About Nessus Plugins
As information about new vulnerabilities is discovered and released into the general public domain, Tenable, Inc. research staff designs programs to enable Nessus to detect them.
These programs are called plugins. Tenable writes plugins in the Nessus proprietary scripting language called Nessus Attack Scripting Language (NASL).
Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.
Nessus supports the Common Vulnerability Scoring System (CVSS) and supports both v2 and v3 values simultaneously. If both CVSS2 and CVSS3 attributes are present, Nessus calculates both scores. However in determining the Risk Factor attribute, currently the CVSS2 scores take precedence.
Nessus also uses plugins to obtain configuration information from authenticated hosts, which Nessus uses for configuration audit purposes against security best practices.
To view plugin information, see a list of newest plugins, view all Nessus plugins, and search for specific plugins, see the Nessus Plugins home page.
Example Plugin Information
List of a single host's scan results by plugin severity and plugin name
Details of a single host's plugin scan result
How do I get Nessus Plugins?
By default, Nessus automatically updates plugins and checks for updated components and plugins every 24 hours.
During the Product Registration portion of the Browser Portion of the Nessus install, Nessus downloads all plugins and compiles them into an internal database.
You can also use the
nessuscli fetch —register command to download plugins manually. For more details, see the Command Line section of this guide.
Optionally, during the Registration portion of the Browser Portion of the Nessus install, you can choose the Custom Settings link and provide a hostname or IP address to a server which hosts your custom plugin feed.
How do I update Nessus Plugins?
By default, Nessus checks for updated components and plugins every 24 hours. Alternatively, you can update plugins manually from the Scanner Settings Page in the user interface.
You can also use the
nessuscli update --plugins-only command to update plugins manually.
For more details, see the Command Line section of this guide.