Nessus Essentials with offline registration and plugin updates

In this episode, I would like to talk about Nessus Essentials and, in particular, how to register and update it without direct internet access. Nothing complicated, but there are a couple of pitfalls that I would like to share.

Nessus Essentials with offline updates

Let’s say you need to scan a host in a critical autonomous segment where Internet access is strictly prohibited. In such scenarios, Nessus Essentials is really suitable. It is a fully functional network vulnerability scanner with a good vulnerability knowledgebase. It can be registered and updated offline! And most importantly, it’s free even for corporate use! There is, of course, a 16 IP addresses limit, but in this case it is not really important.

You go to the Nessus Essentials page, enter your first name, last name and email.

You go to the Nessus Essentials page, enter your first name, last name and email

Then you will receive an email with an activation code.

A letter with a key

Then you just download Nessus distribution, copy it to your server and start the installation.

Download Nessus distribution from the page

Which operating system should you choose for Nessus server? It might seem that the choice is obvious – Linux. However, it’s much more convenient to debug why the WMI connection between the scanner and the target host is not working if you have installed Nessus on Windows.

Please note that the page contains archives with software updates. And it might seem logical that they should be used to update the plugins of your Nessus Essentials scanner. But in fact, no, you DO NOT NEED them, you will get plugins differently.

The page contains archives with plugins

When installing, choose Nessus Essentials

Nessus Essentials

and offline registration.

Nessus offline registration

In fact, you need to go to the offline registration service (please note that the link in the installer is to http://, but in fact the service only supports https://!) and enter the challenge code and the activation code there.

Generate a license for Nessus

Besides the license, this service will show you the unique URL! This is very important, please copy it. With this URL you will get the plugin archive. According to instructions the archive with the plugins should be placed in the Nessus directory before entering the license. I did it, but it didn’t work for me.

With this URL you will get the Nessus plugin archives

So, what is the problem?

Nessus Essentials

Once installed, you will most likely end up with no plugins in the scanner.

No plugins in scanner

And to get the plugins, you need to go to Settings -> About -> Software Update -> Manual Software Update, select the archive with plugins that you downloaded using the unique URL from the offline registration service.

Manual Software Update

In fact, this is not very transparent process, but you should wait for a while until the packages are recompiled and possibly re-login in Nessus. Immediately after import, the Plugin Set remains the empty, but after ~10 minutes it starts showing the normal version of the Plugin Set.

Immediately after import, the Plugin Set remains the same empty, but after ~10 minutes it starts showing the normal version of the Plugin Set

Then use Nessus as usual. Each time update the plugins using the unique URL from the offline registration service.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.