simple command line tool to check or monitor your https certificate
You must run a command on the host where Nessus is installed to get a unique identifier for your system. : # /opt/nessus/sbin/nessuscli fetch --challenge
sudo /Library/Nessus/run/sbin/nessuscli update /path/to/all-2.0.tar.gz Use code with caution. Step 4: Verify the Update
The "2.0" refers to the format version of the plugin package.
Your activation code is the 20-character string provided by Tenable when you purchased or registered your license (e.g., Nessus Professional, Expert, or Essentials). You can find this in your Tenable Community portal or your original registration email. Step 2: Download the Plugin Archive download nessus-update-plugins all-2.0.tar.gz
💡 Always restart the Nessus service after a manual update to ensure the scanner re-indexes the new plugin database. Troubleshooting Common Issues
If you have obtained your plugin archive (usually named something like sc-plugins-diff.tar.gz or all-2.0.tar.gz depending on your license), here is how to apply it.
You must generate a unique challenge code from the offline machine. Run the following command based on your operating system: /opt/nessus/sbin/nessuscli fetch --challenge You must run a command on the host
Updating Nessus is typically automatic, but in secure, air-gapped environments without internet access, you must follow a specific "story" or process to get the plugins onto the system.
cd "C:\Program Files\Tenable\Nessus" nessuscli.exe fetch --challenge Use code with caution. Open the Terminal application and execute: /Library/Nessus/run/sbin/nessuscli fetch --challenge Use code with caution.
In the world of cybersecurity, keeping your vulnerability scanner up-to-date is the difference between identifying a critical threat and leaving your network exposed. , the industry-standard vulnerability assessment tool from Tenable, relies on its plugin feed to detect the latest security flaws. While Nessus typically updates automatically, there are scenarios—such as air-gapped networks, strict compliance requirements, or limited bandwidth—where an offline update is necessary. This brings us to the classic command and file package: download nessus-update-plugins all-2.0.tar.gz . Your activation code is the 20-character string provided
After running the update command, the Nessus daemon will automatically begin extracting the archive and compiling the plugins. This compilation process can take anywhere from 10 to 30 minutes depending on your system's hardware performance. To verify the successful installation:
Installing/updating plugins
Enter your Nessus (license key) into the second input field. Click Submit .
# Linux / macOS sha256sum nessus-update-plugins-all-2.0.tar.gz
cd "C:\Program Files\Tenable\Nessus" nessuscli fetch --challenge Use code with caution. /opt/nessus/sbin/nessuscli fetch --challenge Use code with caution. macOS (Terminal): /Library/Nessus/run/sbin/nessuscli fetch --challenge Use code with caution.
deployed on AWS Lambda
Great for checking lots of sites, scripting or use with private servers
Linux or Mac
Windows Powershell
View github installation instructions for how to install on mac and windows
Download Releases for Windows, Mac, or Linux
Checkssl is an open source project that you can modify and use for your personal or commercial projects.
Written in Go under a MIT License
Simple, no dependency command that integrates into your CI workflows
Let's Encrypt is great way to generate free SSL certificates for your server
Qualsys SSL Lab produces detailed report of your SSL Certificate, ciphers and vulnerabilities.
Mozilla SSL Config produces ideal SSL config for various web servers.
BadSSL maintains testing servers with various issues, great for testing your monitoring setup
Illustrated TLS Connection every byte of a TLS connection explained and reproduced.
We hope you found this tool useful and would want to share it with others
