View All SolutionsCompare Nessus with industry vulnerability assessment solutions
Nessus® is the gold standard for vulnerability assessment.
See how Nessus compares to
OpenVAS® and Rapid7® Nexpose®.
From the beginning, we've worked hand-in-hand with the security community to make Nessus the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later, we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data – so you don't miss critical issues that could put your organization or your clients at risk.
Below, we are comparing Nessus to two other popular tools - OpenVas and Rapid7 Nexpose. Open-source vulnerability scanners like OpenVas still exist and are maintained by a community. However, the reality is these tools have limited enterprise features and integrations, and require a ton of manual work to deploy, operate, and self-support.
See why Nessus is trusted by tens of thousands of organizations worldwide.
CVE coverage
79K CVEs – the most in the industry
59K unique CVEs
59K detected by Rapid7
False-positive rate
Industry's lowest false-positive rate – better than six-sigma accuracy1
Not published; customers report many false-positives
Not published; customers report many false-positives
Pre-built audit scan templates
Tenable published 1071 audits covering 406 benchmarks
Not available
Total number of benchmarks is not published, Nexpose provides templates for most common frameworks
Live Results
Live Results identifies vulnerabilities using existing scan data with new plugin updates, for real-time visibility
Not available
Not available
Vulnerability grouping
Grouped View presents similar vulnerabilities in a single thread for ease of management
Not available
Not available
Web application scanning
Yes
Not available
Separate Solution
IaC (Infrastructure as Code) policy violation scanning*
Yes
Not available
Not available
Continuous subdomain discovery scanning (Attack Surface Discovery)*
Yes
Not available
Yes
Pre-built compliance and configuration assessment templates
1100+ compliance and configuration templates (CIS, DISA STIG, HIPAA, PCI DSS, USGCB, FDCC, and more) – at no extra cost
Very limited set of configuration templates included. No support DISA STIG, USGCB, or FDCC audits
Total number is not published
Flexible report creation
Pre-built report templates simplify report creation. Reports can be tailored based on customized views by team or client
Limited report templates and filtering capabilities
Pre-built report templates. Reports can be created and tailored based on customized views
Report export formats
HTML, CSV, PDF, Nessus XML, and Nessus DB
Anonymous XML, CSV, ITG, PDF, TXT, XML
HTML, CSV, PDF, XML, and RTF/text
Branded reports
Option to add personal branding (name/logo)
Not available
Can request the creation of a custom report template through Professional Services
Automatic email distribution of reports after scans finish
Included
Not available
Not available
Expert security research
Largest vulnerability research team in the industry with the best vulnerabilities coverage
Community driven
Rapid7 maintains a respected security research team
Supported operating systems
Windows: All supported Windows OS versions except for Windows on Arm
macOS: All supported macOS versions
Linux:RHEL versions 6, 7, 8, and 9
Ubuntu - 14.04, 16.04, 18.04, 20.04, and 22.04
CentOS versions 6, 7, and 8
Amazon Linux 1 and 2
Debian versions 9, 10, and 11
Oracle Linux 6, 7, and 8
SLES 11 SP4, 12 SP2, 12 SP3, 12 SP4, 12 SP5, 15, 15 SP1, 15 SP2, and 15 SP3
Runs on Unix and Linux and comes available by default with Kali Linux. No Windows support
The user has to build binaries from the source code or seek assistance from the community
Windows: Microsoft Windows Server 2012 R2, 2016, 2019, 2022, and 8.1
Linux: RHEL versions 6,7,8
Ubuntu: 16.04, 18.04, 20.04
CentOS 7
Oracle Linus 7, 8
SUSE Linus 12
Cost of acquiring, operating, and supporting product
7-day free trial
Full pricing here
Extensive pre-built capabilities, automation, and vendor support minimize manual effort
Free to download.2
Significant manual work required to deploy, operate, and self-support
Greenbone offers commercial distribution of OpenVas, pricing is not published
Not published.
Rapid7 urges visitors to try enterprise-grade InsightVM instead
Product investment
Tenable is investing heavily in Nessus – with 4 major releases in 2022
Community-driven releases - 2 minor releases in 2022
Rapid7 deprioritizing Nexpose and didn’t announce major releases in 2022
Paid customers
40,000+2
Not available
10,0003
#1 market share for application VA
Yes5
No
No
2Source: https://www.tenable.com/about-tenable/about-us. Virtually all Tenable customers are using Nessus or a product built on Nessus technology.
3Source: https://www.rapid7.com/about/customers. Not all of Rapid7’s customers are using Nexpose (or InsightVM).
4Source: https://www.tenable.com/products/nessus.
5According to IDC WorldWide Device Vulnerability Management 2020: https://www.tenable.com/analyst-research/idc-worldwide-device-vulnerability-management-report-2020.
*Applies to Nessus Expert.
Data as of December 2022.
All product names, logos, and brands are property of their respective owners.
Looking for a comprehensive vulnerability management solution?
Consider Tenable.sc (on-premises) or Tenable.io (cloud-based) for complete vulnerability management – including extensive security and compliance dashboards, agents, multi-scanner support, cloud and container scanning, and more.