You are here: Features > Scan and Policy Templates > Credentials (Nessus)


By using Credentials, the Nessus scanner can be granted local access to scan the target system without requiring an agent. This can facilitate scanning of a very large network to determine local exposures or compliance violations. As noted, some steps of policy creation may be optional. Once created, the policy will be saved with recommended settings.

Nessus leverages the ability to log into remote Unix hosts via Secure Shell (SSH); and with Windows hosts, Nessus leverages a variety of Microsoft authentication technologies. Note that Nessus also uses the Simple Network Management Protocol (SNMP) to make version and information queries to routers and switches.

The Scan or Policy’s Credentials page, allows you to configure the Nessus scanner to use authentication credentials during scanning. By configuring credentials, it allows Nessus to perform a wider variety of checks that result in more accurate scan results.

Note: By default, when creating credentialed scans or polices, hosts are identified and marked with a Tenable Asset Identifier (TAI). This globally unique identifier is written to the host's registry or file system and subsequent scans can retrieve and use the TAI.

This option is enabled (by default) or disabled in the Advanced -> General Settings of a scan or policy's configuration settings: Create unique identifier on hosts scanned using credentials

There are several forms of authentication supported including but not limited to databases, SSH, Windows, network devices, patch management servers, and various plaintext authentication protocols. For example,

In addition to operating system credentials, Nessus supports other forms of local authentication.

The following types of credentials are managed in the Credentials section of the scan or policy:

  • Cloud Services
  • Database, which includes MongoDB, Oracle, MySQL, DB2, PostgreSQL, and SQL Server
  • Host, which includes Windows logins, SSH, and SNMPv3
  • VMware, Red Hat Enterprise Virtualization (RHEV), IBM iSeries, Palo Alto Networks PAN-OS, and directory services (ADSI and X.509)
  • Mobile Device Management
  • Patch Management servers
  • Plaintext authentication mechanisms including FTP, HTTP, POP3, and other services

Credentialed scans can perform any operation that a local user can perform. The level of scanning is dependent on the privileges granted to the user account. The more privileges the scanner has via the login account (e.g., root or administrator access), the more thorough the scan results.

Note: Nessus will open several concurrent authenticated connections. Ensure that the host being audited does not have a strict account lockout policy based on concurrent sessions.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.