Recently Viewed Topics
Discovery Scan Settings
The Discovery scan settings relate to discovery and port scanning, including port ranges and methods.
Note: Configuration items that are required by a particular scan or policy are indicated in the Nessus interface.
The Discovery settings include the following sections:
The following tables list by section all available settings. When you select any template other than Advanced Network Scan, the Scan Type setting also appears.
Scan Type
The Scan Type setting appears for all templates that have Discovery settings, except Advanced Network Scan. The options that are available for the Scan Type setting vary from template to template. The following table describes the options that are available per template. If a template is not listed in the table, no Discovery settings are available for that template.
The Nessus user interface provides descriptions of each option.
Note: When Custom is selected, the following sections appear: Host Discovery, Port Scanning, and Service Discovery.
Template | Available Options |
---|---|
Badlock Detection Bash Shellshock Detection DROWN Detection |
Four options are available:
|
Basic Network Scan Basic Web App Scan Credentialed Patch Audit Internal PCI Network Scan Web Application Tests |
Three options are available:
|
Host Discovery |
Five options are available:
|
Malware Scan |
Three options are available:
|
Policy Compliance Auditing |
Two options are available:
|
SCAP and OVAL Auditing |
Two options are available:
|
Host Discovery
By default, some settings in the Host Discovery section are enabled. When you first access the Host Discovery section, the Ping the remote host item appears and is set to On.
The Host Discovery section includes the following groups of settings:
Setting | Default Value | Description |
---|---|---|
Ping the remote host | On |
This option enables Nessus to ping remote hosts on multiple ports to determine if they are alive. When set to On, General Settings and Ping Methods appear. Note: To scan VMware guest systems, Ping the remote host must be set to Off. |
General Settings | ||
Use Fast Network Discovery |
Disabled |
If a host responds to ping, Nessus attempts to avoid false positives, performing additional tests to verify the response did not come from a proxy or load balancer. Fast network discovery bypasses those additional tests. |
Ping Methods | ||
ARP |
Enabled |
Ping a host using its hardware address via Address Resolution Protocol (ARP). This only works on a local network. |
TCP |
Enabled |
Ping a host using TCP. |
Destination ports (TCP) |
built-in |
Destination ports can be configured to use specific ports for TCP ping. This specifies the list of ports that are checked via TCP ping. Type one of the following: built-in, a single port, or a comma-separated list of ports. For more information about which ports built-in specifies, see the knowledge base article. |
ICMP |
Enabled |
Ping a host using the Internet Control Message Protocol (ICMP). |
Assume ICMP unreachable from the gateway means the host is down | Disabled |
Assume ICMP unreachable from the gateway means the host is down When a ping is sent to a host that is down, its gateway may return an ICMP unreachable message. When this option is enabled, when Nessus receives an ICMP Unreachable message, it considers the targeted host dead. This is to help speed up discovery on some networks. Note: Some firewalls and packet filters use this same behavior for hosts that are up, but connected to a port or protocol that is filtered. With this option enabled, this leads to the scan considering the host is down when it is indeed up. |
Maximum number of retries | 2 |
Specifies the number of attempts to retry pinging the remote host. |
UDP |
Disabled | Ping a host using the User Datagram Protocol (UDP). UDP is a stateless protocol, meaning that communication is not performed with handshake dialogues. UDP-based communication is not always reliable, and because of the nature of UDP services and screening devices, they are not always remotely detectable. |
Fragile Devices | ||
Scan Network Printers |
Disabled |
When enabled, Nessus scans network printers. |
Scan Novell Netware hosts |
Disabled |
When enabled, Nessus scans Novell NetWare hosts. |
Scan Operational Technology devices | Disabled | When enabled, Nessus performs a full scan of Operational Technology (OT) devices such as programmable logic controllers (PLCs) and remote terminal units (RTUs) that monitor environmental factors and the activity and state of machinery. When disabled, Nessus uses ICS/SCADA Smart Scanning to cautiously identify OT devices and stops scanning them once they are discovered. |
Wake-on-LAN | ||
List of MAC Addresses |
None |
The Wake-on-LAN (WOL) menu controls which hosts to send WOL magic packets to before performing a scan. Hosts that you want to start prior to scanning are provided by uploading a text file that lists one MAC address per line. For example: 33:24:4C:03:CC:C7 FF:5C:2C:71:57:79 |
Boot time wait (in minutes) |
5 |
The amount of time to wait for hosts to start before performing the scan. |
Network Type | ||
Network Type |
Mixed (use RFC 1918) |
Specifies if you are using publicly routable IPs, private non-internet routable IPs, or a mix of these. This setting has three options:
The default value, Mixed, should be selected if you are using RFC 1918 addresses and have multiple routers within your network. |
Port Scanning
The Port Scanning section includes settings that define how the port scanner behaves and which ports to scan.
The Port Scanning section includes the following groups of settings:
Service Discovery
The Service Discovery section includes settings that attempt to map each open port with the service that is running on that port.
The Service Discovery section includes the following groups of settings: