Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $1,200 per year, which still beats many of its competitors. A free “Home Feed” is also available, though it is limited and only licensed for home network use.
Nessus is constantly updated, with more than 46,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. The open-source version of Nessus was forked by a group of users who still develop it under the OpenVAS name.
For downloads and more information,
visit the Nessus homepage.
We've been using the commercial version, which has been a bit slow. But lately the plugins have become unreliable. detecting a problem one scan that is ignored on the next with no changes done to the server tested. Currently looking for something better.
Not sure what some of the other reviews are talking about. I just installed the Home Feed, and was able to scan IPs off my local network (over the Internet), and had no licensing issues. Great product. Kicked out some nice reports that I can use.
Works alright for scheduled scans; but alternations are clunky and upgrades are painful. We use the enterprise edition. The world needs an easy to use stand-alone desktop edition again for one-off scans.
Apparently Tenable has recently stopped providing trial versions (even though their license agreement still states that they do) and minimal pre-purchase sales support because it was apparently taking up too much of their time. Still, when I queried about IOS XR support, I got a lot of run around and misdirection. IOS XR is not supported in case that matters to you. Even more disconcerting, for their plugins that indicate were for IOS XR, I checked the code of two of them and they do not obtain IOS XR version info or contains the affected versions in the matching statement. Finally, support from the sales organization was less than helpful and let us with a very bad impression. The only good thing I can say about Nessus is it's current lack of pricing per IP, which separates it from other functionality equivalent products, which greatly affects us because of our particular market.
Used Nessus for many years, usually the home feed. Lately, they changed the rules on the homefeed that makes it impossible to scan systems not on a LAN. Only private networks are allowed now. This made the program useless to me. Too bad, it was wonderful. Am moving to something else now.
This is and awesome product. We use it all the time a great up to date vulnerability database.
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).