Nessus is a commercial vulnerability scanner developed by Tenable. It is one of the longest-established and most widely used products of its kind, employed by enterprise security teams, penetration testers, and managed service providers to discover known vulnerabilities, misconfigurations, and compliance gaps across networks, hosts, and applications.
What Nessus scans for
Nessus carries a large library of plugins that each test for a specific issue: missing patches indexed by CVE; default and weak credentials on services such as SSH, FTP, SNMP, and databases; misconfigurations against Center for Internet Security (CIS) benchmarks; web application surface (a basic web scanner, not a replacement for Burp); SSL/TLS configuration weaknesses; mobile device management baselines; and compliance scans for standards such as PCI DSS, HIPAA, and NHS DSPT requirements.
Authenticated versus unauthenticated scanning
Unauthenticated scans run from the network and see only what an outside attacker would: open ports, banner versions, certificate details, and remotely detectable conditions. Authenticated scans log into the target using SSH keys, Windows credentials, database accounts, or cloud API keys, and read installed software versions, configuration files, and registry entries directly. Authenticated scanning is far more accurate, particularly for missing-patch coverage, and is strongly preferred for routine vulnerability management.
Editions
Nessus Essentials is free for personal use and limited to 16 IP addresses. Nessus Professional is the standalone commercial edition aimed at consultants and small teams. Tenable.io and Tenable.sc are the cloud and on-premises management platforms for enterprise deployments, adding centralised scheduling, dashboards, ticketing integration, and asset inventory.
Use in penetration testing
Pen testers use Nessus for early-stage breadth coverage: a quick scan of an in-scope IP range surfaces the obvious low-hanging issues (missing patches, weak SSL, default credentials) so the manual effort can focus on the deeper work. The Nessus output is rarely used directly in client reports because it contains false positives and lacks the engagement context; it is a starting point, not a deliverable.
Related terms
See also: vulnerability assessment, vulnerability, and penetration testing.
Leave a Reply