TOC & Recently Viewed

Recently Viewed Topics


Some Nessus functions can be administered through a command line interface using the nessuscli utility.

This allows the user to manage user accounts, modify advanced settings, manage digital certificates, report bugs, update Nessus, and fetch necessary license information.

Note: All commands must be run by a user with administrative privileges.

Nessuscli Syntax

Operating System



# /opt/nessus/sbin/nessuscli <arg1> <arg2>

Mac OS X

# /Library/Nessus/run/sbin/nessuscli <arg1> <arg2>


C:\Program Files\Tenable\Nessus



Nessuscli Commands

Command Description
Help Commands

nessuscli help

Displays a list of Nessus commands.

The help output may vary, depending on your Nessus license.

nessuscli [cmd] help

Displays additional help for specific commands identified in the nessuscli help output.

Bug Reporting Commands

The bug reporting commands create an archive that can be sent to Tenable, Inc. to help diagnose issues. By default, the script runs in interactive mode.

nessuscli bug-report-generator

Generates an archive of system diagnostics.

Running this command without arguments prompts for values.

--quiet: run the bug report generator without prompting user for feedback.

--scrub: when in quiet mode, bug report generator sanitizes the last two octets of the IPv4 address.

--full: when in quiet mode, bug report generator collects extra data.

User Commands

nessuscli rmuser <username>

Allows you to remove a Nessus user.

nessuscli chpasswd <username>

Allows you to change a user’s password. You are prompted to enter the Nessus user’s name. Passwords are not echoed on the screen.

nessuscli adduser <username>

Allows you to add a Nessus user account.

You are prompted for a username, password, and opted to allow the user to have an administrator type account. Additionally, you are prompted to add Users Rules for this new user account.

nessuscli lsuser

Displays a list of Nessus users.

Fetch Commands

Manage Nessus registration and fetch updates

nessuscli fetch --register <Activation Code>

Uses your Activation Code to register Nessus online.


# /opt/nessus/sbin/nessuscli fetch --register xxxx-xxxx-xxxx-xxxx

nessuscli fetch --register-only <Activation Code>

Uses your Activation Code to register Nessus online, but does not automatically download plugin or core updates.


# /opt/nessus/sbin/nessuscli fetch --register-only xxxx-xxxx-xxxx-xxxx

nessuscli fetch --register-offline nessus.license

Registers Nessus 6.3 and newer with the nessus.license file obtained from

Note: If you are using a version of Nessus 6.2 or earlier, you must use the information and instructions displayed on In Nessus 6.2 and earlier, the license is contained in the fc.file.

nessuscli fetch --check

Displays whether Nessus is properly registered and is able to receive updates.

nessuscli fetch --code-in-use

Displays the Nessus Activation Code being used by Nessus.

nessuscli fetch --challenge

Displays the challenge code needed to use when performing an offline registration.
Example challenge code: aaaaaa11b2222cc33d44e5f6666a777b8cc99999

nessuscli fetch --security-center

Prepares Nessus to be connected to Security Center.

Fix Commands

nessuscli fix

Reset registration, display network interfaces, and manage advanced settings.

Using the --secure option acts on the encrypted preferences, which contain information about registration.

--list, --set, --get, and --delete can be used to modify or view preferences.

nessuscli fix [--secure] --list

nessuscli fix [--secure] --set <name=value>

nessuscli fix [--secure] --get <name>

nessuscli fix [--secure] --delete <name>

nessuscli fix --list-interfaces

List the network adapters on this machine.

nessuscli fix --reset

This command deletes all your registration information and preferences, causing Nessus to run in a non-registered state. Nessus Manager retains the same linking key after resetting.

Before running nessuscli fix --reset, verify running scans have completed, then stop the nessusd daemon or service.

Windows: net stop "Tenable Nessus"
Linux: service nessusd stop

nessuscli fix --reset-all

This command resets Nessus to a fresh state, deleting all registration information, settings, data, and users.

Caution: Contact Tenable support before performing a full reset. This action cannot be undone.

Certificate Commands

nessuscli mkcert-client

Creates a certificate for the Nessus server.

nessuscli mkcert [-q]

Quietly creates a certificate with default values.

Software Update Commands

nessuscli update

By default, this tool respects the software update options selected through the Nessus UI.

nessuscli update --all

Forces updates for all Nessus components.

nessuscli update --plugins-only

Forces updates for Nessus plugins only.

nessuscli update <tar.gz filename>

Updates Nessus plugins by using a TAR file instead of getting the updates from the plugin feed. The TAR file is obtained when you Manage Nessus Offline - Download and Copy Plugins steps.

Manager Commands

Used for generating plugin updates for your managed scanners and agents connected to a manager.

nessuscli manager download-core

Downloads core component updates for remotely managed agents and scanners.

nessuscli manager generate-plugins

Generates plugins archives for remotely managed agents and scanners.

Managed Scanner Commands

Used for linking, unlinking and viewing the status of remote managed scanners.

nessuscli managed help

Displays nessuscli managed commands and syntax.

nessuscli managed link --key=<key> --host=<host> --port=<port> [optional parameters]

Link a managed scanner to the Nessus Manager.

Additional Parameters


nessuscli managed unlink

Unlink a managed scanner to the Nessus Manager.

nessuscli managed status

Identifies the status of the managed scanner.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.