Number of checks included with each license & plan
Plan | Underlying scanning engine | Number + type of checks | What is covered |
Essential | OpenVAS | >19,400 external OpenVAS checks |
|
Cloud | OpenVAS + Nuclei | >19,400 external OpenVAS checks
>69,800 custom Nuclei external checks |
|
Pro | Tenable | >17,700 external Tenable checks
>194,700 internal Tenable checks |
|
Enterprise + Vanguard | Tenable + Nuclei | >17,700 external Tenable checks
>194,700 internal Tenable checks |
|
Web Application Checks
Available for purchase on any plan | OWASP ZAP | ~100 zap web-application checks |
|
Cloud Security Checks
Available on Cloud, Pro, Enterprise, and Vanguard plans | Prowler (with an Infrastructure license & integrated AWS, GCP, or Azure account) | ~700 cloud security checks (includes custom checks written by our security team) |
|
Types of checks:
Essential, Cloud, Pro, Enterprise, Vanguard (OpenVAS & Tenable External)
Unintentionally exposed systems
Checks for software and services that are not recommended to be exposed to the internetInformation Leakage
Checks for information leakage, which could be used by hackers to mount further attacksEncryption weaknesses
Checks for weaknesses in SSL/TLS implementationsMisconfigurations & common mistakes
Checks for misconfigurations, security best practices, and common mistakes, such as exposing code repositoriesRemote vulnerable Software and missing patches
Checks (from an external perspective) for software with publicly known vulnerabilities
Pro, Enterprise, Vanguard (Tenable Internal)
These plans also include internal scanning (via an agent) for Linux, Windows, and macOS devices. This offers more comprehensive checks as it has more privileged access to the machine. Some of the things we check you for include:
Local misconfigurations & common mistakes
No matter how secure the software package is, it can still be configured insecurely - for example, leaving default passwords set up, inadvertently leaving admin pages exposed, and not enabling encryption.
Vulnerable software packages & missing patches
Check your internal machines for vulnerable versions of software packages, frameworks, and components, including missing OS patches, software updates, and server packages.
Cloud, Enterprise, and Vanguard (Nuclei)
The checks included in these three plans are enhanced further, courtesy of a second scanner. Nuclei covers some of the same vulnerabilities outlined above, but also checks for:
Out-of-band vulnerabilities
These are weaknesses that can't be exploited in standard HTTP request/response communication; instead, they leverage non-standard forms of communication, such as blind XSS or email header injection, to retrieve/obtain information of a sensitive nature.
Cloud, Enterprise, and Vanguard (Prowler)
Cloud security scans powered by Prowler are available on these plans. Our security team enhances these with custom checks designed to analyse your cloud infrastructure and services for:
Known vulnerabilities in cloud assets and services.
Misconfigured resources that could expose data or services.
Insecure permissions or overly broad public access.
Shared responsibility gaps where cloud platform defaults leave your systems exposed.
Application licenses (on all plans) cover:
OS command injection
Cross-site scripting (XSS), persistent/stored, reflected, and DOM-based XSS
SQL injection against multiple types of databases
NoSQL injection, specifically against MongoDB
LDAP injection
XPath injection
Server-side includes
Server-side code injection
Java serialisation weaknesses
Buffer and integer overflows
Additionally, these scans align with OWASP 2021 standards, addressing categories such as web application vulnerabilities, cryptographic weaknesses, security misconfigurations, and infrastructure vulnerabilities.
For a more detailed explanation of the features included in each plan, head to this article: Which service is right for me?
Where can I see the full list of checks you run?
If you have access to the portal, you can see exactly what we test you for. Just head to the dashboard and click Checks available to the left of the Activity feed. You will also be able to see the number of checks we have added in the last 90 days:
Here you can see all the checks that will be run on your targets, with the option to filter by:
CVSS Rating (Critical, High, Medium, Low)
Category (Attack surface reduction, Compromise, Cryptographic Weaknesses, Information Disclosure, Misconfiguration & Common mistakes, Vulnerable Software, Web Application Vulnerabilities)
Check type (Authenticated, Internal, External, Cloud Security)
Scanning Engine (OpenVAS, Nessus, ZAP, Prowler, Nuclei)
Alternatively, you can search by CVE/check name.
Essential Plan (OpenVAS Checks)
Pro, Enterprise, Vanguard (Tenable Checks)
Enterprise and Vanguard (Nuclei & Tenable Checks)
You may notice that some checks display a special person-style icon. These icons are shown next to checks that have been designed and developed in-house by our Security Team, helping to continuously expand and strengthen our overall check coverage.
Clicking on any check will take you to the Check Detail page, where you can see the targets that were scanned for this vulnerability, when they were last scanned for this, and whether or not they passed.
FAQs
Do all checks get executed all the time?
All checks are enabled, but this does not mean that all checks will be executed against every target. Instead, vulnerability scanners will 'fingerprint' the service(s) running on a target, and only run checks that are relevant to these service(s) - there’s little value in executing a check for a service that isn't running.
Can I export a list of all the checks?
Yes, absolutely! Just head to the Checks page and hit 'Export to CSV':
