Plugins

Some Tenable Nessus templates include Plugin options.

Plugins options enable you to select security checks by Plugin Family or individual plugins checks.

For more information on specific plugins, see the Tenable plugins site. For more information on plugin families, see About Plugin Families on the Tenable plugins site.

Note: When you create and save a scan or policy, it records all the plugins that you select initially. When Tenable Nessus receives new plugins via a plugin update, Nessus enables the new plugins automatically if the family they are associated with is enabled. If the family was disabled or partially enabled, Nessus also disables the new plugins in that family.

Plugin Families

Clicking on the Plugin Family allows you to enable (green) or disable (gray) the entire family. Selecting a family shows the list of its plugins. You can enable or disable individual plugins to create specific scans.

A family with some plugins disabled is purple and shows Mixed to indicate only some plugins are enabled. Clicking on the plugin family loads the complete list of plugins, and allow for granular selection based on your scanning preferences.

Mixed plugin families have a padlock icon that is locked or unlocked.

  • Locked — New plugins added to the plugin family via plugin feed updates are disabled in the policy automatically.

  • Unlocked — New plugins added to the plugin family via plugin feed updates are enabled in the policy automatically.

Click the padlock to lock or unlock the plugin family.

Caution: The Denial of Service family contains some plugins that could cause outages on a network if you do not enable the Safe Checks option, in addition to some useful checks that do not cause any harm. You can use the Denial of Service family with Safe Checks to ensure that Tenable Nessus does not run any potentially dangerous plugins. However, Tenable recommends that you do not use the Denial of Service family on a production network unless scheduled during a maintenance window and with staff ready to respond to any issues.

View Plugin Output Details

Selecting a specific Plugin Name shows the plugin output that you would see in a report.

The plugin details include the information described in the following table. Some plugins do not provide all the listed information.

Section Description
Synopsis View an overview of the plugin.
Description View a detailed description of the plugin and its related vulnerability.
Solution View the plugin vulnerability's solution.
See Also View security advisories related to the plugin.
Plugin Information

View the following plugin information:

  • ID — The plugin's numeric ID.

  • Version — The plugin's current version.

  • Type — The plugin's type, which specifies how the plugin operates when run by a scanner.

    • remote — The plugin does not attempt or require authentication to the local host. Instead, it remotely collects information through banner checks, testing for a patch, or exploiting a vulnerability. Some plugins may attempt to sign in to a service, but do not require local host credentials.

    • local — The plugin authenticates to a target through a service (for example, SMB or SSH) and extracts information.

    • combined — The plugin collects information via remote and local checks. If local checks are unavailable, the plugin still gathers what it can from the remote checks within the plugin.

    • settings — The plugin defines one or more settings used by other plugins throughout the scan.

    • summary — The plugin summarizes data collected by other plugins.

    • third party — The plugin runs a third-party application (for example, nmap).

    • reputation — Uses a third-party reputation service.

  • Published — The date on which the plugin was published.

  • Modified — The date on which the plugin was last modified.

Risk Information

View the plugin's following vulnerability risk information:

  • Vulnerability Priority Rating (VPR) — The vulnerability's numeric VPR rating. For more information about VPR, see CVSS Scores vs. VPR.

  • Exploit Prediction Scoring System (EPSS) — The vulnerability's numeric EPSS rating.

  • Risk Factor — The vulnerability's VPR severity level. For more information about VPR, see CVSS Scores vs. VPR.

  • CVSS v4.0 Base Score — The vulnerability's base CVSS v4.0 score. A vulnerability's base score is determined when the vulnerability is initially discovered and does not change over time.
  • CVSS v4.0 Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v4.0 base score.

  • CVSS v4.0 Temporal Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v4.0 temporal score.

  • CVSS v4.0 Temporal Score — The vulnerability's temporal CVSS v4.0 score. Temporal scores, unlike base scores, are updated over time based on activities conducted both by software vendors and hackers.

  • CVSS v3.0 Base Score — The vulnerability's base CVSS v3.0 score. A vulnerability's base score is determined when the vulnerability is initially discovered and does not change over time.

  • CVSS v3.0 Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v3.0 base score.

  • CVSS v3.0 Temporal Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v3.0 temporal score.

  • CVSS v3.0 Temporal Score — The vulnerability's temporal CVSS v3.0 score. Temporal scores, unlike base scores, are updated over time based on activities conducted both by software vendors and hackers.

  • CVSS v2.0 Base Score — The vulnerability's base CVSS v2.0 score. A vulnerability's base score is determined when the vulnerability is initially discovered and does not change over time.

  • CVSS v2.0 Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v2.0 base score.

  • CVSS v2.0 Temporal Vector — A textual representation of the metric values used to determine the vulnerability's CVSS v2.0 temporal score.

  • CVSS v2.0 Temporal Score — The vulnerability's temporal CVSS v2.0 score. Temporal scores, unlike base scores, are updated over time based on activities conducted both by software vendors and hackers.

  • IAVM Severity — The vulnerability's Information Assurance Vulnerability Management (IAVM) severity level.

Vulnerability Information

View the plugin's following vulnerability information:

  • CPE — The plugin's Common Platform Enumeration (CPE).

  • Exploit Available — Specifies whether there is currently a publicly known exploit available against the plugin.

    If there are exploits available, Tenable Nessus lists the exploits in the Exploitable With subsection.

  • Exploitability Ease — Specifies how exploitable the plugin is.

  • Patch Published — Specifies the last date on which there was a patch published for the plugin.

  • Vulnerability Published — Specifies the last date on which the plugin's vulnerability became publicly known.

Reference Information View the plugin's related reference material (CVE, CWE, CERT, IAVA, BID, SECUNIA, or other related information).

To view more detailed information about the plugin, search for the plugin on the Tenable Plugins website.

Note: When viewing plugins on the Tenable Plugins website, some plugins are documented with the following note: "Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number." This note means that Tenable does not have a complete resolution for the plugin's vulnerability and must manually validate whether the vulnerability is resolved.