Ultimate Nessus Cheat Sheet

Ultimate Nessus Cheat Sheet

The industry standard for vulnerability assessment and compliance.

Jump To Section

• Nessus CLI
• Setup & Policies
• Scanning Workflow
• Credentialed Scans
• CVSS & VPR
• Reporting

1. Nessus CLI (Command Line)

Often overlooked, the CLI allows you to manage the server when the Web UI (8834) is down.
Path: /opt/nessus/sbin/ (Linux) or C:\Program Files\Tenable\Nessus\ (Windows).

User Management

./nessuscli adduser [username]

./nessuscli lsuser

./nessuscli chpasswd [username]

Updates & Maintenance

Manually force a plugin update if the UI is stuck.

./nessuscli update --all

service nessusd restart

Bug Reporting

Sanitize logs before sending to Tenable support.

./nessuscli bug-report-generator --scrub

2. Setup & Scan Policies

Access the GUI at https://localhost:8834.

Discovery Scans

Host Discovery: Simple ping sweep. Finds live IPs but no vulnerabilities.

Port Scan: Identifies open ports and services.

Assessment Scans

Basic Network Scan: The default. Checks for CVEs without logging in.

Advanced Scan: Full control over timeout, brute force, and SSL settings.

Compliance

Audit Cloud Infrastructure: AWS/Azure audits.

PCI-DSS: Specifically for payment card industry compliance.

3. Scanning Workflow

Best practices for efficient scanning.

1. Define Targets

You can enter single IPs, ranges, or CIDR blocks.

• 192.168.1.100 (Single)
• 192.168.1.1-192.168.1.50 (Range)
• 10.0.0.0/24 (CIDR)

2. Schedule

Set scans to run during off-hours to prevent network latency.

3. Post-Scan Actions

Configure Nessus to email you immediately upon completion (Settings > SMTP Server required).

4. Credentialed Scans

The "Gold Standard". Logging into the machine allows Nessus to check patch levels and registry keys locally.

OS	Requirements
Windows	SMB (Port 445), Remote Registry Service enabled, File & Printer Sharing enabled.
Linux/Unix	SSH (Port 22). Use an SSH Key for better security than a password.
VMware	SOAP API credentials.

Tip: If you see "Nessus was unable to log into the remote host", check your credentials or AV/Firewall settings blocking the connection.

5. Scoring (CVSS vs VPR)

Understanding the severity of findings.

CVSS (Standard)

Common Vulnerability Scoring System. Static score.

• Critical: 9.0 - 10.0
• High: 7.0 - 8.9
• Medium: 4.0 - 6.9
• Low: 0.1 - 3.9

VPR (Tenable)

Vulnerability Priority Rating. Dynamic score.

Takes the CVSS and adjusts it based on current threat intelligence (e.g., is there an active exploit kit in the wild?). Prioritize VPR over CVSS.

6. Reporting & Export

Getting data out of Nessus.

• .nessus: XML format. Use this to import data into other tools (Metasploit, Faraday).
• HTML: Good for quick visual checks.
• PDF: The "Executive Report". Clean summary for management.
• CSV: Raw data. Best for importing into Excel to sort massive lists of vulnerabilities.

⇧