TOC & Recently Viewed

Recently Viewed Topics

Plugin Settings Section

The Plugin Settings section allows the user create custom plugins and also to enable and disable existing plugins and PASLs.

The Plugin Settings section contains the following subsections:

  • Plugin Management: displays a list each of enabled and disabled plugins, respectively, the options to move plugins between those lists, and the option to delete custom plugins.
  • PASL Management: displays a list each of enabled and disabled PASLs, respectively, and the options to move PASLs between those lists.
  • Create Custom Plugin: displays options for creating custom plugins and creating new plugin fields.

The following table provides a brief summary of each plugin field available for creating custom plugins.

Custom Plugin Field Purpose


Unique numeric ID of the plugin.


Name of the plugin. The plugin name should start with the vendor name.


Full text description of the vulnerabilitiy.


Brief description of the plugin or vulnerability.


Remediation information for the vulnerability.

See Also

External references to additional information regarding to the vulnerability.


Info, Low, Medium, High, or Critical risk factor.

Plugin Output

Displays dynamic data in PVS plugin reports.


Family to which the plugin belongs.


Other dependencies required to trigger the custom plugin.


Prevents a plugin from being evaluated if another plugin has already matched. For example, it may make sense to write a plugin that looks for a specific anonymous FTP vulnerability, but disable it if another plugin that checked for anonymous FTP had already failed.

No Output

For plugins that are written specifically to be used as part of a dependency with another plugin. When enabled, this keyword causes PVS not to report anything for any plugin.

Client Issue

Indicates the vulnerability is located on the client side.

Plugin Type

Vuln, realtime, or realtimeonly plugin type.


CVE reference.


Bugtraq ID (BID) reference.


External reference (e.g., OSVDB, Secunie, MS Advisory).


To track compatibility with the Nessus vulnerability scanner, Tenable associates PVS vulnerability checks with relevant Nessus vulnerability checks. Multiple Nessus IDs can be listed under one nid entry such as nid=10222,10223.


Filters the result of discovered vulnerabilities based on their CPE identifier.


This keyword specifies a set of one or more simple ASCII patterns that must be present in order for the more complex pattern analysis to take place. The match keyword gives PVS a lot of its performance and functionality.


Specifies a complex regular expression search rule applied to the network session.


Revision number associated with custom plugin.

Raw Text Preview

A preview of the custom plugin in raw text. Example of a custom plugin created to find a IMAP Banner of Tenable Rocks:


name=IMAP Banner

description=An IMAP server is running on this port. Its banner is Tenable Rocks




match=server ready

regex=^.*OK.*IMAP.*Tenable Rocks

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.