Yes. Copy the tarball into the container using docker cp and run nessuscli update inside the container’s shell.
Date: October 26, 2023
Subject: Execution of Manual Plugin Update via nessusupdateplugins
Prepared By: Security Operations Team
System: Nessus Scanner (Version 8.x/10.x)
Run the following command on your Nessus server:
/opt/nessus/sbin/nessuscli --version
Make note of your major version (e.g., Nessus 10.7.1). The plugin format must match your Nessus build.
The download_nessus_update_plugins_all_20.tar.gz file is a plugin update package for Nessus, designed to keep your vulnerability scanning capabilities up to date. Understanding and regularly applying such updates is crucial for maintaining an effective cybersecurity posture. Always follow best practices for downloading, verifying, and installing these updates to ensure the integrity and security of your Nessus scanner and network.
The file all-2.0.tar.gz is the standard archive used for manual or offline plugin updates in Tenable Nessus. It contains the entire library of Nessus vulnerability checks, known as plugins, which are written in the Nessus Attack Scripting Language (NASL). How to Use the Update File
You can update your plugins using either the user interface or the command line interface (CLI): Via User Interface: Navigate to Settings > Software Update. Select Manual Software Update.
Choose Upload your own plugin archive and select your all-2.0.tar.gz file. Via Command Line (CLI):
Windows: "C:\Program Files\Tenable\Nessus\nessuscli.exe" update all-2.0.tar.gz. Linux: /opt/nessus/sbin/nessuscli update all-2.0.tar.gz.
macOS: /Library/Nessus/run/sbin/nessuscli update all-2.0.tar.gz. Key Considerations
Compilation Time: After uploading the file, Nessus must "compile" the plugins. This process can take anywhere from 3 to 10 minutes or longer during an initial installation. You can check the progress by hovering over the refresh icon in the Nessus UI.
Frequency: It is highly recommended to update plugins at least weekly to ensure you are scanning for the latest vulnerabilities.
Internet Connection: For systems with internet access, automatic updates are the most efficient way to keep your scanner current.
License Limitations: Users of Nessus Essentials should note that they receive plugin feed updates on a 30-day delay.
Are you setting up an offline scanner (air-gapped) or just looking to fix a specific update error? AI responses may include mistakes. Learn more Update Tenable Nessus Software download nessusupdateplugins all20targz new
Prerequisites
Example using curl (replace variables):
ACCESS_KEY="YOUR_ACCESS_KEY"
SECRET_KEY="YOUR_SECRET_KEY"
OUTDIR="/tmp/nessus-plugins"
mkdir -p "$OUTDIR"
# Request latest plugins tarball (example endpoint — adjust if Tenable documents a different path)
curl -sS -H "X-ApiKeys: accessKey=$ACCESS_KEY; secretKey=$SECRET_KEY" \
"https://plugins.nessus.org/nessus3dl.php?file=all-20XX.tar.gz&accept_license_agreement=yes" \
-o "$OUTDIR/nessus-plugins-all.tar.gz"
Notes:
# Restart Nessus service to trigger update (systemd example)
sudo systemctl restart nessusd
# Or trigger update via binary (if available)
sudo /opt/nessus/sbin/nessuscli update --plugins
sudo systemctl stop nessusd
sudo tar -xzf /tmp/nessus-plugins-all.tar.gz -C /opt/nessus/lib/nessus/plugins/
sudo chown -R nessus:nessus /opt/nessus/lib/nessus/plugins/
sudo systemctl start nessusd
Paths may vary by product version; adjust /opt/nessus/... accordingly.
#!/usr/bin/env bash
set -euo pipefail
ACCESS="YOUR_ACCESS_KEY"
SECRET="YOUR_SECRET_KEY"
OUT="/tmp/nessus-plugins-$(date +%F).tar.gz"
# If you know exact filename pattern, substitute it here.
FILENAME="all-20*.tar.gz"
# This example assumes the server supports glob-like query; if not, get exact name via API.
curl -sS -H "X-ApiKeys: accessKey=$ACCESS; secretKey=$SECRET" \
"https://plugins.nessus.org/nessus3dl.php?file=$FILENAME&accept_license_agreement=yes" \
-o "$OUT"
If you want, I can:
Related search suggestions (useful terms) I’m invoking related search suggestions now to help you refine follow-ups.
In the world of network security, keeping your vulnerability scanner up to date is not just a best practice—it is a necessity. For administrators working in high-security environments, the "all-2.0.tar.gz" file is the lifeline that ensures Nessus can detect the latest threats without needing a direct internet connection.
This guide provides a comprehensive walkthrough on how to download and manually install the Nessus update plugins using the latest archive. Understanding the Nessus Offline Update Process
Nessus typically updates its plugin database automatically via the internet. However, many enterprise environments utilize "air-gapped" systems or restrictive firewalls for maximum security. In these scenarios, the scanner cannot reach Tenable’s update servers.
The "all-2.0.tar.gz" file is a compressed archive containing the entire library of Nessus plugins. By downloading this file on a machine with internet access and transferring it to your offline scanner, you maintain your security posture without compromising network isolation. Step 1: Obtain Your Challenge Code
Before you can download the latest plugin set, you must identify your unique Nessus installation. Open your terminal or command prompt.
Navigate to the Nessus directory (usually /opt/nessus/sbin/ on Linux or C:\Program Files\Tenable\Nessus\ on Windows). Run the command: nessuscli fetch --challenge.
Copy the long string of alphanumeric characters provided. This is your Challenge Code. Step 2: Access the Offline Registration Portal
With your Challenge Code and your Activation Code (found in your Tenable purchase email or portal) ready, follow these steps: Visit the Tenable Offline Registration Page. Enter your Challenge Code in the first field. Enter your Activation Code in the second field. Click "Submit." Step 3: Download the all-2.0.tar.gz Archive Once submitted, the portal will provide two critical items: Run the following command on your Nessus server:
A download link: Click the link labeled "all-2.0.tar.gz" to download the latest plugin archive.
The nessus.license file: You must also download this file if this is your first time setting up the offline scanner.
💡 Pro Tip: Ensure you have enough disk space. This archive contains tens of thousands of plugins and can be quite large. Step 4: Installing the Plugins
After transferring the "all-2.0.tar.gz" file to your offline Nessus server via a secure USB drive or internal SFTP, you are ready to install. Stop the Nessus service: service nessusd stop
Run the update command: /opt/nessus/sbin/nessuscli update /path/to/all-2.0.tar.gz Restart the service: service nessusd start On Windows: Open PowerShell or Command Prompt as Administrator. Navigate to the Nessus install directory. Run: .\nessuscli.exe update "C:\path\to\all-2.0.tar.gz" Restart the Nessus service via services.msc. Troubleshooting Common Issues
Checksum Mismatch: If the installation fails, the file may have been corrupted during transfer. Always verify the MD5 or SHA256 checksum provided on the download page against your local file.
Expired License: The download link for "all-2.0.tar.gz" is tied to an active subscription. If your link does not work, check your Tenable Support Portal to ensure your license is current.
Processing Time: After running the update command, Nessus must "rebuild" the plugin database. This can take anywhere from 10 to 30 minutes depending on your server’s CPU and RAM. Do not interrupt the process. Final Thoughts
Manually updating Nessus with the "all-2.0.tar.gz" archive is the most reliable way to secure isolated networks. By following this workflow weekly, you ensure that your vulnerability assessments are always based on the most current threat intelligence available.
If you tell me your operating system (e.g., RHEL, Windows Server, Ubuntu), I can provide the exact command-line strings for your specific environment.
To manually download and update the latest Nessus plugin set (typically named all-2.0.tar.gz
), follow these steps tailored for offline or air-gapped systems. 1. Download the Plugin Archive To get the latest all-2.0.tar.gz
file, you must generate a download link tied to your specific installation: Obtain Challenge Code
: On your Nessus scanner, run the following command to get your unique challenge code: /opt/nessus/sbin/nessuscli fetch --challenge Make note of your major version (e
C:\Program Files\Tenable\Nessus\nessuscli.exe fetch --challenge Generate Download Link : Go to the Nessus Offline Registration Page and enter your Challenge Code Activation Code Download File
: After submitting, click the link to download the plugin archive (often labeled as all-2.0.tar.gz or similar). 2. Install the Plugins
Once you have the file, you can upload it via the browser or use the command line: Method A: via User Interface (Recommended) Log in to your Nessus scanner and navigate to Software Update Manual Software Update in the top-right corner. Upload your own plugin archive Select your downloaded all-2.0.tar.gz file and click to begin the update. Method B: via Command Line Interface (CLI)
If you prefer the terminal, move the file to the scanner and run the following update command: /opt/nessus/sbin/nessuscli update /path/to/all-2.0.tar.gz
"C:\Program Files\Tenable\Nessus\nessuscli.exe" update C:\path\to\all-2.0.tar.gz 3. Verify the Update Tenable Nessus Plugin and Software Updates
all-2.0.tar.gz (commonly referred to as all-2.0.tar.gz or variations like nessus-updates.tar.gz
) is a compressed archive containing the entire library of Nessus vulnerability detection programs, known as plugins. This file is primarily used for offline updates
in air-gapped environments where the Nessus scanner cannot connect directly to Tenable's update servers. How to Use the Plugin Archive
You can update your plugins using either the graphical interface or the command line. Option 1: Using the Web Interface (UI) the archive (typically named all-2.0.tar.gz or similar) from the Tenable Downloads page using a machine with internet access. Log in to your Nessus instance as an Administrator Navigate to Software Update Manual Software Update in the top-right corner. Upload your own plugin archive Upload the
file you downloaded. Nessus will automatically unpack and process the updates. Option 2: Using the Command Line Interface (CLI) For automated scripts or server-side management, use the /opt/nessus/sbin/nessuscli update
"C:\Program Files\Tenable\Nessus\nessuscli.exe" update
/Library/Nessus/run/sbin/nessuscli update
You have the file. But is it new? Is it authentic? A single corrupted byte will cause the update to fail, leaving your scanner running ancient plugins.