Get Full Visibility Into Your Vulnerabilities!

Nessus

Nessus

  -  Trial
  • Latest Version

    Nessus 10.8.3 LATEST

  • Review by

    Michael Reynolds

  • Operating System

    Windows 7 / Windows 7 64 / Windows 8 / Windows 8 64 / Windows 10 / Windows 10 64 / Windows 11

  • User Rating

    Click to vote
  • Author / Product

    Tenable, Inc. / External Link

Nessus was built from the ground-up with a deep understanding of how security practitioners work. Every feature in Nessus for Windows PC is designed to make vulnerability assessment simple, easy, and intuitive. The result: less time and effort to assess, prioritize, and remediate issues. The assets and vulnerabilities on your network are constantly changing. Getting a full picture of your network is half the battle. Trust the #1 vulnerability assessment software to help you stay a step ahead of attackers.

Note: Get a 15% DISCOUNT using our exclusive coupon: filehorse15

Out of the box, pre-configured templates are included for a range of IT and mobile assets - from configuration audits to patch management effectiveness - to help you quickly understand where you have vulnerabilities. Nessus Vulnerability Scanner includes more than 450 compliance and configuration templates to audit configuration compliance against CIS benchmarks and other best practices.



Easily create reports based on customized views, including specific vulnerability types, vulnerabilities by the host, or by the plugin. Create reports in a variety of formats (HTML, CSV, and .nessus XML) and easily tailor reports by team or client which can be emailed with every scan.

Live Results automatically performs an offline vulnerability assessment with every plugin update, showing you where you may have vulnerabilities based on your scan history. From here you can easily run a scan to validate the presence of the vulnerability which accelerates the accurate detection and prioritization of issues.

Similar issues or categories of vulnerabilities are grouped together and presented in one thread, simplifying the time to research and prioritize issues for remediation. Snoozing lets you select specific issues to disappear from view for a specified period of time. So you only focus on the issues that matter at that time.

It identifies the vulnerabilities that need attention with high-speed, accurate scanning and minimal false-positives. Tenable researchers leverage extensive intel sources, providing plugins that deliver timely protection from the latest threats. 47,000+ CVEs – the most in the industry. Tenable Nessus app scans more technologies and uncovers more vulnerabilities than competing solutions. Cost-effective for any consultant or team, It provides complete vulnerability scanning with unlimited assessments for one low price.

Features and Highlights
  • A complete analysis of your security level
  • Up-to-date security vulnerability database.
  • Security checks database is updated on a daily basis, and all the newest security checks are available here and can be retrieved with the command nessus-update-plugins. An RSS feed of all the newest security checks allows you to monitor which plugins are added and when.
  • Remote and local security.
  • Traditional network security scanners tend to focus on the services listening on the network - and only on these. Now that viruses and worms are propagating thanks to flaws in mail clients or web browsers, this conception of security is getting outdated.
  • Elegant architecture
  • Extremely scalable
  • It has been built so that it can easily scale down to a single CPU computer with low memory to a quad-CPUs monster with gigabytes of RAM. The more power you give to the app, the quicker it will scan your network.
  • Plug-ins
  • Each security test is written as an external plugin, written in NASL. This means that updating It does not involve downloading untrusted binaries from the internet. Each NASL plugin can be read and modified, to better understand the results of a report.
  • NASL
  • The Security Scanner includes NASL, (Nessus Attack Scripting Language) a language designed to write security tests easily and quickly. NASL plugins run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner.
  • Others
  • Smart service recognition
  • It does not believe that the target hosts will respect the IANA assigned port numbers. This means that it will recognize an FTP server running on a non-standard port (ie: 31337), or a web server running on port 8080. Nessus is the first vulnerability scanner for PC on the market to have implemented this feature for all the security checks (and has been copied by many since then).
  • Multiples services
  • If a host runs the same service twice or more, It will test all of them. Believe it or not, several scanners on the market still consider that a host can only run one server type at once.
  • Full SSL support
  • It has the ability to test SSLized services such as https, smtps, imaps, and more. You can even supply the app with a certificate so that it can integrate into a PKI-field environment. Once again, It was one of the first security scanners on the market to provide this feature.
  • Non-destructive or thorough
  • It gives you the choice between performing a regular non-destructive security audit on a routine basis, or to throw everything you can at a remote host to see how well it withstands attacks from intruders. Many scanners consider their users to be too inexperienced to make that kind of choice and only offer them to perform "safe" checks.
  • The biggest user base
  • The most pessimistic computations, based on the number of downloads every day, give the app at least 50,000 users worldwide, but there might be even more - after all, Nessus is downloaded over 2,000 times every day!
  • Our huge user base allows us to get the best feedback regarding security checks - and therefore to offer security checks which are reliable, nondestructive, and not prone to false positives.
Note: 7 days trial version.

  • Nessus 10.8.3 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

    Nessus 10.8.3 Screenshot 1
  • Nessus 10.8.3 Screenshot 2

What's new in this version:

Nessus 10.8.3
The following are security updates included in Tenable Nessus 10.8.3:
- Updated OpenSSL to 3.0.15
- Updated libexpat to 10.6.3
- For more information, see the Tenable Product Security Advisory

Upgrade Notes:
- Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners versions 10.4.0 and later
- If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
- You can upgrade to the latest version of Tenable Nessus from any previously supported version
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version


Nessus 10.8.2
- Fixed a defect that caused Tenable Nessus to inappropriately apply severity mappings to compliance results


Nessus 10.8.1
- Fixed an issue where specifying a list of ports including "default" would cause a parsing failure and prevent the scan from launching


Nessus 10.8.0
New Features:
The following are the new features included in Tenable Nessus 10.8.0:
- Tenable Nessus now supports CVSSv4 and EPSS scoring for vulnerability findings. You can view CVSSv4 and EPSS scores in the plugin output details and use both scores to filter scan results.
- You can now use Tenable Nessus Manager to create and manage agent profiles in the new Sensors > Agent Profiles menu. You can use agent profiles to apply specific product versions to groups of linked agents.
- A new offline mode is now available to Tenable Nessus Professional and Tenable Nessus Expert users with limited internet connectivity
- Tenable Nessus now decorates scan results with a scan type to allow you to differentiate scans

Changed Functionality and Performance Enhancements:
The following enhancements are included in Tenable Nessus 10.8.0:
- The import-certs CLI command now supports importing server chains
- Compliance plugin names are no longer truncated in the Tenable Nessus user interface
- Added support for importing unencrypted scan databases
- Added support for IMDSv2 for BYOL scanners in AWS
- Tenable Nessus now streams plugin and product updates to disk when downloading instead of buffering in memory
- Tenable Nessus now uses only the hostname and port to track against WAS licenses instead of the full URL. For example, all of the following now count for a single license FQDN rather than three

Fixed:
- Fixed an issue that caused the user icon in the Tenable Nessus user interface to disappear when you reduce the screen width
- Improved performance when launching an Advanced Dynamic Scan
- Fixed a scan permission issue related to scan attachments
- Updated Tenable Nessus scanners connected to Tenable Security Center so that the policy file is deleted once a new scan is created. This ensures that policy files do not accumulate on the scanner.
- Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused an entire plugin family to be enabled when only a few of the family's plugins were enabled in the scan policy
- Fixed an issue in Tenable Nessus scanners connected to Tenable Security Center that caused repeated plugin compilations
- Fixed a issue where node restarts make the Last Connect value unreliable for both online and offline agents, which could potentially cause issues with automatic unlinking
- Fixed an issue where compliance findings were being included in vulnerability sections of reports
- Nessus will no longer drop the trailing / from URLs being targeted in WAS scans.
- Fixed an issue where Web App Scanning (WAS) authentication credentials were not passed correctly to the WAS Docker container.
- Fixed an issue where compliance reports were showing the wrong vulnerability level


Nessus 10.7.4
- Enhanced nessus-service logging on Windows in cases where nessus-service terminates unexpectedly

Fixed:
- Improved the user input for some text boxes in the web application scanning configuration, allowing comma separation, new lines, and spaces
- Fixed an issue where improper JSON input was being sent to the web application scanning container


Nessus 10.7.3
The following are security updates included in Tenable Nessus 10.7.3:
- Addressed a vulnerability that allowed low-privileged users to exploit a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability during the Windows Tenable Nessus installation process
- Addressed a vulnerability in which the Windows Tenable Nessus setup process could have failed to set proper access rights for the installation folder if you chose a custom installation path during installation
- Tenable Vulnerability Management FedRAMP environments support Tenable Nessus scanners version 8.x and 10.4.0 and later
- If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com
- You can upgrade to the latest version of Tenable Nessus from any previously supported version
- If your upgrade path skips versions of Tenable Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes
- If you want your scanners to update to the newest version before the GA date automatically, set your Tenable Nessus Update Plan to Opt in to Early Access releases
- If you want to update your scanners to the latest version before the GA date manually, disable automatic updates so the scanner does not automatically downgrade to the previous version


Nessus 10.7.2
- Optimized the evaluation of Tenable Nessus scanning rules to improve scan times for scans in which a rule specifies a hostname
- Improved error handling under low memory conditions to increase scanner stability


Nessus 10.7.0
- Change log not available for this version


Nessus 10.6.4
Fixed:
- Improved error handling and retries of scan report exports to Tenable Security Center


Nessus 10.6.3
- Fixed a local privilege escalation bug
- Improved the URL parsing when running web application scans against internal hosts


Nessus 10.6.2
Security Updates:
The following are security updates included in Tenable Nessus 10.6.2:
- Fixed a local privilege vulnerability
- Fixed an issue that caused file name integer overflow in zlib 1.3
- Updated OpenSSL to version 3.0.12

Fixed:
- Fixed an issue that affected report exports generated from scans with names containing characters that are unsupported by file systems
- Fixed an issue where Tenable Nessus rules would incorrectly reject outbound TCP connections when a rule specifies a host name
- Fixed a scan permissions issue in the scan configuration user interface
- Fixed an issue that sometimes caused scanner instability when verifying credentials using OCSP


Nessus 10.6.1
Fixed:
- an issue in which Tenable Nessus used excessive system memory while processing large scan DBs
- an issue that caused plugin output to not show in compliance scans
- plugin forking misbehaviors that caused excessive memory usage
- Fix an installation failure issue that would occur when updating Tenable Nessus from 10.5.4 to 10.6.0 via msiexec


Nessus 10.6.0
New:
- Tenable Nessus Expert now supports web application scanning
- You can now configure the number of days that Tenable Nessus Manager retains scans


Nessus 10.5.4
- Improved the processing of known_CA.inc during plugin updates
- Updated OpenSSL to 3.0.10

Fixed:
- an issue in which the Extended Migration tab would load indefinitely
- an issue that caused a cluster child node to restart every hour


Nessus 10.5.3
- Updated OpenSSL to 3.0.9


Nessus 10.5.2
- Updated libxml2 to 2.11.1
- Updated libxslt to 1.1.37


Nessus 10.5.1
Fixed:
- the logic that Nessus plugins use to determine whether ports are open or closed before portscanning
- an issue where Tenable.sc-managed scanners were not communicating with Tenable.sc during setup
- an issue where agent core updates were not processing on Nessus Manager


Nessus 10.5.0
New Features:
- Added Docker support for Tenable.sc-managed scanners. For more information, see Deploy Nessus as a Docker Image.
- Added the ability to save custom filter configurations. For more information, see Search and Filter Results.
- Improved the activation workflow of purchased products. Activating previously purchased products is now easier. For more information, see Configure Nessus.
- Expanded VPR for Nessus Professional and Nessus Expert
- Updated the Nessus Manager Sensors tab to show agent UUIDs
- Enhanced Attack Surface Discovery results filtering so that you can filter by all result columns
- Added the ability to export Attack Surface Discovery scan results

Changed Functionality and Performance Enhancements:
The following enhancements are included in Nessus 10.5.0:
- Improved CA read performance over TLS
- Improved Nessus global DB backup performance
- Added Terrascan.db to the nessuscli backup command

Security Updates:
The following are security updates included in Nessus 10.5.0:
- Updated spin.js to 2.3.2
- Updated datatables.net to 1.13.2
- Updated OpenSSL to 3.0.8

Fixed:
- Updated Nessus to send socket timeouts when the send operation is in the SSL_WANT_READ state
- Reduced Nessus memory use when parsing hostnames
- Fixed a bug that generated the API disabled message
- Added Kanji font support in PDF reports
- Prevented configuration of the default cluster group while plugins are compiling
- Modified the behavior of payload handling to return a 400 error if a payload is not complete
- Modified Nessus to load activation workflow scripts locally to prevent plugin 119811 from flagging tenable.com
- Nessus now backs up default files when you perform a full reset of Nessus.Fixed a PDF page break issue.
- Added the build number to the available Nessus Agent upgrade listing.

Supported Platforms:
Added support for the following operating systems:
- Rocky Linux 9 (x86_64 and AArch64)
- Alma Linux 9 (x86_64 and AArch64)
- Redhat 9 (x86_64 and AArch64)
- Debian 11 (i386 and AMD64)

Removed support for the following operating systems:
- FreeBSD 11 and earlier
- Ubuntu 13.10 and earlier
- SUSE 11 and earlier
- Debian 9 and earlier
- Oracle Linux 6 and earlier
- CentOS 6 and earlier
- Kali 2019 and earlier
- Windows 8 and earlier
- Windows Server 2008 R2 and earlier

Changed Functionality and Performance Enhancements:
The following are changed functionality and performance enhancements included in Nessus 8.15.8:
- Removed the ability to specify a Java executable path from the Nessus user interface to prevent undesired changes. Administrators can now specify a Java executable path with a nessuscli command: nessuscli fix --set path_to_java (for more information, see Fix Commands).
- Fixed an issue that prevented users from using the Tenable migration tool to migrate Nessus 10.4.x licensed scanners to Tenable.io.

Security Updates:
The following are security updates included in Nessus 8.15.8:
- Fixed a local privilege escalation vulnerability


Nessus 10.4.2
Changed Functionality and Performance Enhancements:
The following are changed functionality and performance enhancements included in Nessus 10.4.2:
- Removed the ability to specify a Java executable path from the Nessus user interface to prevent undesired changes. Administrators can now specify a Java executable path with a Nessuscli command: nessuscli fix --set path_to_java (for more information, see Fix Commands).

Fixed:
- Fixed a network socket state that caused Nessus processes to stall in certain circumstances
- Enabled TCP keepalives on certain network connections to shorten Nessus stall times

Security Updates:
- Fixed a local privilege escalation vulnerability


Nessus 10.4.1
The following are security updates included in Nessus 10.4.1:
- Updated OpenSSL to 3.0.7 to address two high-severity security vulnerabilities
- Updated the libexpat library to 2.5.0 to address a security vulnerability

Fixed:
- Increased the Nessus Manager node update payload size


Nessus 10.4.0
New Features:
The following are the new features included in Nessus 10.4.0:
- You can now activate new Nessus Professional and Nessus Expert trials from within the application when you start Nessus for the first time
- Nessus Expert users can now view Terrascan results and generate reports from the Nessus Expert user interface
- You can now log in and perform some operations while Nessus compiles plugins
- You can now manage multiple agents at once by using bulk commands from the Nessus Manager user interface
- Nessus usernames can now contain parentheses — "(" and ")"
- Nessus now has improved log rotation flexibility
- Nessus now supports FIPS mode communications

Nessus now has improved TLS 1.3 support due to the following additions:
- The ChaCha20 stream cipher with the Poly1305 message authentication code
- The Ed25519 and Ed448 digital signature algorithms
- The x25519 and x448 key exchange protocols

Changed Functionality and Performance Enhancements:
The following enhancements are included in Nessus 10.4.0:
- You can now make copies of scan templates
- ASM scan efficiency improvements
- Report queue processing improvements
- Scan note language improvements

Changed Functionality and Performance Enhancements:
The following are security updates included in Nessus 10.4.0:
Updated the following libraries to address several vulnerabilities:
- Updated datatables to 1.12.1
- Updated jquery-ui to 1.13.2
- Updated less.js to 4.1.3
- Updated moment.js to 2.29.4
- Updated select2.js to 4.0.13
- Updated underscore.js to 1.13.4
- Updated zlib to 1.2.13
- For more information, see the Tenable Product Security Advisory
- Fixed an input validation issue for some input fields that relied on client-side validation
- Updated Nessus Manager linking so that linking keys for agents, scanners, and nodes are now different from each other


Nessus 10.3.1
Security Updates:
The following are security updates included in Nessus 10.3.1:
Updated the following libraries to address several vulnerabilities:
- Updated datatables to 1.12.1
- Updated moment.js to 2.29.4
- Updated libexpat to 2.4.9
- Updated libxml2 to 2.10.3
- Updated zlib to 1.2.13

Upgrade Notes:
- If you are upgrading to Nessus Expert from a previous version of Nessus, you must upgrade Nessus to 10.3 prior to performing the Expert upgrade
- Due to the dynamic plugin compilation update, Nessus customers who have custom plugins could experience compilation failures if their plugins do not adhere to the updated standards outlined in the NASL Library Optimization guide. We recommend that customers with custom plugins review this guide and make any necessary updates before updating to Nessus 10.0.x.
- You can upgrade to the latest version of Nessus from any previously supported version
- If your upgrade path skips versions of Nessus, Tenable recommends reviewing the release notes for all skipped versions to learn about new features and bug fixes
- If you want your scanners to automatically update to the newest version before the GA date, set your Nessus Update Plan to Opt in to Early Access releases
- If you want to manually update your scanners to the latest version before the GA date, disable automatic updates so the scanner does not automatically downgrade to the previous version

For Nessus 8.8.0 and later running on Windows, you must install Visual C++ Redistributable for Visual Studio 2015 on the host operating system. The following Windows versions require a minimum Service Pack to be installed:
- Windows 7 SP1
- Windows Server 2008 SP2
- Windows Server 2008 R2 SP1


Nessus 10.3.0
New Features:
The following are the new features included in Nessus 10.3.0:
- Added the new Nessus Expert license and the ability to upgrade to Nessus Expert from the user interface
- Added new Terrascan scanning features to Nessus Expert
- Integrated Bit Discovery into Nessus Expert as a new scan template: Attack Surface Discovery
- Note: The attack surface discovery scan currently has a limit of discovering 375,000 child domains and displaying 2,500 domain results in the default results view. You can view all the scan results by applying filters. Tenable is working to extend the maximum child domain amount for customers with larger sets of exposed child domains.
- Updated OpenSSL to support version 3.0.5
- Updated Tenable.io-linked scanners to support differential plugin updates
- You can now configure trusted certificate authorities (CAs) for individual scans

Changed Functionality and Performance Enhancements:
The following enhancements are included in Nessus 10.3.0:
- Updated the Nessus NASL compiler to stop when it encounters file errors

Fixed:
- an issue where ACAS colors would appear incorrectly
- an infinite loop issue related to certain HTTP requests
- an RDNS lookup issue that affected some Nessus instances


Nessus 10.2.0
New Features:
The following are the new features included in Nessus 10.2.0:
- Added a new Scan Summary tab that highlights important scan data in Nessus Professional
- You can now configure update plans for Nessus Agents linked to Nessus Manager
- BYOL scanners can now add scan targets by Instance ID
- Added details of plugin execution failures to audit trails

Changed Functionality and Performance Enhancements:
- The following enhancements are included in Nessus 10.2.0:
- Added more detailed logging for node scans
- Improved compliance reporting performance by removing description data
- Extraneous data in compliance descriptions is now disabled by default
- Added a preference setting that limits the amount of data generated by compliance plugins

Security Updates:
- The following are security updates included in Nessus 10.2.0
- Updated Zlib to version 1.2.12 to address a medium level vulnerability
- Updated libexpac to version 2.4.8 to address several security vulnerabilities
- Removed Nessus version information from unauthenticated API calls
- Updated jQuery UI to version 1.13.0

Fixed:
- Fixed an issue where custom audit files were not included in user-to-user data transfers
- VPR data loading is now postponed until after an upgrade-driven restart
- Fixed an issue where a database file was incorrectly deleted due to contention
- Fixed an issue where plugins would fail to abort when reaching memory limits in certain environments
- Fixed an issue where agent scan durations were exceeding the scan window setting
- Fixed an issue where a User-Defined Nessus Agent scan would incorrectly save as an Advanced Agent scan
- Fixed an issue where the Nessus Manager dashboard would not change when plugin rules are applied
- Fixed an issue where Web App Scanning scan configuration options were not editable
- Fixed an issue where exported report sections would be incorrectly colored
- Fixed an issue where the report reference text would overlap the surrounding content
- Fixed an issue where linking a Nessus scanner to Tenable.io would fail when designating group memberships


Nessus 10.1.2
The following are the new features included in Nessus 10.1.2:
- You can now install and access Terrascan, a static code analyzer for Infrastructure as Code, on your Nessus Professional or Essentials instance from the new Terrascan page. Terrascan is most commonly used in automated pipelines to identify policy violations before insecure infrastructure is provisioned.

The following are security updates included in Nessus 10.1.2:
- OpenSSL was updated to the latest version 1.1.1n
- For more information, see the Tenable Product Security Advisory


Nessus 10.1.1
- Updated the Nessus Expat library to version 2.4.4 to address security vulnerabilities identified in previous Expat versions


Nessus 10.1.0
- Improved performance and scalability for Nessus Manager clustering

Nessus now supports the following operating systems:
- Oracle Linux 8
- Windows 11
- Windows Server 2022
- Ubuntu 18 for Arm/Graviton2
- Mac 12 (Monterrey)

Changed Functionality and Performance Enhancements:
The following additional enhancements are included in Nessus 10.1.0:
- Updated reports with a consistent look and feel
- Updated debug report with a list view for better ease of use
- Reduced CPU utilization of Nessus when running on Openshift servers
- Nessus now discards the results of a dead target if it becomes unreachable mid-scan when the stop_scan_on_disconnect flag is on
- Updated Nessus to use the latest version of snappy 1.1.7 (a compression agent)
- Updated Nessus to use the latest version of libxml2 2.9.11 (a XML parsing utility)

Security Updates:
The following are security updates included in Nessus 10.1.0:
- Secured underscore.js (a Javascript library) against arbitrary code injections

Fixed:
- memory allocation handling to better handle allocation errors encountered in certain plugins
- a reporting error where multiple vulnerabilities found on a single host were not counted properly
- a reporting user interface problem where the PDF report option was not being presented
- Improved the build process to address an Amazon Linux package signing error.
- a report issue where plugins with risk factor none would cause empty results
- a browser zoom issue where some vulnerability and compliance counts would disappear on the percentage bar
- Updated the scan API documentation to provide required integer values for severity levels.
- Updated Nessus KB article 000001742 to correctly describe the method by which the engine determines that a target host is unresponsive.
- manager web server performance by increasing file upload handling efficiency
- an error where the local scanner database item was inadvertently replaced


Nessus 10.0.2
Changed Functionality and Performance Enhancements:
- To facilitate a rapid response to new and critical security threats, Tenable.io users can now trigger an immediate plugin update on their scanners from the Tenable.io user interface, rather than waiting for the standard 24-hour plugin update cycle.


Nessus 8.15.2
- Nessus has been updated with the latest version of OpenSSL 1.1.1l


Nessus 8.15.1
Changed Functionality and Performance Enhancements:
- Improved scan times by enforcing plugin timeout values. Modified the evaluation order for plugin timeout options to allow for timeout value overrides for all plugins
- Improved plugin compilation speed

Fixed:
- Improved scan times by fixing an issue that caused slow plugin behavior after a plugin timeout
- Fixed an issue with memory usage tracking that could cause plugin aborts and Agent connection issues with large Nessus Manager / Agent deployments


Nessus 8.15.0
Security Updates:
- This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory
- A vulnerability where after an installation occurs and the user runs a repair on the installation, the repair option allows any user to execute the action without admin privileges has been fixed
- Two third-party libraries (SQLitesqlite)were identified as vulnerable and have been updated

New Features:
- Nessus CLI now supports a new command, nessuscli import-certs, to add certificates, validate that they are matching, and place them in the correct directory
- For more information, see Nessuscli in the Nessus User Guide

Changed Functionality and Performance Enhancements:
- Nessus now uses Npcap as a Windows packet capture library, instead of WinPcap, which was discontinued
- The Windows 2008 OS is no longer supported

Implemented multiple improvements for logging:
- A new log file, nessuscli.log, logs all Nessus CLI operations
- Improved logging to show successful and failed scan uploads
- Improved logging for www_server.log to show start, end, and elapsed times for each access to the Nessus web server
- Nessus scanner type added to the log
- pre_sig.txt & post_sig.txt have been combined into other_logs.txt
- Nessus now uses milliseconds timestamps in backend.log
- Added to logs when a scan fails due to missing files instead of ignoring
- Advanced settings of agent scan for "Audit Trail Verbosity" and "Include the KB", settings override the server advanced settings called "agent_merge_audit_trail" and "agent_merge_kb" if disabled to ensure proper function
- A new Advanced Setting, merge_plugin_results, was added to support merging plugin results for plugins that generate multiple findings with the same host, port, and protocol. This setting is recommended to be enabled for scanners linked to Tenable.sc

Fixed:
- an issue where agents would not link after transitioning from Nessus Manager to Tenable.io
- an issue where scheduled scans in Nessus Manager would fail
- an issue where there is a discrepancy in CSV file generated from compliance scan export vs what is shown in the U
- an issue where an IPv6 target scan would fail
- an issue where Nessus would ignore certain rules


Nessus 8.14.0
New Features:
CVSSv2 and CVSSv3 Support: Configurable Severity Base:
- You can choose whether Nessus calculates the severity of vulnerabilities using CVSSv2 or CVSSv3 scores by configuring your default severity base setting. When you change the default severity base, the change applies to all existing scans that are configured with the default severity base. Future scans also use the default severity base. For more information, see Configure Your Default Severity Base in the Nessus User Guide.
- You can also configure individual scans to use a particular severity base, which overrides the default severity base for those scan results. For more information, see Configure Severity Base for an Individual Scan in the Nessus User Guide.
- By default, new installations of Nessus 8.14 or later use CVSSv3 scores (when available) to calculate severity for vulnerabilities. Preexisting upgraded installations from earlier than 8.14 retain the previous default of CVSSv2 scores.

VPR Support for Nessus:
- Vulnerability Priority Rating (VPR), the output of Tenable Predictive Prioritization, is a dynamic companion to the data provided by the vulnerability's CVSS score, since Tenable updates the VPR to reflect the current threat landscape. VPR helps organizations improve their remediation efficiency and effectiveness by rating vulnerabilities based on severity level – Critical, High, Medium and Low. For more information, see CVSS Scores vs. VPR in the Nessus User Guide.
- You can now view a new tab for scan results, Top Threats by VPR, which displays the 10 most severe vulnerabilities as determined by their VPR score. For more information, see View VPR Top Threats in the Nessus User Guide.
- VPR is a dynamic score that changes over time to reflect the current threat landscape. However, VPR Top Threats reflect the VPR score for the vulnerability at the time the scan was run. To get updated VPR scores for vulnerabilities in a scan, re-run the scan.
- To ensure VPR data is available for your scans, enable plugin updates
- Changed Functionality and Performance Enhancements

The following additional enhancements are included in Nessus 8.14.0:
- The Nessus user interface was updated to use more inclusive language
- Nessus backups now include concatenated certificate container .pem files

Security Updates:
- OpenSSL was updated to the latest version 1.1.1k. For more information, see the Tenable Product Advisory

Fixed:
- Fixed an issue with Nessus agent clustering where not all agent results were shown correctly in the UI when under heavy load, due to DB lock and network connection issues.
- Fixed an issue where group settings would not get honored when linking agents to a clustered Nessus Manager
- Fixed an issue where agent scans could get aborted if the node it was linked to performed a plugin update while the scan was active
- Fixed an issue that, in very rare cases, could cause Nessus to crash on the first day of each month when attempting to run scheduled scans
- Corrected the URL displayed for offline Nessus activation to use HTTPS instead of HTTP
- Added UI support for specifying an IPv6 address when configuring a proxy server to link a managed scanner
- Corrected the online API documentation for the /api#/resources/scans/configure to note that the "name" field is required


Nessus 8.13.2
- OpenSSL was updated to the latest version 1.1.1k


Nessus 8.13.1
- Fixed issue on Nessus Manager cluster parent node with processing Agent scan results greater than 2GB


Nessus 8.13.0
- Ability to deploy Nessus as a Docker image for a container – Users can now access an official Docker image for Nessus to deploy as a container. You can run Nessus offline or online, and the deployment includes plugin support
- For more information, see Deploy Nessus as a Docker Image in the Nessus User Guide
- Additional operating system support – Nessus is now supported on Amazon Linux 2 and Apple macOS Big Sur (11)
- Agent Remote Configuration – You can configure some agent settings remotely from Nessus Manager, rather than having to configure the setting directly on the agent
- For more information, see Modify Remote Agent Settings in the Nessus User Guide
- New Predefined Reports for Nessus Professional– Added three new predefined reports for Nessus Professional customers, allowing users to create HTML or PDF reports that preconfigure the most useful summaries for vulnerability management


Nessus 8.12.1
Fixed:
- Note: This release includes a fix for a potential vulnerability. For more information, see the Tenable Product Security Advisory.


Nessus 8.12.0
Changed Functionality and Performance Enhancements:
- Added additional data to the Nessus debug report, to better assist in troubleshooting, including public/non-secret certificate information and license type and features.
- Removed the Scanner tab from the Nessus user interface for all license types except for Nessus Manager.
- In Nessus Manager, linked agents and scanners are now accessed from the new Sensors page in the top navigation bar.

Bug Fixes:
- Fixed an issue with using the "pkg add" command for installation on FreeBSD v11
- Fixed an issue with connections being dropped if Nessus tried to open more than the configured maximum number of concurrent TCP sessions per host for a target
- Fixed an issue where the "last scanned" timestamp for an Agent was updated even if the Agent did not report results
- Fixed an issue where unlinked Agents were sometimes not being deleted from Nessus Manager
- Improved performance of some database queries that were potentially causing Agent merges to fail due to database lock timeouts.
- Fixed a bug with target list enumeration that in rare cases was causing Tenable.io cloud scanners to get in an infinite loop and run out of memory


Nessus 8.11.1
Changed Functionality and Performance Enhancements:
- nessusd.dump Log File Millisecond Timestamps - When the advanced setting logfile_msec is enabled, millisecond resolution is enabled for nessusd.dump log file timestamps. Previously, only the nessusd.messages log file supported this setting
- Added Context for Security Notes - Nessus scan security notes now show the IP address and plugin ID of the target and plugin that produced the note, adding critical context which is useful for debugging
- Duplicate Agent Detection - Nessus Manager detects duplicates agents that have the same MAC address. When the agent setting detect_duplicates is enabled, agents detected as a duplicate automatically unlink and reset its Tenable UUID
- Updated jQuery third party library - Upgraded the version of jQuery used in the online Nessus API documentation, to remove security vulnerabilities reported in the older version

Bug Fixes:
- Added protections to prevent out-of-bounds memory access in the NASL process space
- Added validation checks to the JSON config file used for streamlined scanner deployment
- Fixed an issue causing the session timeout to not be honored when the user was on the Settings > About page
- Added systemd support for Debian/Ubuntu on versions that use systemd over init.d, to address an issue with running as non-root user
- Fixed an issue encountered in Google Chrome where the navigation links were only clickable from the bottom
- Fixed a pagination issue with host discovery scan results when a large number of hosts was returned
- Fixed an issue where Agent scans configured with a 24-hour scan window would miss the next day's launch due to unfinished processing for the current scan
- Updated DB access settings to prevent the possibility of DB corruption on Nessus Manager configured as a Cluster Manager
- Fixed an issue where scanners managed by Tenable.io would not update plugins if a core software update was also pending
- Fixed a race condition that could cause scan results to not be detected as completed, resulting in aborted scan chunks


Nessus 8.11.0
- Change log not available for this version


Nessus 8.10.1
New:
- Added Option to Force Stop a Scan Job - Added the ability to force a scan job to stop

Changed Functionality and Performance Enhancements:
- Increased time window for marking an agent as offline - Improved the determination of when an agent should be considered offline
- Upgraded Nessus to use OpenSSL 1.1.1g
- Streamlined application of large cloud-based exclusion lists to improve scan performance

Bug Fixes:
- Scanners managed by Tenable.io will now support updating plugins from Tenable.io while scans are running. Updated plugins will be applied to new scans, not already-running scans
- Fixed an issue with target scanning access not being enforced consistently for Tenable.io scans
- When a recast rule is used for an emailed report the recast rule was ignored
- Resolved an issue where scans run on the first of the month filled-up the disk space with verbose log detail for certain customers
- When using the "CVSS Vector Contains" filter in Nessus Pro, results did not match the filter
- Email notification for agent scans did not send when clustering is enabled
- For Agent scans in clustered environment, the "plugin_set" value was not available in .nessus exports
- Resolved issue when processing large exclusion lists that caused delays in starting scans
- Exported HTML/PDF did not display enumerated service names
- Agent scan in clustered environment was reporting in pending state rather than running
- Improved the determination of when an Agent should be considered offline
- Fixed an issue where Agent blackout windows were not enforced for Agents in a clustering configuration


Nessus 8.10.0
New Features:
- Backup and Restore Tool - Ability to create Nessus backups that can easily and quickly be restored
- Nessus Upgrade Plan - In Nessus Professional and managed scanners linked to Tenable.io, users can set a Nessus Update Plan that determines the version that Nessus updates to.
- Downgrade Option - Support downgrade to a prior version of Nessus
- Note: Users cannot downgrade to versions prior to 8.10.0
- Slow Rollout - Roll out new Nessus releases to the Tenable Update Server for licensed Nessus Professional and Nessus Manager installations separately from Tenable.io. New Nessus versions will be made GA for Tenable.io-linked scanners to auto-update one week after the GA for the release. The new version will be available on the Tenable Nessus Download page on the GA date, for customers that want to update earlier.
- Predefine Nessus Manager linking key - In Nessus Manager, you can manually set the linking key for Agents and Nessus scanners to help streamline deployments
- Specify scanner groups when linking scanners to Tenable.io - When linking Nessus scanners to Tenable.io using the CLI, you can set the scanner group to which to automatically add the scanner.

Bug Fixes:
- Fixed an issue with Apple IOS MDM Compliance Checks that users were prompted to specify multiple credential types
- Fixed an issue were plugin 10716 caused the scanner to crash
- Fixed issues where high CPU usage was seen during a scan
- High CPU was seen on scan of Linux Server after upgrade to 8.7.2
- Scans aborting in Tenable.io because nessusd process throttles at 99%
- Fixed issues related to scans running longer than normal or not completing
- Nessus scans stuck stopping on scanners from Tenable.sc
- Unofficial External PCI scan never completes
- Tenable.io scan using local scanners is taking days rather than hours
- Tenable.io scan has been "Running" for over 5 days in UI
- External PCI Scan taking a lot longer than usual
- Scan taking longer than it should
- Scans inconsistently ending in 'partial' status due to scanners timing out
- Scans failing to complete


Nessus 8.9.1
New Features:
- Additional SSL cipher options - Additional security by updating our SSL cipher options to take full advantage of OpenSSL 1.1.1
- Additional OS support - Added support for MacOS Catalina (10.15)
- Changed Functionality and Performance Enhancements
- Quality and stability improvements

Bug Fixes:
- Fixed issue where a user errantly receives a SIGABRT when running a large scan
- Fixed issue where SYN Scanner improperly listed ports by first numeral instead of entire port number
- Fixed issue with Scan config defaulting to UTC instead of system timezone
- Fixed issue with settings page not loading after upgrade
- Fixed issue related to poor performance of external PCI scans on AP cloud scanners
- Fixed issue with Dashboard Tab not showing despite being selected in the scan configuration
- Fixed issue related to data filtering of agents
- Fixed issue related to timezone misconfiguration allowing customers to schedule scans in the past
- Fixed issue with not being able to set the agent blackout window using IE 11


Nessus 8.9.0
New features:
- Streamlined Sensor Deployment - Capability to include environmental configuration variables as part of a sensor installation
- For more information, see Mass Deployment Support in the Nessus User Guide

Changed:
- Open SSL v1.1.1 Update - Nessus scanners will leverage OpenSSL v1.1.1 as part of this release
- This causes impact to the ciphers and SSL versions supported. For more information, see the knowledge base article
- Capability for Nessus to support plugin databases greater than 4 GB
- This causes an automatic full recompilation of the plugins upon first startup after upgrade, which may take several minutes

Bug Fixes:
- Fixed issue where a user was unable to login to Nessus using a certificate
- Fixed issue where remediation tab was not being displayed
- Fixed issue where a basic user could not view results in Nessus Manager
- Fixed issue where a scan with a policy with mixed plugin families would not run
- Fixed issue related to upgrading on Windows platforms from earlier versions of Nessus
- Fixed issue with cloud scans aborting


Nessus 8.8.0
New Features:
- Red Hat 8 Support - Nessus now supports Red Hat 8 as a supported host operating system
- Agent key update confirmation - A confirmation prompt now appears when a user a
ttempts to update the Nessus Agent key

Change:
- Log rotation max_files default change - The default value for number of log files retained when rotating logs has changed from 100 to 10. This change applies to backend.log and www_server.log files, and will cause the oldest files to be rotated off if the new maximum is exceeded. Customers can modify the number of log files retained by changing the setting in the log.json file

Bug Fix:
- Fixed an issue where ping doesn't work in a static route network environment
- Fixed an issue where some appliances were consuming their available disk space with logs by reducing the default log rotation Max_Files value to 10
- Fixed an intermittent issue where blackout windows were not enforced by Nessus Manager
- Fixed an intermittent issue where agent policies may have been missing a selected tag
- Fixed a presentation issue in the UI with very long folder names
- Fixed an issue where blackout windows were not enforced immediately after 00:00
- Fixed an issue where an agent unlinked from UI cannot relink from agent CLI
- Fixed an intermittent issue with heartbeats not properly timing out in the NASL recv() function


Nessus 8.7.2
New Features:
- International Character Display: Added ability to properly store and display international characters in Nessus scan results.
Bug Fixes:
- Fixed an issue where Tenable.io linked scanners had intermittent SSL errors if they could not reach ocsp.digicert.com.
 

Nessus 8.7.0
New Features:
- Nessus Manager Clustering Enhancements: Support for agent migration into Nessus Manager clusters is now available. Clustering no longer requires a licensing flag, and is available to be configured for all customers using Nessus Manager for large agent installations.
- Tenable Research News Widget: In Nessus Essentials, RSS feed-based notifications present recent publications from Tenable Research in the UI, providing a live view of the ongoing research and publications of Tenable's cutting-edge Research organization.
- Host Discovery Scan Wizard: New users of Nessus Essentials and Nessus Professional trial are presented with a scan wizard upon first use of the product to walk through the process from host discovery to vulnerability scanning. Now it only takes a couple clicks for new users to create and execute their first scan.
- Licensing transparency for Nessus Essentials and Nessus Professional Trial: A new License Utilization page gives Nessus Essentials and Nessus Professional trial users visibility into the hosts that have consumed their licensed pool of hosts, as well as the length of time before each asset will no longer count against the license.
- Updated Host Discovery Results Page: Refreshed the results page for Host Discovery Scans to present more relevant information. Users can now see port, host, and OS information when available, based on the type of discovery scan performed.
- Launch scans from result set of another scan: Users can now select hosts from one scan result set to open or launch a new scan with those hosts pre-populated as targets.
- Scan templates have been grouped by type: Scan templates have now been grouped by type and will fall into one of the following categories: Discovery, Vulnerability, and Compliance.

Bug Fixes:
- Fixed an issue where all agent filters are removed when removing just one.
- Fixed an issue with Nessus compliance filters returning zero results.
- Fixed an issue where Nessus Manager blackout window was not being enforced.
- Fixed an intermittent issue where a scan ran outside of the scheduled scan time when daylight savings time started.
- Fixed an issue where managed scanners were displaying templates that are only available through Tenable.io.
- Fixed an issue where the re-balance button for clustering was not always responsive on first pass.
- Fixed an issue where disabled scans may not run after being re-enabled.
- Fixed an issue where the unread/read scan(s) indicator in the UI was sometimes incorrect.
- Documented the possible agent status values returned from the Nessus/Agents API in the online API documentation.


Nessus 8.6.0
New Features:
- In-Product Notification Enhancements - Improved expiration notifications by adding call to action, upsell links, and added the ability for users to dismiss them until the next scheduled reminder. Added new dynamic strings to enable future notification functionality. Also added new notification history to allow users to review previous notifications.
- Watermarked reports for Nessus Essentials and Nessus Pro Trials - Added watermarks to exported reports for Nessus Essentials and Nessus Pro evaluations.
- Enterprise Supportability: Scan and Policy Ownership - Our enterprise users of Nessus often have personnel changes that require them to change or remove users from their system. This feature allows administrators to claim ownership of user content.
- Telemetry Enhancements - Added an advanced setting that allows users to opt out of providing telemetry reporting back to Tenable. Telemetry information ensures that users will benefit from more intuitive and useful features and capabilities in future Nessus releases. Please refer to the documentation describing advanced settings for more information.
Bug Fixes:
- Bug Fix Defect ID
- Fixed an issue where users were unable to filter the agent list by IP address in Nessus Manager 00832160
- Fixed an issue with exporting HTML custom reports containing non-standard character sets 00775714
- Fixed an issue where multi-homed machines would not honor the forced source IP command 00801670
- Fixed an issue with scan result filters no longer accepting a comma delimited list of values 00832101, 00833265
- Fixed an issue when attempting to add agents by search results to agent groups 00832160
- Fixed an issue where plugin attributes were no longer included in .nessus files sent to T.sc, by adding a config setting to re-enable the attributes 00840184, 00848793
- Fixed an issue where the scanner health page does not appear to display CPU usage correctly
- Fixed an issue with scan plugin filters
- Fixed an intermittent issue with displaying records in the Vulnerabilities view
- Fixed a number of UI presentation issues
- Fixed typo in the advanced settings for Max HTTP Connections
- Fixed an intermittent issue with Agent 'status' on Agent Detail page is not displaying state correctly
- Fixed an issue where 'Plugin Family' filter is not working as expected and showing "no result found"
- Fixed an issue with agent group deletion work flow
- Fixed an issue where search agent count is not displaying correctly
- Fixed an issue where search functionality wasn't as inclusive as expected
- Fixed an issue where unlicensed scanners show as "expired"
- Updated OpenSSL version to 1.0.2s.
- Fixed a potential issue in XMLRPC API affecting Windows installations