Nessus offline registration is a multi-step "sneakernet" process designed for air-gapped systems that cannot reach the internet to fetch updates. To register, you must bridge the gap between your offline scanner and Tenable’s online portal using a "challenge code" unique to your installation. The Registration Process
The "long story" involves jumping between two machines: your Offline Scanner and an Online Computer. Generate the Challenge Code (Offline System): Log into the machine where Nessus is installed.
Open a command prompt and run the command: nessuscli fetch --challenge.
Note the Code: You will receive a long alphanumeric string (e.g., aaaaaa11b2222cc33d44...) and a URL. Generate the License (Online Computer): Navigate to the Tenable Offline Registration page.
Enter your Challenge Code and your Activation Code (the license key you received via email).
Download Files: After submitting, the site will provide two critical items: The nessus.license file.
A link to download the Plugin Archive (a large compressed file like all-2.0.tar.gz). Complete the Activation (Offline System):
Transfer both the license and the plugin archive to the offline system via USB or secure media.
Register the License: Run nessuscli fetch --register-offline nessus.license.
Update Plugins: Use the command nessuscli update to load the vulnerability signatures. Key Hardware & Software Requirements
According to Tenable documentation, even in offline mode, ensure your system meets these specs: Install Tenable Nessus Offline
Prerequisites
- Nessus installed on the offline machine (Windows/Linux/macOS).
- A valid license (activation code from Tenable).
- A secondary machine with internet access to fetch the challenge file and download the license.
Troubleshooting
| Issue | Solution |
|-------|----------|
| Challenge code invalid | Regenerate challenge on the exact offline machine (changes after Nessus reinstall). |
| License file not accepted | Ensure license matches the product (Pro vs Expert) and version (8.x vs 10.x). |
| Web UI shows "unlicensed" | Check that nessusd is running and port 8834 is open. |
Important Notes
- Offline plugin updates require downloading
nessus-updates-<version>.tar.gzfrom Tenable and using:nessuscli update /path/to/nessus-updates-<version>.tar.gz - Nessus Home (free) does not officially support offline activation. Use a Professional trial or purchased license.
- For air-gapped networks, consider Tenable.sc (Security Center) which is designed for offline/static updates.
Step 2: Register Offline via Tenable
On a computer that has internet access:
- Go to the Tenable Offline Registration page:
- Standard:
https://plugins.nessus.org/v2/offline.php - US Government/Federal:
https://plugins.nessus.org/v2/offline.php?federal=1(Only use this if you have a Federal license).
- Standard:
- On this page, enter:
- Your License Code.
- The Challenge Code you generated in Step 1.
- Click Submit.
- The website will generate two things for you to download:
- nessus-fetch.db (This contains your registration info).
- All Plugins File (Usually a
.gzor.zipfile, this is very large, often 200MB+).
Note: Download the plugins file. Trying to update plugins offline without this file is very difficult.
2. Prerequisites for Offline Registration
| Requirement | Details | |-------------|---------| | Nessus version | 8.x, 9.x, 10.x (the process is similar) | | Activation code | Nessus Professional, Nessus Expert, or Tenable.io (some tiers support offline) | | Offline host | Linux, Windows, or macOS without internet | | Online machine | Any OS with browser & internet | | USB / secure transfer | To move files between machines |
Note: Nessus Essentials (free) generally does not support offline registration – it requires periodic online validation.