Best Hacking Tools Of 2017: Nessus Vulnerability Scanner

Nessus Vulnerability Scanner

Developed by Tenable Network Security, this tool is one of the most popular vulnerability scanners on he market. Tenable provides different versions, depending on your needs: Nessus Home, Nessus Professional, Nessus Manager, and Nessus Cloud.

You can use Nessus to scan multiple types of vulnerabilities that include remote access flaw detection, misconfiguration alert, denial of services against TCP/IP stack, preparation of PCI DSS audits, malware detection, sensitive data searches, etc. Nessus can also call a popular external tools.

Nessus is supported by a variety of platforms including Windows, Mac OS, and popular Linux distributions like Debian, Ubuntu, Kali Linux, etc.

You can get more information and download the Nessus Home (free) tool here. The commercial version is available here.


Nessus Default Settings

Nessus is a third-party comprehensive network vulnerability scanner which was developed and maintained by Tenable Network Security. It costs about $2200 per year for enterprise customers, but there is a free version for personal use.

Tenable Network Security’s team of research engineers keeps the Nessus vulnerability scanner up to date with the latest network and host security audits available. Nessus includes the latest security tests for publicly available security patches, disclosed vulnerabilities, and common worms.

Nessus default Advanced Settings:

Setting Name Description Default
allow_post_scan_editing Allows a user to make edits to scan results after the scan completes. yes
auto_enable_dependencies Automatically activate the plugins that are depended on. If disabled, not all plugins may run despite being selected in a scan policy. yes
auto_update Automatic plugin updates. If enabled and Nessus is registered, fetch the newest plugins from automatically. Disable if the scanner is on an isolated network that is not able to reach the Internet. yes
auto_update_delay Number of hours to wait between two updates. Four (4) hours is the minimum allowed interval. 24
cgi_path During the testing of web servers, use this colon delimited list of CGI paths. /cgi-bin:/scripts
checks_read_timeout Read timeout for the sockets of the tests. 5
disable_ui Disables the user interface on managed scanners. no
disable_ntp Disable the old NTP legacy protocol. yes
disable_xmlrpc Disable the new XMLRPC (Web Server) interface. no
dumpfile Location of a dump file for debugging output if generated. C:\ProgramData\Tenable\Nessus\nessus\logs\nessusd.dump
global.max_hosts Maximum number of simultaneous checks against each host tested. 2150
global.max_scans If set to non-zero, this defines the maximum number of scans that may take place in parallel. Note: If this option is not used, no limit is enforced. 0
global.max_simult_tcp_sessions Maximum number of simultaneous TCP sessions between all scans. Note: If this option is not used, no limit is enforced. 50
global.max_web_users If set to non-zero, this defines the maximum of (web) users who can connect in parallel. Note: If this option is not used, no limit is enforced. 1024
listen_address IPv4 address to listen for incoming connections. If set to, this will restrict access to local connections only.
log_whole_attack Log every detail of the attack? Helpful for debugging issues with the scan, but this may be disk intensive. no
logfile Location where the Nessus log file is stored. C:\ProgramData\Tenable\Nessus\nessus\logs\nessusd.messages
max_hosts Maximum number of hosts checked at one time during a scan. 5
max_checks Maximum number of simultaneous checks against each host tested. 5
nasl_log_type Direct the type of NASL engine output in nessusd.dump. normal
nasl_no_signature_check Determines if Nessus will consider all NASL scripts as being signed. Selecting “yes” is unsafe and not recommended. no
nessus_udp_scanner.max_run_time Used to specify the maximum run time, in seconds, for the UDP port scanner. If the setting is not present, a default value of 365 days (31536000 seconds) is used instead. 31536000
non_simult_ports Specifies ports against which two plugins cannot not be run simultaneously. 139, 445, 3389
optimize_test Optimize the test procedure. Changing this to “no” will cause scans to take longer and typically generate more false positives. yes
plugin_upload Designate if admin users may upload plugins. yes
plugins_timeout Maximum lifetime of a plugin’s activity (in seconds). 320
port_range Range of the ports the port scanners will scan. Can use keywords “default” or “all”, as well as a comma delimited list of ports or ranges of ports. default
purge_plugin_db Determines if Nessus will purge the plugin database at each update. This directs Nessus to remove, re-download, and re-build the plugin database for each update. Choosing yes will cause each update to be considerably slower. no
qdb_mem_usage Directs Nessus to use more or less memory when idle. If Nessus is running on a dedicated server, setting this to “high” will use more memory to increase performance. If Nessus is running on a shared machine, settings this to “low” will use considerably less memory, but at the price of a moderate performance impact. low
reduce_connections_on_congestion Reduce the number of TCP sessions in parallel when the network appears to be congested. no
report_crashes Anonymously report crashes to Tenable. yes
When set to yes, Nessus crash information is sent to Tenable to identify problems. Personal nor system-identifying information is sent to Tenable.
rules Location of the Nessus Rules file (nessusd.rules). C:\ProgramData\Tenable\Nessus\conf\nessusd.rules
safe_checks Safe checks rely on banner grabbing rather than active testing for a vulnerability. yes
silent_dependencies If enabled, the list of plugin dependencies and their output are not included in the report. A plugin may be selected as part of a policy that depends on other plugins to run. By default, Nessus will run those plugin dependencies, but will not include their output in the report. Setting this option to no will cause both the selected plugin, and any plugin dependencies to all appear in the report. yes
slice_network_addresses If this option is set, Nessus will not scan a network incrementally (, then, then, and so on) but will attempt to slice the workload throughout the whole network (e.g., it will scan, then, then, then, and so on). no
ssl_cipher_list Nessus only supports ‘strong’ SSL ciphers when connecting to port 8834. strong
stop_scan_on_disconnect Stop scanning a host that seems to have been disconnected during the scan. no
stop_scan_on_hang Stop a scan that seems to be hung. no
throttle_scan Throttle scan when CPU is overloaded. yes
www_logfile Location where the Nessus Web Server (user interface) log is stored. C:\ProgramData\Tenable\Nessus\nessus\logs\www_server.log
xmlrpc_idle_session_timeout XMLRPC Idle Session Timeout in minutes. Value defaults to 30 minutes. If the value is set to zero (0), the default value of 30 minutes will still apply. There is no maximum limit for this value. 30
xmlrpc_listen_port Port for the Nessus Web Server to listen to (new XMLRPC protocol). 8834