nessus-cheat-sheet.adoc

Nessus Cheat Sheet

Table of Contents

• Data directories
• Binary directories and utilities
• Logs directories and files
• Plugin directories and files
• Search in plugin content
• Advanced Settings
• API
• Plugin Feed
  • Check latest available plugins feed
  • Check Plugin Feed in Nessus
• Good practices
• Additional resources

Data directories

Linux	/opt/nessus/var/nessus
macOS	/Library/Nessus/run/var/nessus
Windows	C:\ProgramData\Tenable\Nessus\nessus

Binary directories and utilities

Linux	/opt/nessus/sbin /opt/nessus/bin
macOS	/Library/Nessus/run/sbin /Library/Nessus/run/bin
Windows	C:\Program Files\Tenable\Nessus C:\Program Files (x86)\Tenable\Nessus

• nessusd - e.g. to recompile plugins

• nessuscli - e.g. to configure, manage and update Nessus (docs)

• nasl - e.g. to test, run, sign plugins

Logs directories and files

Linux	/opt/nessus/var/nessus/logs
macOS	/Library/Nessus/run/var/nessus/logs
Windows	C:\ProgramData\Tenable\Nessus\nessus\logs

• nessusd.dump — Nessus dump log file used for debugging output.
  

• nessusd.messages — Nessus scanner log.
  

• www_server.log — Nessus web server log.
  

• backend.log — Nessus backend log.
  

• nessuscli.log — Nessus CLI log.
  

Plugin directories and files

Linux	/opt/nessus/lib/nessus/plugins
macOS	/Library/Nessus/run/lib/nessus/plugins
Windows	C:\ProgramData\Tenable\Nessus\nessus\plugins

• *.nasl - plugins with readable source code

• *.nbin - compiled plugins

• *.inc - include libraries

Search in plugin content

cd /opt/nessus/lib/nessus/plugins
grep -rl script_id.19506 . (1)

1. Due to big number of plugins you need to use -r parameter to recursively search in plugins directory (i.e., force grep to behave as rgrep).

Advanced Settings

cd /opt/nessus/sbin
nessuscli fix --list
nessuscli fix --get setting_name
nessuscli fix --set setting_name=<value>

API

https://localhost:8834/api (1)
https://localhost:8834/server/status (2)
https://localhost:8834/server/properties (3)

1. Access Nessus API documentation.

2. Check Nessus service status.

3. Check Nessus service version.

Plugin Feed

Check latest available plugins feed

curl https://plugins.nessus.org/v2/plugins.php
202201311213

Check Plugin Feed in Nessus

Login to Nessus, go to Settings > About > check Plugin Set, or on OS level:

cd /opt/nessus/lib/nessus/plugins
head -1 plugin_feed_info.inc
PLUGIN_SET = "202201311213";

Good practices

When you run scan:

• Make sure that you have latest feed.

• Perform scan with credentials. (docs)

When you analyze scan results:

• Use Audit Trail to make sure why plugin did not provide result.

• Check Knowledge Base to find more details.

Additional resources

• docs.tenable.com/Nessus.htm - Nessus documentation

• tenable.com/downloads/nessus - Nessus download page

• tenable.com/plugins/search - Nessus Plugins Search

• community.tenable.com - Tenable Community

• github.com/tenable - Tenable profile at GitHub