The Nessus vulnerability scanner is a free, open-source tool used to detect known vulnerabilities on many different network devices, systems, and services. Some examples of systems that it can test are Microsoft operating systems, IIS web servers, many different flavors of UNIX and applications/servers that run on them, and even switches and routers. It classifies the problem as high, medium, or low risk and gives an overview of the impact of the vulnerability. One of the best features of this scanner is that in the output, it includes links to solutions or patches, or instructions for fixing the problem.The vulnerability tests are developed and written by a large community of users and you can even create your own tests with NASL (Nessus Attack Scripting Language). The security vulnerability database is updated daily with tests for new security holes.

Nessus uses a client-server architecture. The server performs the attacks and tests and you connect to it and control it with a front-end client. The server runs on POSIX systems (UNIX). Clients are available for Win32 platforms, UNIX machines, or as a Java client(no longer under active development). There is also a command line interface on the server that can be used to regularly schedule scans. There are clients available for both platforms which support encrypted connections between the client and server. Results from the scans can be saved to a database or saved as plain text, PDF, or HTML.

Nessus user accounts can be made on the server and can be limited by rules. Users can be limited to what subnets or IP addresses they can scan.

I hope to make this tool available to network managers to use themselves by assigning accounts. I also plan to offer automatic, regularly scheduled scans to those who want them. To start, I will take requests for accounts and requests for initial scans so that everyone doesn't inundate the server at once. A scan of one machine with all of the plugins enabled (if you don't know what type of machine you are scanning) can take 30 minutes. I can perform the initial scan and return the results and the new account at one time. If we find that the load is too much for the machine the nessus server is installed on, we will try to find a different machine(s) to run it on. The current machine is also used for several other things as well and we can't interfere with those.

I recommend the nessusWX client or the WinNessus client for Windows machines, as they use encryption.

NessusWX is on http://www.securityprojects.org/nessuswx

WinNessus is on ftp://ftp.nessus.org/pub/nessus/nessus-1.0.9/Windows/

For UNIX, get and compile the source code from http://www.nessus.org/posix.html