About Plugin Families

Nessus Plugin Families

Backdoors

Plugins that detect the presence of a malicious file or backdoor access that can potentially lead to unauthorized access to a system.

CGI abuses

Plugins for vulnerabilities that leverage the common gateway interface.

CGI abuses : XSS

Plugins for vulnerabilities that leverage the common gateway interface, that specifically cause cross-site scripting issues.

CISCO

Plugins that relate to vulnerability detection of Cisco devices.

Databases

Plugins that relate to specific database applications and their vulnerabilities.

Default Unix Accounts

Plugins that test Unix hosts for a variety of accounts that could be installed by default during application installation.

Denial of Service

Plugins that directly test for vulnerabilities that cause a denial of service. This plugin family will be executed when Safe Checks are disabled.

Firewalls

Plugins that deal with firewall devices and software that do not have a specified family.

Gain a shell remotely

Plugins that deal with vulnerabilities that attempt to gain a shell on a host or device.

General

Plugins that mostly gather information for other checks.

Incident Response (Deprecated)

Deprecated / disabled

Misc.

Plugins that are host and device neutral.

Mobile Devices

Plugins that deal with mobile devices.

Netware

Plugins that specifically deal with Novell Netware.

Peer-To-Peer File Sharing

Plugins for detection of software and vulnerabilities of peer-to-peer sharing applications.

Policy Compliance

Plugins used by the Compliance and Audit function to leverage an audit file against a host.

Port scanners

Plugins that gather port information.

SCADA

Plugins that leverage SCADA for gathering information and vulnerability checks.

Service detection

Plugins that detect the specific protocol or application listening on a port.

Settings

Plugins that specifically deal with the scanner settings and scan information.

Web Servers

Plugins specifically for web servers.

Windows

Plugins that relate to the Windows platform and applications.

Windows : Microsoft Bulletins

Windows local security checks that specifically cover a Microsoft Bulletin.

Windows : User management

Windows local security checks that specifically cover user information.

Local Security Checks

The following categories leverage data gathered using the credentials provided to a host or device:

  • AIX Local Security Check
  • Alma Linux Local Security Checks
  • Amazon Linux Local Security Checks
  • CentOS Local Security Checks
  • Debian Local Security Checks
  • F5 Networks Local Security Checks
  • Fedora Local Security Checks
  • FreeBSD Local Security Checks
  • Gentoo Local Security Checks
  • HP-UX Local Security Checks
  • Huawei Local Security Checks
  • Junos Local Security Checks
  • MacOS X Local Security Checks
  • Mandriva Local Security Checks
  • NewStart CGSL Local Security Checks
  • Oracle Linux Local Security Checks
  • OracleVM Local Security Checks
  • Palo Alto Local Security Checks
  • PhotonOS Local Security Checks
  • Red Hat Local Security Checks
  • Rocky Linux Local Security Checks
  • Scientific Linux Local Security Checks
  • Slackware Local Security Checks
  • Solaris Local Security Checks
  • SuSE Local Security Checks
  • Ubuntu Local Security Checks
  • VMware ESX Local Security Checks
  • Virtuozzo Local Security Checks
Protocol Checks

The following categories are for plugins that deal with the specific protocol:

  • DNS (Domain Name System)
  • FTP (File Transfer Protocol)
  • RPC (Remote Procedure Call)
  • SMTP problems (Simple Mail Transfer Protocol)
  • SNMP (Simple Network Management Protocol)

Nessus Network Monitor Plugin Families

Backdoors

Plugins that detect the presence of a malicious file or backdoor access that can potentially lead to unauthorized access to a system.

CGI

Plugins for vulnerabilities that leverage the common gateway interface.

Cloud Services

Plugins to identify cloud services which may place intellectual property at risk.It is not intended for social media services (social media usage detection would typically be found in the Policy family).

DNS Servers

Identifies DNS server related installations

Data Leakage

Plugins that detect protected data that is being leaked via unsecured or poorly secured protocols

Database

Plugins that relate to specific database applications and their vulnerabilities.

FTP Clients

Plugins related to FTP client detection

FTP Servers

Plugins related to the detection of FTP Servers

Finger

Plugins to identify finger daemon services

Generic

Plugins to identify general software that do not fit in any other categories, normally are host and device neutral

IMAP Servers

Plugins to identify activity reflecting IMAP Server functionality

IRC Clients

Plugins to identify the presence of IRC Clients

IRC Servers

Plugins to identify the presence of IRC Servers Functionality

Internet Messengers

Plugins to identify online chat applications

Internet Services

Plugins to identify hosted services that accept connections from the Internet

IoT

Plugins to identify Internet of Things Devices in the Network

Mobile Devices

Plugins that deal with mobile devices.

Operating System Detection

Plugins to identify different Operating Systems in the network

POP Server

Plugins to identify POP Servers in the network

Peer-To-Peer File Sharing

Plugins to identify peer-to-peer file sharing applications or services

Policy

Plugins to identify software or services that could go against a company’s acceptable use or security policy.

RPC

Plugins to identify Remote Procedure Calls

SCADA

Plugins related to Supervisory Control and Data Acquisition (SCADA)/Industrial Control System (ICS) plugins

SMTP Clients

Plugins related to the identification of SMTP Clients

SMTP Servers

Plugins related to the identification of SMTP Servers

SNMP

Plugins related to the identification of SNMP Services

SSH

Plugins to identify SSH Servers

Samba

Plugins to identify Samba services

Web Clients

Plugins specifically for web clients.

Web Servers
Plugins specifically for web servers.

WAS Plugin Families

Authentication & Session

Plugins related to authentication and session issues

Code Execution

Plugins allowing code to be executed on the server and/or the application

Component Vulnerability

Information and vulnerabilities found on components used to build web applications

Cross Site Request Forgery

Plugins specifically for XSRF issues

Cross Site Scripting

Plugins specifically for all types of XSS issues

Cross Site Scripting

Plugins specifically for all types of XSS issues

File Inclusion

Plugins to identify that a file can be uploaded to the scanned asset

General

Plugins for Scan General Information

HTTP Security Header

Plugins to identify information and vulnerabilities on HTTP headers used by the web application

Injection

Plugins to identify different types of injection (SQL, noSQL, Code)

SSL/TLS

Information and vulnerabilities on the HTTPs protocol and certificates used by the web application

Web Applications

Plugins to identify information/Detection collected on the web application

Web Servers

Plugins to identify Information/Detection collected on the web server running the web application

Tenable OT Security Plugin Families

SCADA

Plugins related to Supervisory Control and Data Acquisition (SCADA)/Industrial Control System (ICS) plugins

Description of Terms

Common gateway interface

The interaction of data between a user and a website.

Local security checks

A plugin that uses the provided authentication credentials to gather information on a host or device.

Cross-site scripting (XSS)

A specific attack in which malicious script code could be executed by a website.

Denial of service

A specific attack in which a service, device, or host is rendered unusable or unreachable for its intended purpose.

Firewall

A security device or software that manages the interaction between devices over a network.

Shell

A user interface for interacting with the OS or device.

Peer-to-peer

A type of network that has no central server; instead each node can act as both server and client.

SCADA

A control system for high-level process supervisory management.

(The words plugins and checks is used interchangeably in this context)