How to reset the Nessus user password in Linux and Windows

Nessus password reset/change process

To reset a forgotten/unknown password, you must use the command line in either Windows or Linux. You can change a known password by logging into the Nessus GUI interface.

Reset/Change Nessus password on Windows

By default, in Windows Nessus installs to the following directory c:\Program Files\Tenable\Nessus\

  1. To reset/change the password of a user, execute the command prompt (cmd.exe) as an administrative user then run the following command to navigate to the directory with Nessus installed.

Note: The directory location might be slightly different if you have a non-standard installation path.

cd c:\Program Files\Tenable\Nessus\

2. Replace username in the example below with the actual username of the user that you want to change their password. You'll be prompted to enter the new password.

nessuscli.exe chpasswd username

3. Enter the new password twice. This will return "Password changed for [username]. The password will not appear on the screen as you type.

Reset/Change Nessus password in Linux

By default, in Linux Nessus would be installed in the /opt directory

1. Open a terminal and navigate to the sbin folder of your Nessus installation. If installed at the default directory, you can copy the following command and paste it in your terminal.

cd ~/../opt/nessus/sbin/

2. Once in this directory, run the command below to change the password of a specific user. In the below example the username we used a username of admin

./nessuscli chpasswd admin

If you don't know the username for your Nessus Installation

This situation typically happens to people new on a team, and there wasn't a proper handover.

Enter the following command which will return the list of Nessus users. The use the command from the previous step to change the user's password and log in.

./nessuscli lsuser

How to verify the username is changed

Simply log into the Nessus GUI through your browser with the new password you just set.

By default, Nessus would be accessible at the following URL once the service is running.

  • https://localhost:8834

Links for additional information on this topic

Links for Penetration Testers