Plugins

As information about new vulnerabilities is discovered and released into the general public domain, Tenable, Inc. research staff designs programs to enable Tenable Nessus to detect them.

These programs are called plugins. Tenable writes plugins in the Tenable Nessus proprietary scripting language called Tenable Nessus Attack Scripting Language (NASL).

Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.

Tenable Nessus supports the Common Vulnerability Scoring System (CVSS) and supports both v2 and v3 values simultaneously. If both CVSS2 and CVSS3 attributes are present, Tenable Nessus calculates both scores. However in determining the Risk Factor attribute, currently the CVSS2 scores take precedence.

Tenable Nessus also uses plugins to obtain configuration information from authenticated hosts, which Tenable Nessus uses for configuration audit purposes against security best practices.

To view plugin information, see a list of newest plugins, view all Tenable Nessus plugins, and search for specific plugins, see the Tenable Nessus Plugins home page.

Example Plugin Information

List of a single host's scan results by plugin severity and plugin name

Details of a single host's plugin scan result

How do I get Tenable Nessus plugins?

By default, Tenable Nessus automatically updates plugins and checks for updated components and plugins every 24 hours.

During the Product Registration portion of the browser portion of the Tenable Nessus install, Tenable Nessus downloads all plugins and compiles them into an internal database.

You can also use the nessuscli fetch —register command to download plugins manually. For more details, see the command line section of this guide.

Optionally, during the Registration portion of the browser portion of the Tenable Nessus install, you can choose the Custom Settings link and provide a hostname or IP address to a server which hosts your custom plugin feed.

How do I update Tenable Nessus plugins?

By default, Tenable Nessus checks for updated components and plugins every 24 hours. Alternatively, you can update plugins manually from the scanner settings page in the user interface.

You can also use the nessuscli update --plugins-only command to update plugins manually.

For more details, see the command line section of this guide.

Tip: To install plugins when Tenable Nessus is offline or air-gapped, see Install Plugins Manually.