhaps the greatest thing about Nessus design is NASL (Nessus Attack Scripting Language). It's used for writing the plugins that Nessus uses to perform its various scans. Plugins could be written easily and any plugin could be read and modified allowing a better interpretation of complicated results. The plugins are very safe in terms of security because Nessus runs them in a virtual machine so, in theory, there is no way a plugin could affect your server machine. At this point, there are over 11600 plugins available, and even if this number is very impressive, there's always room for more. You'll definitely want to update the list of plugins and if you are not critical about getting them while they're hot, there is the possibility to sign up for a free account that allows you to get all the updates with a one week delay. If you want or need them hot, you'll have to take out of your pocket a sum of 1200$. If you really need to be paranoid, you should know that there is also a RSS feed with the newest security plugins added in the database.

Other cool features that Nessus has are "smart service recognition" which allows Nessus to detect services even if they run on non-standard ports, "full SSL support", that is used to test secure services and the possibility to perform thorough tests that throw everything at remote hosts to see how they performed. I was also very happy when I found out that the traffic between the server and the client is encrypted. This feature is essential for Nessus because with credentials, Nessus can log in remote hosts to obtain an impressive amount of data about the local configuration. Encryption protects this credentials and the report delivered to the client. In the local configuration is data that cannot be detected from a routine scan like what software is installed and what are the version numbers. This helps detecting the unauthorized software and the outdated one that might contain known security holes.

Now I'd like to say a few words about the NesssusClient. It is based upon GTK and it manages to be a nice, easy to use and still very functional client for Nessus server.

The client allows you to set several tasks and scopes that fit the needs of specific segments in your network. For those, you can set what Nessus server should be used, which plugins will be loaded and many other options. All the reports will then be saved in that scope and it will allow you to keep track of all the past scans in a nicely manageable order.

Reports are extremely important for the client because if you understand them, you'll be able to increase the security of your network. In the client, the reports are displayed fairly nice and one of the best things about them is that solutions are often provided to help you solve the possible problems. I love that you can export your reports to several interesting formats like HTML, PDF, XML. The formatting of these reports is performed very well and the most interesting is probably HTML with pies and graphs. You can, of course, export to a NessusClient proprietary format that can be then imported in another NessusClient. Perhaps a little more transparency regarding the export feature would have been nice because some user might not know it's there.

The NessusClient integrates a wizard that's called "Scan Assistant" which takes you through a 4 steps process of creating a task, a scope, selecting the targets and then executing your task. Even though I was skeptical about it at first, this might be a useful feature for some inexperienced users. As I've said before, a Nessus scan should be carefully planned before it's executed and the wizard is just the opposite of that, but it might be useful for allowing some users to get started with Nessus or to perform very simple scans.

The Good

Nessus is good! Its server/client design is good. The NASL language for writing plugins is good. All the other features like smart service recognition, SSL support, thorough tests and the extended level of control and the reports provided by the client are excellent assets in Nessus and NessusClient.

The Bad

Nessus is a closed source and this provides a certain level of discomfort to some people in the Linux community. Even though NessusClient is pretty good, I feel that there's room for improvements. Would be great if Tenable would provide a web client for using with Nessus, but unfortunately, it doesn't.

The Truth

Like I've said in the beginning, Nessus is the best free-of-charge vulnerability scanner in the world. The free-of-charge part is great for the end user which is not willing to pay for a software like this one but it's also great for companies, because it saves them from all the legal aspects that might appear. Nessus is great because it's a cross platform. Even if I'm thinking that GFI LANguard Network Security Scanner might be a vulnerability scanner better than Nessus, that's not free-of-charge, doesn't work on Linux and doesn't have the server/client architecture.

Check out some screenshots of the client:

Review image
Review image
Review image
Review image
Review image
Review image
Review image
Review image
Review image
Review image
user interface 4
features 5
ease of use 3
pricing / value 5

final rating 5
Editor's review

Photo Gallery (2 Images)

Gallery Image
Gallery Image