Nessus

A superb tool to start your first vulnerability scans with

Nessus
(Image: © Tenable)

TechRadar Verdict

Nessus is an excellent, extensible, and easy-to-use web security scanner that comes with a solid but somewhat limited freemium edition. It’s also supported by a committed community of developers that are coming up with new plug-ins without a break.

Pros

  • +

    7-day free trials with all paid plans

  • +

    Custom reporting

  • +

    Highly intuitive and insightful UI

  • +

    The false positive rate is pretty low

  • +

    Risk-based vulnerability prioritization

Cons

  • -

    Slow scanning

Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

Shielded by one of the top web security scanners, you can confront all sorts of cyber threats while staying on the safe side of the internet. With most of them, you can do this without blowing your budget but only with a handful of scanners you can get a solid vulnerability-scanning solution without spending a single penny - Nessus is one of those.

Nessus came into existence as a part of the Nessus Project that started in 1998 and was presented by Renaud Deraison, a cybersecurity expert and co-founder of Tenable, the brand behind Nessus. The main motivation behind this project was to provide the internet community with a cost-free, remote security scanner.

However, in 2005 Nessus was turned from free, open-source software into a proprietary, close-sourced solution. Fortunately, to stay ahead of its competitors, Tenable now offers both free and paid Nessus plans.

Tenable is a US-based cyber exposures company with headquarters in Columbia (Maryland. the USA). Over 40,000 organizations around the world are putting their trust in their security solutions as we write. 

Tenable’s official site isn't particularly original but benefits from a clear-cut design and creates a user-friendly experience. It features an official blog that seems enthusiastically updated with new content.

To find out a bit more about Tenable, you can follow them on Facebook, Twitter, LinkedIn, and YouTube.

Nessus

(Image credit: Tenable)

Plans and pricing

Nessus web security scanner comes in three editions: “Nessus Essentials” (previously known as “Nessus Home”), “Nessus Professional” and “Nessus Expert”. Out of the three, only “Nessus Essentials” comes completely free of charge. Once you acquire and apply the activation code you’ll be able to use Nessus’ fermium edition as long as you need.

If you’re a professional user and willing to pay pots of money, you should consider “Nessus Professional” for it will cost you €3,875.71 ($3,795) per year. You can choose between an annual, biennial, and triennial billing cycle, and the longer your subscription - the more money you’ll save in the long run.

Last but not least is “Nessus Expert” and it’s an enterprise-level security solution that will set you back for €8,563.14 ($8,391) per year. It offers two add-ons: “Advanced Support” and “On-Demand Training”, and both are pretty pricey. 

If you want to try out the paid plans without spending a single penny, you can do it for 7 days thanks to 7-day free trials. 

Supported payment methods with Tenable include all major credit/debit cards (including Visa, MasterCard, and American Express) as well as PayPal, Google Pay, Amazon Pay, Apple Pay, and Shop Pay.

Nessus

(Image credit: Tenable)

Features and functionality

Nessus works wonderfully on a wide variety of operating systems (OS’) including Windows (versions 7, 8, and 10), SUSE Linux, Ubuntu, Debian/Kali Linux, Fedora, FreeBSD, macOS X, Red Hat/CentOS/Oracle Linux, and Windows Server (2008 and 2012). The Windows version runs both on 32-bit and 64-bit systems.

Nessus users also have a couple of versions to choose from, the latest being 10.3.0.

Since “Nessus Essentials” is the free edition of the scanner, it comes somewhat short on features (but not too short). With asset discovery scanning, you’re limited to up to 16 IPs for vulnerability assessment. Also, it’s available for personal use only, offers no compliance/audit checks, and has no scan scheduling capabilities.

However, this is no surprise since this edition is aimed at penniless networking technology students and newcomers overall. It serves as an entry point into the Tenable ecosystem.

There is no limit for usage, so if you want to use the free edition forever, you’re welcome to do so. 

With it, you’ll also gain access to the Nessus training curriculum and become a part of its colorful community. There, you can get plenty of useful tips and tricks from more experienced users and extend your Nessus with plug-ins (coded in NASL). While most of them come with a price tag, there are a few fine free plug-ins from the community.

With both paid plans you’ll get to utilize unlimited IT assessments, configuration assessments, customizable real-time reports, and support from the Nessus community. “Nessus Expert” will throw in a few more features such as external attack surface scanning, an ability to add domains, scan cloud infrastructure, and 500 pre-built scanning policies.

Nessus

(Image credit: Tenable)

Interface and ease of use

To start with Nessus, pick out one of the plans (let’s say “Nessus Essentials'') and provide a few pieces of your personal information including your full name and your business e-mail address. After that, tap into the “Get Started” button and wait for an e-mail with your one-time activation code.

In addition to the code, you’ll get a link to the download page, where you’ll be prompted to pick the version of Nessus you wish to utilize - so, select your OS as well as the version of the scanner.

The e-mail you got from Nessus also contains a step-by-step guide for all versions, so make sure to check it. Also, don’t forget about the activation code you got since this is where it comes into play.

Nessus user interface (UI) is incredibly intuitive and insightful, so we didn’t lose our way as we so often do. To perform your fists scan, go to the top menu and click on “Scans” and then select the “New Scan” option in the upper-right corner.

After this, choose the scan template you want to use - that is, the pre-configured settings for that type of scan. Although some templates are accessible with paid plans only, we very much appreciated the brief and beginner-friendly description of each template. You can also change the pre-configured scan settings if you so desire.

Once you’ve configured all your settings, you can click on the “Launch” button to start the scan straight away or save the scan and launch it later on.

Thanks to color-coded indicators and customizable viewing options, interpreting scan results is as simple as it gets. These will show you all the scanning targets (under “Hosts”), the list of identified vulnerabilities (sorted by severity), all remediation details, any additional information about the scans, and the list of scans (under “History) sorted by start time, end time, and the scan statuses.

If we had to nitpick, the only fault we could find with Nessus is somewhat slow scanning - however, since we’re using the fermium edition we aren’t exactly complaining.   

All in all, with a simple-to-use UI and superb step-by-step guides Nessus appears to be one of the most user-friendly web security scanners in the industry.

Nessus FAQ

(Image credit: Tenable)

Customer support

Tenable’s technical team can be reached via phone, live chat, e-mail address, and community forum - and it’s available 24/7/365. 

However, if you’re using the free edition you won’t get to enjoy the benefits of so-called advanced support - so, no phone or e-mail support for you. Also, the promised response time is within 24 hours, which isn’t exactly fast.    

If you like to solve issues on your own, Tenable’s self-help options will give you all that you need - you just need to know where to find them since options seem chaotic at first. 

So, for common questions and concerns go to the Nessus FAQ section. For how-to guides and more complex issues, search through Tenable’s official blog, the resource library, and the documentation page, or ask the Nessus community for help instead.

Nessus

(Image credit: Tenable)

Competition

OpenVAS, the leading fork of Nessus, is still an outstanding, open-source alternative to it. While Nessus covers a wider variety of vulnerabilities than its fork, OpenVAS is better for the budget. To be honest, everything OpenVAS can do, Nessus does better, but for a tidy sum.  

Like with OpenVAS, probably the only advantage Probely has over Nessus is its pricing - the business-focused and popular “Pro” plan will cost you €828 ($812) per year, which is a pretty reasonable sum. 

If you have a budget to worry about, Vega web scanner is certainly worth a look. It’s a competent, comprehensive, and completely cost-free tool that can be extended via JavaScript to boot. Unfortunately, it’s geared towards tech-savvy users only.

Final verdict

While Nessus might not be as popular as some of its competitors, it’s more than a worthy challenger in the cybersecurity industry. It offers a wide variety of scans, customizable real-time reports, risk-based vulnerability prioritization, intuitive UI, and plenty of plug-ins provided by its developer community.   

If you don’t mind slightly slow scanning, Nessus is clearly worth checking out. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.