Every audit in the Tenable Nessus® vulnerability scanner is coded as a plugin: a simple program which checks for a given flaw. Nessus uses more than 54,000 different plugins, covering local and remote flaws.
New vulnerabilities are discovered and published every day. As a result, staying up-to-date is a must if you want to perform a security scan. Every week, several dozens of plugins are added in the Tenable Nessus plugin feeds (HomeFeed and ProfessionalFeed).
To ensure your plugins are current, your feed must have been activated according to the instructions you received by email after your purchase/download. Once your plugin feed is registered, it will automatically fetch the newest plugins every 24 hours, or you can use the command nessus-update-plugins to force a plugin update.
As information about new vulnerabilities are discovered and released into the general public domain, Tenable's research staff designs programs to enable Nessus to detect them. These programs are named 'plugins' and are written in the Nessus Attack Scripting Language (NASL). The plugins contain vulnerability information, a generic set of remediation actions and the algorithm to test for the presence of the security issue. Typically, Tenable produces plugins for vulnerabilities within 24 hours of its public release.
There are two types of feed subscriptions available: Nessus ProfessionalFeed (for business/enterprise use) or Nessus HomeFeed (for non-commercial, home use only). If you are going to use Nessus in a business capacity, you must purchase the ProfessionalFeed to scan your network, obtain support, update your database of vulnerability checks, and for compliance auditing. ProfessionalFeed subscriptions may be purchased from our Authorized ProfessionalFeed Partners or Tenable's Online Store. Customers who purchase Tenable SecurityCenter receive access to this feed with their annual product maintenance.