Nessus and the Nmap connection

Fri Sep 18 16:07:30 EDT 2009

A few people are under the impression "Nessus uses Nmap". This is not the case. To put this to rest, this file outlines the "Nmap connection".

Prior to Nessus 2.2.0, Nessus used a modified function tcp_scan() from Nmap 1.x that was converted into a .nes plugin (a C plugin). Nessus also had a SYN scanner that was written by Renaud, also in a .nes plugin. At no point was Nessus using the Nmap program/binary for port scanning. It never called "`which nmap` -sT $target" for example.

For a long while, Nessus had a plugin called nmap.nasl, that could be used to call an external copy of Nmap. Nessus did not install Nmap, and would only use it if the user a) installed Nmap and b) configured the plugin to use it. During this time, Nessus used its own native portscanners. nmap.nasl was removed from the plugin feed on Feb 5, 2006. Prior to nmap.nasl, Nessus used nmap_wrapper.c which was doing the same thing (acting as a method to call Nmap externally), but it was disabled by default. nmap.nasl is still available on the Tenable web site as a separate download, available to both HomeFeed and ProfessionalFeed users.

For more information:

In short, when referring to Nessus and Nmap, it is correct to say "Nessus *could* use Nmap", not "did". =)

main page ATTRITION feedback