A complete analysis of your security level
# Up-to-date security vulnerability database
We mostly focus on the developement of security checks for recent security holes. Our security checks database is updated on a daily basis, and all the newest security checks are available here and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
# Remote AND local security.
Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated.
Nessus 2.1 is the only security scanner out there which has the ability to detect the remote flaws of the hosts on your network, but their local flaws and missing patches as well - whether they are running Windows, Mac OS X or a Unix-like system.
Get the full picture - not just half of it. More information...
# Extremely scalable
Nessus has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to Nessus, the quicker it will scan your network.
Each security test is written as an external plugin, written in NASL. This means that updating Nessus does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a Nessus report.
The Nessus Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security test easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.
# Smart service recognition
Nessus does not believe that the target hosts will respect the IANA assigned port numbers. This means that it will recognize a FTP server running on a non-standard port (ie: 31337), or a web server running on port 8080. Nessus is the first scanner on the market to have implemented this feature for all the security checks (and has been copied by many since then).
# Multiples services
If a host runs the same service twice or more, Nessus will test all of them. Believe it or not, several scanners on the market still consider that a host can only run one server type at once.
# Full SSL support
Nessus has the ability to test SSLized services such as https, smtps, imaps, and more. You can even supply Nessus with a certificate so that it can integrates into a PKI-fied environement. Once again, Nessus was one of the first security scanner on the market to provide this feature.
# Non-destructive OR thorough
Nessus gives you the choice between performing a regular non-destructive security audit on a routinely basis, or to throw everything you can at a remote host to see how will it withstands attacks from intruders. Many scanners consider their users to be too inexperienced to make that kind of choice, and only offer them to perform "safe" checks.
# The biggest user base
The most pessimistic computations, based on the number of downloads every day, give Nessus at least 50,000 users worldwide, but there might be even more - after all, Nessus is downloaded over 2,000 times every day !
Our huge user base allows us to get the best feedback regarding security checks - and therefore to offer security checks which are reliable, non destructive and not prone to false positives.
# Proven maturity
The first public release of Nessus was in 1998. The technology behind it has been extensively tested and proven over time, on huge networks.