Nessus (Software)
Nessus is a network vulnerability scanner and for Linux, Unix, Windows and Mac OS X. It is based on the client - server principle, which means that on a computer the Nessusserver ( nessusd ) is started and then one is with one or more clients from either the local or a remote computer can connect. This is ensured by SSL certificates and passwords.
With the start of the server automatically loads the plug-ins. With these plug-ins can be several vulnerabilities of the operating system or the services that are running on the host to be scanned to find. The plug-ins are created in the Nessus own scripting language " Nessus Attack Scripting Language" ( NASL ).
With the help of the client program to connect to get it to the server and sets a session in which you can plug-ins, the destination host, and other settings edit or change. If the scanning was performed on a host, the Nessus client provides an overview of the open ports (which makes Nessus scan the ports with nmap ) and eventually found security flaws.
License
In October 2005 it was announced that the project standing before under the GPL will be further developed in the future under a proprietary license. As of version 3.0, Nessus is thus no longer freely available.
To continue to provide a free scanner available, the Project OpenVAS has formed, which on the last free version (2.2) is put on the scanner and further develop this.
The Federal Office for Security in Information Technology had an open-source software under the name BOSS (BSI Security Suite OSS ) developed that built essentially on the security scanner Nessus, but then created a BOSS and recommended OpenVAS.