You are here: Additional Resources > Command Line Operations > Nessuscli

Nessuscli

Some Nessus functions can be administered through a command line interface using the nessuscli utility.

This allows the user to manage user accounts, modify advanced settings, manage digital certificates, report bugs, update Nessus, and fetch necessary license information.

Note: All commands must be run by a user with administrative privileges.

Nessuscli Syntax

Operating System

Command

Linux

# /opt/nessus/sbin/nessuscli <arg1> <arg2>

Mac OS X

# /Library/Nessus/run/sbin/nessuscli <arg1> <arg2>

Windows

C:\Program Files\Tenable\Nessus

or

C:\ProgramData\Tenable\Nessus

Nessuscli Commands

Command Description
Help Commands

nessuscli help

Displays a list of Nessus commands.

The help output may vary, depending on your Nessus license.

nessuscli [cmd] help

Displays additional help for specific commands identified in the nessuscli help output.

Bug Reporting Commands

The bug reporting commands create an archive that can be sent to Tenable Network Security to help diagnose issues. By default, the script runs in interactive mode.

nessuscli bug-report-generator

Generates an archive of system diagnostics.

Running this command without arguments prompts for values.

--quiet: run the bug report generator without prompting user for feedback.

--scrub: when in quiet mode, bug report generator sanitizes the last two octets of the IPv4 address.

--full: when in quiet mode, bug report generator collects extra data.

User Commands

nessuscli rmuser [username]

Allows you to remove a Nessus user.

nessuscli chpasswd [username]

Allows you to change a user’s password. You are prompted to enter the Nessus user’s name. Passwords are not echoed on the screen.

nessuscli adduser [username]

Allows you to add a Nessus user account.

You are prompted for a username, password, and opted to allow the user to have an administrator type account. Additionally, you are prompted to add Users Rules for this new user account.

nessuscli lsuser

Displays a list of Nessus users.

Fetch Commands

Manage Nessus registration and fetch updates

nessuscli fetch --register <Activation Code>

Uses your Activation Code to register Nessus online.

Example

# /opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx

nessuscli fetch --register-offline nessus.license

Registers Nessus 6.3 and newer with the nessus.license file obtained from https://plugins.nessus.org/v2/offline.php.

Note: If you are using a version of Nessus 6.2 or earlier, you must use the information and instructions displayed on https://plugins.nessus.org/offline.php. In Nessus 6.2 and earlier, the license is contained in the fc.file.

nessuscli fetch --check

Displays whether Nessus is properly registered and is able to receive updates.

nessuscli fetch --code-in-use

Displays the Nessus Activation Code being used by Nessus.

nessuscli fetch --challenge

Displays the Challenge code needed to use when performing an offline registration.
Example Challenge Code: aaaaaa11b2222cc33d44e5f6666a777b8cc99999

nessuscli fetch --security-center

Prepares Nessus to be connected to Security Center.

Fix Commands

nessuscli fix

Reset registration, display network interfaces, and manage advanced settings.

Using the --secure option acts on the encrypted preferences, which contain information about registration.

--list, --set, --get, and --delete can be used to modify or view preferences.

nessuscli fix [--secure] --list

 

nessuscli fix [--secure] --set <name=value>

 

nessuscli fix [--secure] --get <name>

 

nessuscli fix [--secure] --delete <name>

 

nessuscli fix --list-interfaces

List the network adapters on this machine.

nessuscli fix --reset

This command deletes all your registration information and preferences, causing Nessus to run in a non-registered state.

Before running nessuscli fix --reset, verify running scans have completed, then stop the nessusd daemon or service.

Windows: net stop "Tenable Nessus"
Linux: service nessusd stop

Certificate Commands

nessuscli mkcert-client

Creates a certificate for the Nessus server.

nessuscli mkcert [-q]

Quietly creates a certificate with default values.

Software Update Commands

nessuscli update

By default, this tool respects the software update options selected through the Nessus UI.

nessuscli update --all

Forces updates for all Nessus components.

nessuscli update --plugins-only

Forces updates for Nessus plugins only.

nessuscli update <tar.gz filename>

Updates Nessus plugins by using a TAR file instead of getting the updates from the plugin feed. The TAR file is obtained when you Register Nessus Offline - Download and Copy Plugins steps.

Manager Commands

Used for generating plugin updates for your managed scanners and agents connected to a manager.

nessuscli manager download-core

Downloads core component updates for remotely managed agents and scanners.

nessuscli manager generate-plugins

Generates plugins archives for remotely managed agents and scanners.

Managed Scanner Commands

Used for linking, unlinking and viewing the status of remote managed scanners.

nessuscli managed help

Displays nessuscli manged commands and syntax.

nessuscli managed link --key=<key> --host=<host> --port=<port> [optional parameters]

Link a managed scanner to the Nessus Manager.

Additional Parameters

--name=<name>
--ca-path=<ca_file_name>
--proxy-host=<host>
--proxy-port=<port>
--proxy-username=<username>
--proxy-password=<password>
--proxy-agent=<agent>

nessuscli managed unlink

Unlink a managed scanner to the Nessus Manager.

nessuscli managed status

Identifies the status of the managed scanner.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.