You need a device with active internet access to retrieve the update components.
Comprehensive Guide: Downloading and Installing the New all-2.0.tar.gz Nessus Offline Plugin Archive
Tenable publishes a new plugin feed . For critical vulnerabilities (e.g., CVSS 9.8+), an out-of-band update may occur within hours. download nessusupdateplugins all20targz new
: While Nessus usually processes plugins automatically after an update, you may need to restart the service ( service nessusd restart on Linux) if the plugins don't appear after a few minutes.
# /Library/Nessus/run/sbin/nessuscli update . ✨ Interesting Feature: Offline Management You need a device with active internet access
Example using curl (replace variables):
# For Linux installations /opt/nessus/sbin/nessuscli fetch --challenge # For Windows installations (via Command Prompt) "C:\Program Files\Tenable\Nessus\nessuscli.exe" fetch --challenge Use code with caution. : While Nessus usually processes plugins automatically after
By following this guide, you can maintain a fully updated Nessus scanner in any environment, ensuring your vulnerability assessments are always backed by the latest threat intelligence.
If it is still active, use sudo systemctl kill nessusd to force termination.
Tenable is gradually moving toward a model where even offline scanners use a signed update package that doesn’t require the old all-2.0.tar.gz mono-file. However, as of 2025, the challenge-code + tarball method remains fully supported, especially for air-gapped deployments.