Recently Viewed Topics
Nessuscli
Some Nessus functions can be administered through a command line interface using the nessuscli utility.
This allows the user to manage user accounts, modify advanced settings, manage digital certificates, report bugs, update Nessus, and fetch necessary license information.
Note: All commands must be run by a user with administrative privileges.
Nessuscli Syntax
Operating System |
Command |
---|---|
Linux |
# /opt/nessus/sbin/nessuscli <arg1> <arg2> |
Mac OS X |
# /Library/Nessus/run/sbin/nessuscli <arg1> <arg2> |
Windows |
C:\Program Files\Tenable\Nessus
or C:\ProgramData\Tenable\Nessus |
Nessuscli Commands
Command | Description |
---|---|
Help Commands | |
nessuscli help |
Displays a list of Nessus commands. The help output may vary, depending on your Nessus license. |
nessuscli [cmd] help |
Displays additional help for specific commands identified in the nessuscli help output. |
Bug Reporting Commands The bug reporting commands create an archive that can be sent to Tenable, Inc. to help diagnose issues. By default, the script runs in interactive mode. |
|
nessuscli bug-report-generator |
Generates an archive of system diagnostics. Running this command without arguments prompts for values. --quiet: run the bug report generator without prompting user for feedback. --scrub: when in quiet mode, bug report generator sanitizes the last two octets of the IPv4 address. --full: when in quiet mode, bug report generator collects extra data. |
User Commands | |
nessuscli rmuser <username> |
Allows you to remove a Nessus user. |
nessuscli chpasswd <username> |
Allows you to change a user’s password. You are prompted to enter the Nessus user’s name. Passwords are not echoed on the screen. |
nessuscli adduser <username> |
Allows you to add a Nessus user account. You are prompted for a username, password, and opted to allow the user to have an administrator type account. Additionally, you are prompted to add Users Rules for this new user account. |
nessuscli lsuser |
Displays a list of Nessus users. |
Fetch Commands Manage Nessus registration and fetch updates |
|
nessuscli fetch --register <Activation Code> |
Uses your Activation Code to register Nessus online. Example: # /opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx |
nessuscli fetch --register-only <Activation Code> |
Uses your Activation Code to register Nessus online, but does not automatically download plugin or core updates. Example: # /opt/nessus/sbin/nessuscli fetch --register-only xxxx-xxxx-xxxx-xxxx |
nessuscli fetch --register-offline nessus.license |
Registers Nessus 6.3 and newer with the nessus.license file obtained from https://plugins.nessus.org/v2/offline.php. Note: If you are using a version of Nessus 6.2 or earlier, you must use the information and instructions displayed on https://plugins.nessus.org/offline.php. In Nessus 6.2 and earlier, the license is contained in the fc.file. |
nessuscli fetch --check |
Displays whether Nessus is properly registered and is able to receive updates. |
nessuscli fetch --code-in-use |
Displays the Nessus Activation Code being used by Nessus. |
nessuscli fetch --challenge |
Displays the challenge code needed to use when performing an offline registration. |
nessuscli fetch --security-center |
Prepares Nessus to be connected to Security Center. |
Fix Commands | |
nessuscli fix |
Reset registration, display network interfaces, and manage advanced settings. Using the --secure option acts on the encrypted preferences, which contain information about registration. --list, --set, --get, and --delete can be used to modify or view preferences. |
nessuscli fix [--secure] --list |
|
nessuscli fix [--secure] --set <name=value> |
|
nessuscli fix [--secure] --get <name> |
|
nessuscli fix [--secure] --delete <name> |
|
nessuscli fix --list-interfaces |
List the network adapters on this machine. |
nessuscli fix --set listen_address=<address> |
Tell the server to only listen to connections on the address <address> that is an IP, not a machine name. This option is useful if you are running nessusd on a gateway and if you do not want people on the outside to connect to your nessusd. |
nessuscli fix --reset |
This command deletes all your registration information and preferences, causing Nessus to run in a non-registered state. Nessus Manager retains the same linking key after resetting. Before running nessuscli fix --reset, verify running scans have completed, then stop the nessusd daemon or service. Windows: net stop "Tenable Nessus" |
nessuscli fix --reset-all |
This command resets Nessus to a fresh state, deleting all registration information, settings, data, and users. Caution: This action cannot be undone. Contact Tenable support before performing a full reset. |
Certificate Commands | |
nessuscli mkcert-client |
Creates a certificate for the Nessus server. |
nessuscli mkcert [-q] |
Quietly creates a certificate with default values. |
Software Update Commands | |
nessuscli update |
By default, this tool respects the software update options selected through the Nessus UI. |
nessuscli update --all |
Forces updates for all Nessus components. |
nessuscli update --plugins-only |
Forces updates for Nessus plugins only. |
nessuscli update <tar.gz filename> |
Updates Nessus plugins by using a TAR file instead of getting the updates from the plugin feed. The TAR file is obtained when you Manage Nessus Offline - Download and Copy Plugins steps. |
Manager Commands Used for generating plugin updates for your managed scanners and agents connected to a manager. |
|
nessuscli manager download-core |
Downloads core component updates for remotely managed agents and scanners. |
nessuscli manager generate-plugins |
Generates plugins archives for remotely managed agents and scanners. |
Managed Scanner Commands Used for linking, unlinking and viewing the status of remote managed scanners. |
|
nessuscli managed help |
Displays nessuscli managed commands and syntax. |
nessuscli managed link --key=<key> --host=<host> --port=<port> [optional parameters] |
Link an unregistered scanner to a manager. Additional Parameters --name=<name>
Note: You cannot link a scanner via the CLI if the scanner has already been registered. You can either link via the user interface, or reset the scanner to unregister it (however, you lose all scanner data). |
nessuscli managed unlink |
Unlink a managed scanner from its manager. |
nessuscli managed status |
Identifies the status of the managed scanner. |