Nessus Vulnerability Scanner

What Is It?: Nessus is a freely available, open-source vulnerability scanner.

Why Use Nessus?: The power and performance of Nessus, combined with the price- FREE- make it a compelling choice for a vulnerability scanner.

Nessus also makes no assumptions regarding what services are running on what ports and it actively attempts to exploit vulnerabilities rather than just comparing version numbers of the active services.

What Are The System Requirements?: The Nessus Server component requires a POSIX system such as FreeBSD, GNU/Linux, NetBSD or Solaris.

The Nessus Client component is available for all Linux / Unix systems. There is also a Win32 GUI client that works with any version of Microsoft Windows.

Features of Nessus: The Nessus vulnerability database is updated daily. However, because of the modularity of Nessus it is also possible for you to create your own unique plugins to test against. Nessus is also smart enough to test services running on non-standard ports, or to test multiple instances of a service (for instance if you are running an HTTP server on both port 80 and port 8080). For a complete list of features click here: Nessus Features.

Related Tools: There are a host of 3rd-party open source tools that can be used in conjunction with Nessus to provide increased functionality and reporting capabilities. You can see the tools availabe here: Nessus Tools

Nessus Snapshot: I downloaded the Nessus Server component and attempted to install it- Linux-style. There isn't an EXE file that you just double-click. You must compile the code first and then run the installation. There are complete instructions available on the Nessus site.

I ran into a glitch though. I was told that I needed to install "sharutils" in order for the installation to work. Not being a Linux guru I turned to one of my Antionline.com compatriots for assistance. With some help from Sonny Discini, Sr. Network Security Engineer for Montgomery County Government (aka thehorse13), I was able to get the code compiled, installed and ready to run on my Redhat Linux machine.

I then installed the Win32 GUI Nessus Client component on my Windows XP Pro machine. That installation process was a little more "straight-forward" for someone familiar with Windows.

Nessus gives you a lot of options when it comes to running the actual vulnerability scan. You can scan individual computers, ranges of IP addresses or complete subnets. You can test against the entire collection of over 1200 vulnerability plugins, or you can specify an individual or set of specific vulnerabilities to test for.

Unlike some other open source and commercially available vulnerability scanners, Nessus does not assume that common services will be running on common ports. If you run an HTTP service on port 8000 it will still find vulnerabilities rather than assuming that it should find HTTP on port 80. It also does not simply check the version number of the services running and assume the system is vulnerable. Nessus actively attempts to exploit the vulnerabilities.

With such powerful and comprehensive tools available for free, it is difficult to make a case for spending thousand or tens of thousands of dollars to implement a commercial vulnerability scanning product. If you are in the market- I certainly suggest you add Nessus to your short list of products to test and consider.

Nessus Links

Nessus Vulnerability Scanning Step-By-Step

Nessus Installation Instructions

Nessus.org