Nessus vulnerability scanner review

The technology impact market research company, Forrester assessed Tenable’s Nessus Vulnerability Scanner as the leading vulnerability risk manager in the world. This is the headline of the Forrester Wave Vulnerability Risk Management report for Q4 2019. A survey by Cybersecurity Insiders discovered that Nessus was the most widely deployed application vulnerability scanner in the world. It has been installed more than 2 million times and is currently working to protect 27,000 businesses around the globe. It has more than 57.000 Common Vulnerabilities and Exposures (CVE) in its dictionary and has the lowest false positive reporting rate in the industry.

With all of these impressive statistics under its belt, you’re probably wondering why you have never heard of the Nessus Vulnerability Scanner.

All about Nessus Vulnerability Scanner

Nessus checks both hardware and software for known vulnerabilities. It watches running processes for abnormal behavior and it also monitors network traffic patterns. Nessus is a sort of firewall/antivirus system, but not quite. Although it has remediation procedures, it isn’t as comprehensive in the solutions section as a typical endpoint protection system would be.

Tenable, Inc began operations in 2002, but Nessus is much older than that. How can a product be older than the company that developed it? The Nessus system was developed by an individual, Renaud Deraison, and first released in 1998. At the time, Deraison was 17. He set Nessus up as an open-source project and lead the community development of the software part-time while pursuing a career in IT during the day.

Controversially, Deraison set up Tenable Network Security to manage the commercial possibility of the Nessus software. Although the development project was community-driven, Deraison owned the copyright of the software. When Nessus 3 was released, the open-source project closed down, taking Nessus fully into the business as a proprietary system. Earlier versions are still available under GNU General Public licenses.

The availability of the source code for Nessus 2 led to the creation of forks, providing rivals to the Nessus system. However, with Nessus, Deraison invented the concept of ‘remote vulnerability scanners’. It went from being the only vulnerability scanner in the world to the leading vulnerability scanner. The move to proprietary ownership prevented Nessus from being completely crowded out by re-labeled copies of its own code.

Tenable is relaxed about the continued existence of the Nessus 2 code and the presence of near copies in the market. Under the GNU licensing system, those copies can’t be sold commercially, only given away. By investing in developing Nessus privately, Tenable has ensured that it keeps ahead of its rivals, both free and paid.

Nessus 3 is a considerable advancement to the previous versions and the hobbyists that produced forks of the code don’t have the resources to fully compete with Tenable.

Tenable history

Tenable was formed in 2002 but didn’t come up with a paid version of Nessus until 2005. The move to put a commercial skin on a free open-source product is not unusual. Many open-source projects have a paid alternative.

The commercial logic behind creating a paid version of free software is that most open source projects don’t attract corporate users. Businesses don’t care about the price of software – it is just an expense and can be written off against tax.

The key need for businesses when considering software acquisition is that it should be reliable and supported. This is where the charging structure of a commercial service added on top of open-source software wins.

By creating a charging service provider that is the definitive owner of Nessus, Deraison ensured the uptake of the Nessus Vulnerability Scanner by the business community. The software may be free, but businesses won’t touch it unless it is fully supported. Offering a support package makes Nessus attractive.

So, there was a good income earner waiting to be picked up without removing the commitment to keep Nessus free. The next logical step along the path to commercialization was to invest in a full-time development team. Community developers are very good at producing software for their own use, but they are blind to its faults and unwilling to overhaul it in the face of requests from business users.

Software, even though it is free can soon become a risk to use because the exploits discovered by hackers don’t get shut down through development and testing. The lack of a development budget would have left Deraison unable to close off exploits, ironically making it a vulnerability scanner with vulnerabilities.

Tenable honors the spirit of its open-source origins by making a free version available. Those who enjoyed having a free Nessus without professional support still have it. The big businesses that are prepared to pay for quality now have that available.

Free and paid Nessus

The history of Nessus and the existence of a free version explain why the software is so successful without having much visibility. It’s 2 million downloads are largely due to its longevity and its free version. Look at the numbers: two million downloads, but only 27,000 businesses using it.

The benefit of all of those free users is that the software has been comprehensively tested in real-world situations. This explains its very high success rate in accuracy. So, the free version helps test the system and also creates familiarity. It is an accessible tool for penniless students in network technology. When they graduate and get out into the workforce, they take their familiarity with the Nessus brand out into the companies that hire them. You won’t see the Nessus name on billboards because Tenable doesn’t need a marketing budget – your intern will tell you about it, download it, and set it up for you.

The three versions of the Nessus Vulnerability Scanner are:

  • Nessus Essentials
  • Nessus Professional

Read more about each option below.

Nessus Essentials

Nessus Essentials is the free version of the scanner. Its scan runs are limited to 16 IP addresses and the tool is aimed at students of networking technology. The website of Tenable makes training sheets available to new users of the system. So, even if you are a business user that intends to go for the paid version, you could start off with Essentials to make sure that you understand the system before recommending it to your boss. Tenable doesn’t restrict the distribution of Nessus Essentials for home use – it’s fine to use it for business.

There is also a Nessus user forum where you can pick up tips from other users. Nessus can be extended by plug-ins. Most of these are charged for, but you can pick up free plug-ins from the community.

Nessus Professional

Nessus Professional is the on-premises version of the two paid versions of the vulnerability scanner. This deal gets you full support, but the software you use is the same as the free versions but without the 16 IP address space cap.

You need to hop up to one of the paid versions to get compliance checks for PCI, CIS, FDCC, and NIST and content audits. Nessus Professional gives you live results in the dashboard and the system sweeps can be scheduled and run repeatedly. You have the choice of accessing the community forums for support or you can send support queries to the Tenable help desk by email.

Nessus Professional is charged for by subscription. However, this is a yearly fee and there isn’t a monthly payment plan. You can buy a multi-year subscription to get discounted rates. The license is available on a 1, 2, or a 3-year subscription. Each period is available with a standard or an advance support plan. The advanced options enable you to contact support technicians via live chat and phone. You can get a 7-day free trial of Nessus Professional.

This is the cloud-based version of Nessus Pro. It only comes with the Advanced support package and it’s charging structure is a little different from the on-premises version. Nessus Professional as the same price no matter how many nodes you want to scan on your network. starts with a base price for 65 nodes but the price increases with the number of nodes you have above that.

Nessus System Requirements

Nessus Essential and Nessus Pro run on Windows, Windows Server, Mac OS, Free BSD Unix, Debian, SUSE, Ubuntu, RHEL, Fedora, and Amazon Linux. The Windows version will run on 32-bit and 64-bit systems.

On-premises users have several releases to choose from with the latest being 8.7.2.


  • Offers a free vulnerability assessment tool
  • Simple, easy to learn interface
  • Little configuration needed, 450+ templates that support a range of devices and network types
  • Includes vulnerability prioritization


  • Offers limited remediation tools and options
  • Could benefit from more integrations into other SIEM platforms

Nessus Vulnerability Scanner’s competitors & alternatives

Nessus is in a peculiar position because it occupies a market niche that it invented itself. Essentially vulnerability scanners are part of the cybersecurity market, so true competitors for this software aren’t just systems that directly identify as vulnerability scanners. For example, most modern next-generation AV systems include vulnerability risk assessment and so qualify as competitors to Nessus.

If you are unsure whether Nessus fits your needs, check out demo’s and trial offers from the following:

  1. Invicti (FREE DEMO) This cloud-based vulnerability scanner specializes in Web application scanning and is a good choice for CI/CD pipeline test automation. Can be downloaded for installation on Windows and Windows Server.
  2. Acunetix (FREE DEMO) This vulnerability scanner is offered in three versions that are suitable for on-demand scanning, scheduled scans, Web application scans, network scanning, and DevOps module verification. Available as a hosted SaaS package or for installation on Windows, macOS, or Linux.
  3. Intruder (FREE TRIAL) A vulnerability scanner and security service for internet-facing systems.
  4. ManageEngine Vulnerability Manager Plus (FREE TRIAL) A vulnerability scanner for operating systems, software, and websites. Installs on Windows and Windows Server.
  5. SecPod SanerNow Vulnerability Management (FREE TRIAL) This vulnerability scanner has a linked patch manager that creates a workflow automation to keep your systems up to date and secure. This is a SaaS platform.
  6. Crowdstrike Falcon a cloud-based AI-driven endpoint protection system that includes vulnerability assessment.
  7. OpenVAS The leading fork of Nessus, which is still free and unlimited.
  8. Metasploit An open-source system vulnerability checker in free and paid versions.
  9. Probely A cloud-based vulnerability scanner for websites.

Although Nessus is excellent at spotting vulnerabilities, it isn’t that great at plugging them up. There are other, more comprehensive tools on the market that represent strong challenges to the dominance of Nessus in its niche market.

Our methodology for selecting a Nessus Vulnerability Scanner alternative

We reviewed the market for vulnerability scanners like Nessus and analyzed tools based on the following criteria:

  • Options for automated or on-demand scanning
  • Continuous testing tools that can be used for development
  • Vulnerability managers that link to or include patch management
  • A link to a global intelligence database
  • Compliance auditing options
  • A free trial or a demo service that enables you to test the tool before committing to buy
  • Value for money from a comprehensive and reliable tool that is offered at a reasonable price

With these selection criteria in mind, we identified vulnerability scanning systems that match or exceed the functionality offered by Nessus.


This vulnerability scanner is a specialist tool for Web vulnerability assessments. Invicti will scan websites for known vulnerabilities and it can also examine the modules that lie behind APIs. This system is widely used for a continuing test environment in DevOps CI/CD pipelines. It is also available as an on-demand vulnerability scanning tool. The Invicti system can be accessed as a SaaS service and there is also an option to install it as a software package for Windows and Windows Server. You can check out Invicti by accessing its demo system.


  • Features a highly intuitive and insightful admin dashboard
  • Supports any web applications, web service, or API, regardless of framework
  • Provides streamlined reports with prioritized vulnerabilities and remediation steps
  • Eliminates false positives by safely exploiting vulnerabilities via read-only methods
  • Integrates into dev ops easily providing quick feedback to prevent future bugs


  • Would like to see a trial rather than a demo

Invicti Access FREE Demo


Acunetix is suitable for use in a broad range of scenarios because it is presented in three editions, each of which tailor to suit different purposes. All three versions perform vulnerability scanning for a list of 7,000 weaknesses including the OWASP Top 10. The Standard Edition only offers on demand vulnerability scanning and is a good choice for penetration testers. The Premium Edition is useful for system security hardening because it also performs network vulnerability scanning, with a list of 50,000 known weaknesses. The Enterprise Edition is a good choice for continuous testing in DevOps scenarios. This tool is available as a SaaS platform and it can also be installed on your own hosts running Windows, macOS, or Linux. Check it out by accessing the Acunetix demo system.


  • Designed specifically for application security
  • Integrates with a large number of other tools such as OpenVAS
  • Can detect and alert when misconfigurations are discovered
  • Leverages automation to immediately stop threats and escalate issues based on the severity


  • Would like to see a trial version for testing

Acunetix Access FREE Demo

Intruder (FREE TRIAL)

Intruder is focused on protecting websites and other internet-facing networks. Intruder is hailed for its ease-of-use and excellent vulnerability exposure. It is cloud-based and requires no setup. The scan operates continually, producing live feedback in the online console as well as offering historical data analysis. The graphs shown in the dashboard are simple, stylish and attractive. There are three service plans for Intruder and none of them are free. However, you can get a 14-day free trial.


  • Can perform schedule vulnerability scans automatically
  • Can scan all new devices for vulnerabilities and recommended patches for outdated machines
  • Excellent UI – great over high-level insights and detailed breakdowns
  • Offers human-powered penetration testing as a service


  • Is an advanced security platform that can take time to fully explore
  • No free tier

Intruder Start 14-day FREE Trial.

ManageEngine Vulnerability Manager Plus (FREE TRIAL)

A vulnerability scanner that is bundled in with tools that will automate the steps needed to close down weaknesses that the scanner identifies. It is able to examine on-premises devices and the software that they run and also the services that contribute to the operation and distribution of websites. Like Nessus, Vulnerability Manager Plus has a Free edition. Although this is a restricted version of the package that will only manage up to 25 devices. The two paid versions, professional and Enterprise can be experienced on 30-day free trials.


  • Great for continuous scanning and patching throughout the lifecycle of any device
  • Robust reporting can help show improvements after remediation
  • Flexible – can run on Windows, Linux, and Mac
  • Backend threat intelligence is constantly updated with the latest threats and vulnerabilities
  • Supports a free version, great for small businesses


  • The ManageEngine ecosystem is very detailed, best suited for enterprise environments

ManageEngine Vulnerability Manager Plus Download 30-day FREE Trial

SecPod SanerNow Vulnerability Manager (FREE TRIAL)

SanerNow is a SaaS platform that bundles together security and management tools for IT assets. The package includes an Asset Manager, a Vulnerability Manager, a Patch Manager, an Endpoint Detection and Response system, and a Compliance Manager. This group of functions locates all of your hardware and creates an asset inventory. It then scans each device and collates a software inventory.

The Vulnerability Manager in the SanerNow bundle scans externally and from within the network. It is able to spot configuration weaknesses and out-of-date systems. Any patching requirements get passed on to the automated Patch Manager, which rolls out updates to all outdated systems. SecPod offers a 30-day free trial of the SanerNow platform.


  • Offers security capabilities through a SaaS product, making it easier to deploy than on-premise solutions
  • Features cross-platform support for Windows, Mac, and Linux
  • Can automate asset tracking, great for MSPs who bill by the device
  • Offers ITAM options make it a hybrid security management security solution


  • Better suited for MSPs and larger networks

SecPod SanerNow Vulnerability Manager Start a 30-day FREE Trial

Crowdstrike Falcon

One example of a more comprehensive system that encompasses the functionality of Nessus is Crowdstrike Falcon. This online system crowdsources vulnerability and attack data in order to know what weakness to look for when it scans a system. It covers both hardware and software vulnerabilities and includes very comprehensive remediation procedures that far exceed the capabilities of Nessus. Although there isn’t a free version of Falcon, Crowdstrike does offer it on a 15-day free trial.


  • Doesn’t rely on only log files to threat detection, uses process scanning to find threats right away
  • Combines HIDS, endpoint protection, and vulnerability scanning in a single platform
  • Can track and alert anomalous behavior over time, improves the longer it monitors the network
  • Can install either on-premise or directly into a cloud-based architecture
  • Lightweight agents won’t slow down servers or end-user devices


  • Would benefit from a longer 30-day trial period


OpenVAS is a very close competitor of Nessus and it has stayed true to its origins. A fork of the original Nessus code, it has remained free and open source. OpenVAS avoids the pitfalls of most open-source projects because it is controlled and professionally managed by Software in the Public Interest. The commitment of this non-profit organization prevents the software development effort for OpenVAS from stagnating.


  • Open source transparent tool
  • Has a large dedicated community
  • Completely free


  • No paid support option
  • Enterprises will likely need experienced staff to fully extract value from the platform
  • Has a steep learning curve than similar tools


Metasploit is another open-source project that went commercial when it was taken over by Rapid7. This is a very popular penetration testing tool and it is widely used in the cybersecurity industry. Like Nessus, it stayed true to its roots by maintaining a free community-supported version. In fact, there are two free versions: Metasploit Framework Edition, which is a command-line utility and is packaged with Zenmap, and Metasploit Community Edition, which has a decent web-based interface, modeled on the paid version but with limited capabilities. Rapid7 produces two paid versions of the system, called Metasploit Express and Metasploit Pro.


  • One of the most popular security frameworks in use today
  • Has over of the largest communities – great for continuous support and up to date additions
  • Available for free and commercial use
  • Highly customizable with many open-source applications


  • Metasploit caters to more technical users, which increases the learning curve for beginners in the security space


Probely is another cloud-based vulnerability scanner that is specifically aimed at assessing web services. This cloud-based subscription service has four service plans, including a free version. You can also get a 14-day free trial.


  • Great interface and dashboard
  • Easy to understand key metrics at a high level
  • Integrates with CMS systems like WordPress


  • Is more consumer-friendly, security professionals may want more features and customization options
  • Could benefit from a longer trial period

Although Nessus was the original vulnerability scanner, it is not the only one available. Check out the rivals and decide which is best for you.

Nessus Vulnerability Scanner FAQs

What is a Nessus vulnerability scan?

Nessus is the most widely-used vulnerability scanner in the world. It looks for more than 57,000 possible security weaknesses from an external viewpoint. These weaknesses are known as “exploits” and they can give hackers a way into a system.

Is Nessus still free?

There is a free edition of Nessus, which is called Nessus Essentials. This is limited to scanning 16 IP addresses.

Why is Nessus the best vulnerability scanner?

Nessus is the original vulnerability scanner and, although it has been cloned and copied a lot, it is still the leading vulnerability scanner in the world with more than two million users. However, probably one of the key reasons for its extensive user base is that there is still a free version available.