sudo systemctl restart nessusd # Linux systemd sudo /etc/init.d/nessusd restart # SysV init net stop "Tenable Nessus" && net start "Tenable Nessus" # Windows Log into the Nessus web UI (port 8834). Go to Settings → About → Plugins . The “Plugin Date” should reflect the timestamp from your tarball. Section 6: Troubleshooting Common Download & Installation Errors Even with the correct file, things go wrong. Here are fixes for the top five issues. Issue 1: “Invalid plugin feed” or “Checksum mismatch” Cause : File corrupted during download or transfer. Fix : Redownload using a stable connection. Use rsync or scp binary transfer mode (not ASCII). Issue 2: Nessus says “Update file is older than current plugins” Cause : You downloaded an outdated tarball. Fix : Always fetch the latest nessus-update-plugins-all-2.0.tar.gz . Check the file’s modification timestamp or extract and examine plugin_info.json . Issue 3: Permission denied when running nessuscli Cause : Non-root user attempting update. Fix : Run with sudo (Linux) or as Administrator (Windows). Nessus writes to protected directories. Issue 4: File not found after download Cause : Browser renamed the file or added (1) suffix. Fix : Rename to the exact nessus-update-plugins-all-2.0.tar.gz . Issue 5: SSL/TLS errors during download script execution Cause : Python script cannot verify Tenable’s certificate. Fix : Update your CA certificates ( sudo apt install ca-certificates on Debian) or use the --insecure flag (not recommended for production). Section 7: Automation Tips for Regular Offline Updates If you manage a fleet of air-gapped Nessus scanners, manually downloading and copying the bundle every week is tedious. Set up a bastion host (a single machine with authorized, limited internet) to automate the process. Sample Automation Script (Bash) #!/bin/bash # offlinesync.sh - Downloads latest nessus-update-plugins-all-2.0.tar.gz # and pushes to offline scanners via USB staging directory. WORKDIR="/opt/nessus_offline_sync" OUTFILE="$WORKDIR/nessus-update-plugins-all-2.0.tar.gz" LOG="$WORKDIR/sync.log"
Newer naming convention includes a timestamp: nessus-update-plugins-all-2.0-YYYY-MM-DD.tar.gz . Your automation should use wildcards or rename. download nessus-update-plugins all-2.0.tar.gz
This tarball (a compressed archive) contains all Nessus plugins (over 200,000+ as of 2025) packaged into a single, offline-friendly bundle. While Tenable has migrated many users to Nessus Professional or Tenable.sc, this specific file naming convention persists in documentation, forums, and legacy scripts. If you need to manually update a Nessus scanner without an internet connection, understanding how to download and apply this file is non-negotiable. sudo systemctl restart nessusd # Linux systemd sudo
wget https://docs.tenable.com/nessus/offline_update/nessus_offline_update_downloader.py python3 nessus_offline_update_downloader.py --username YOUREMAIL --password YOURPASS --output nessus-update-plugins-all-2.0.tar.gz This script is the most reliable method for automated downloads. If your license predates modern APIs, you may request a direct download link from Tenable Support. Include your license activation code and the hostname of the offline scanner. Support will email a time-limited HTTPS link to download nessus-update-plugins-all-2.0.tar.gz . Section 4: Verifying File Integrity (SHA256 Checksums) After downloading, always verify the file’s checksum. Corrupted or tampered bundles will cause Nessus to reject the update or crash. Fix : Redownload using a stable connection