Nessus Features and Capabilties

Nessus featuresIn the previous article, we introduced the Nessus vulnerability scanner. In this article, we will discuss some of the additional Nessus features.

Nessus Features: Scripting Language, Integration with Other Tools, Smart Testing

To supplement the plug-in architecture, Nessus has its own scripting language called Nessus Attack Scripting Language (NASL), one of the more important Nessus features. This easy-to-learn utility language allows you to quickly and easily write your own custom security plug-ins without having to know C or all of the internal workings of the main program.

Nessus can be used by itself or with several other open source security tools. You can use Nmap, the best port scanner in the world, or the port scanning part of the job, rather than the built-in one. the Nesseus port scanner is faster and a little more efficient with memory, but Nmap allows for a lot more options and settings. Almost all the Nmap settings are configurable from within the Nessus client. Nessus also works with Nikto and Whisker, tools that run more complex tests on web servers; CGI programs; and Hydra, a tool for running brute-force password attacks against common services. The functionality of these tools is written right into Nessus, so you can make configuration changes from a single interface.

Another ability which you may find is one of the more useful Nessus features is that it can be set up so that it does not automatically run all of the vulnerability tests on every host. Based on the results of a port’s scan or other input such as past vulnerability tests, Nessus will run only tests appropriate to that machine. So if the server is not running a web server, it won’t run web server-related tests. Nessus is also smart in that it does not automatically assume that web servers will run on port 80, but rather checks all the possible ports for signs of a web server. Nessus will even find multiple instances of services running on different ports. This is especially important if you are inadvertently running a web server or other public service on an unusual port.

Nessus Features: Knowledge Base and Reporting

Another one of the more useful Nessus features is that it can save all scan results in a database called the Knowledge Base. This allows it to use the results of past scans to intelligently figure out what tests to run. You can use this to avoid doing a port scan every time you run Nessus, because it will remember what ports it found open last time on each host and test only those. It can also remember what hosts it saw last time and test only new hosts. You probably shouldn’t do this every time, because you may miss new ports that open up on machines or new vulnerabilities that show up on previously scanned boxes. However, it can allow you to run scans more often with less bandwidth and processor power as long as you do a complete scan on a regular basis.

Nessus has some of the best reporting capabilities in the open source field. Although it is not perfect, it can output your scan data in just about any format. Basic HTML and HTML with pie charts and graphs are two of the more popular formats. These reports include summary data and are suitable for posting to an internal web site with little or no editing. Other report formats supported include XML, LaTeX, and plain text. The Windows client offers additional report formats. There are additional tools available that allow you to do further manipulation of the data.

Mailing Lists

Nessus has an extensive support network for getting help, both on basic installation and use as well as more complex programming and customization. there are no fewer than five Nessus mailing lists, each dedicated to a different area. There is an archive of all the past posts so you can check to see if your question has ever been answered. The following are the main Nessus mailing lists:

  • nessus: A general discussion list about Nessus.
  • nessus-devel: Talks about the development of the upcoming versions.
  • nessus-cvs: Shows the CVS commits made on the Nessus tree.
  • nessus-announce: A low-traffic moderated list that is dedicated to the announcements of the availability of new releases.
  • plug-ins-writers: A list dedicated to the writing of new Nessus plug-ins. If you want to write your own security checks, you should subscribe to it.

Of the discussion lists, nessus is the most active, broadest in scope, and probably most useful to the average reader. Much of the traffic consists, of questions and answers rather than actual discussions, and topics include Nessus and NessusWX, the plugins, vulnerabilities themselves, third-party add-ons, and so forth. Nessus-devel tends to be more discussion oriented, with the focus on revisions to Nessus and the NASL language. Plugins-writers leans more toward questions and answers, generally how to accomplish something in NASL or whether plugins are properly testing for vulnerabilties. None of these lists has an actual charter, though, and in practice there’s a fair amount of overlap among them.

To subscribe to any of the above lists, send an e-mail to with the following text in the body of the e-mail:

Subscribe listname

Replace listname with the name of the list to which you want to subscribe. To unsubscribe, do the name but write Unsubscribe listname in the body.

Nessus has quite a bit of documentation on its web site, including detailed instructions on installation, basic operation and use of Nessus features, and tutorials on how to write your own security checks in NASL.

Now the we have covered some of the more important Nessus features, in the next article, we will cover installing Nessus in Linux.

External Links:

Nessus home page on – Additional information on Nessus features can be found here

Nessus on Wikipedia

© 2013 David Zientara. All rights reserved. Privacy Policy