Nessus (software)
| Nessus
|
|
|---|---|
|
|
 Screenshot of the 'Nessus "NG" report' |
|
| Basic data
|
|
| developer | Tenable network security |
| Current version |
8.4.0 ( May 14, 2019 ) |
| operating system | Linux , FreeBSD , Windows XP , Solaris , macOS |
| category | Vulnerability Scanner |
| License | Proprietary (before version 3: GPL ) |
| German speaking | No |
| tenable.com | |
Nessus is a network and vulnerability scanner for Linux , Unix , Windows and macOS . It is based on the client-server principle , which means that the Nessus server ( nessusd ) is started on a computer and can be used to connect to one or more clients from a local or remote computer. This is secured by SSL certificates and passwords.
When starting the server are plug-ins loaded. This enables various security gaps in the operating system or the services running on the host to be scanned to be found. Plug-ins are created in Nessus' own scripting language "Nessus Attack Scripting Language" (NASL).
With the client program you connect to the server and set up a session in which you can enter or change the target computer and plug-ins, among other things. Once the scan has been carried out, the Nessus client gives an overview of open ports (Nessus scans the ports with the help of nmap ) and any security holes found.
License
The project , which was previously under the GPL , has been offered with a proprietary license since October 2005 . Therefore, the OpenVAS project continues the development of a free scanner since the last free version (2.2).
The Federal Office for Information Security had the open source software BOSS ( BSI OSS Security Suite ) developed, which was based on Nessus, but discontinued this and recommended OpenVAS .
A free version called "Nessus Essentials" has also been allowed to be used commercially for vulnerability analysis since 2019.
Web links
Individual evidence
- ↑ New version of the BOSS security CD on the BSI website; Retrieved September 3, 2015