Introduction
The fastest way to reset a Nessus password is via nessuscli: run sudo /opt/nessus/sbin/nessuscli chpasswd admin on Linux, enter your new password when prompted, then log in at https://localhost:8834. No service restart required. Works for Nessus Essentials, Professional, and Expert on Nessus 10.x on Linux and Windows.
Nessus is one of the most widely used vulnerability scanners in cybersecurity. Whether you're a penetration tester, security analyst, or system administrator, you may find yourself locked out of your Nessus installation after forgetting the admin password.
This guide shows you how to reset your Nessus password on Linux (including Kali Linux), macOS, and Windows using the nessuscli command-line tool.
Quick Solution
If you already know where nessuscli is located, here's the quick fix:
# Linux
sudo /opt/nessus/sbin/nessuscli chpasswd admin
# macOS
sudo /Library/Nessus/run/sbin/nessuscli chpasswd admin
# Windows (run as Administrator)
"C:\Program Files\Tenable\Nessus\nessuscli.exe" chpasswd admin
Step-by-Step Guide
Step 1: Find the nessuscli Location
The nessuscli utility location varies by operating system. If running nessuscli returns "command not found", you need to locate it first.
Linux (Kali, Ubuntu, Debian, CentOS)
Default location:
/opt/nessus/sbin/nessuscli
If not found, search for it:
find / -name "nessuscli" 2>/dev/null
Common Linux paths:
- /opt/nessus/sbin/nessuscli (standard installation)
- /usr/local/nessus/sbin/nessuscli (older versions)
macOS
Default location:
/Library/Nessus/run/sbin/nessuscli
Search if not found:
sudo find / -name "nessuscli" 2>/dev/null
Windows
Default location:
C:\Program Files\Tenable\Nessus\nessuscli.exe
Step 2: List Available Users
Before resetting a password, check which users exist in your Nessus installation.
Linux
sudo /opt/nessus/sbin/nessuscli lsuser
macOS
cd /Library/Nessus/run/sbin
sudo ./nessuscli lsuser
Windows (Run Command Prompt as Administrator)
"C:\Program Files\Tenable\Nessus\nessuscli.exe" lsuser
Example output:
admin
scanner_user
auditor
Step 3: Reset the Password
Now reset the password for the desired user (typically admin or root).
Linux
sudo /opt/nessus/sbin/nessuscli chpasswd admin
macOS
sudo /Library/Nessus/run/sbin/nessuscli chpasswd admin
Windows
"C:\Program Files\Tenable\Nessus\nessuscli.exe" chpasswd admin
You'll be prompted to enter and confirm the new password:
New password: ********
Confirm password: ********
Password changed for admin.
Step 4: Access Nessus Web Interface
After resetting the password, log in to Nessus at:
https://localhost:8834
Or if accessing remotely:
https://your-server-ip:8834
Note: Nessus uses a self-signed SSL certificate, so you'll need to accept the security warning in your browser.
Additional nessuscli Commands
The nessuscli tool offers more functionality beyond password resets:
Add a New User
sudo /opt/nessus/sbin/nessuscli adduser newusername
You'll be prompted for: - Password - User type (admin or regular) - Custom rules (optional)
Remove a User
sudo /opt/nessus/sbin/nessuscli rmuser username
Fix Database Issues
If Nessus won't start or has database corruption:
sudo /opt/nessus/sbin/nessuscli fix --reset
Warning: This resets Nessus to factory defaults, deleting all scans, policies, and settings!
Check Nessus Service Status
Linux (systemd)
sudo systemctl status nessusd
Linux (init.d)
sudo /etc/init.d/nessusd status
macOS
sudo launchctl list | grep nessus
Restart Nessus Service
Linux
sudo systemctl restart nessusd
# or
sudo /etc/init.d/nessusd restart
macOS
sudo launchctl stop com.tenablesecurity.nessusd
sudo launchctl start com.tenablesecurity.nessusd
Windows
net stop "Tenable Nessus"
net start "Tenable Nessus"
Troubleshooting
"nessuscli: command not found"
This means nessuscli isn't in your PATH. Use the full path:
# Linux
sudo /opt/nessus/sbin/nessuscli chpasswd admin
# macOS
sudo /Library/Nessus/run/sbin/nessuscli chpasswd admin
"Permission denied"
Run the command with sudo (Linux/macOS) or as Administrator (Windows):
sudo /opt/nessus/sbin/nessuscli chpasswd admin
Cannot Connect to https://localhost:8834
-
Check if Nessus service is running:
bash sudo systemctl status nessusd -
Start the service if stopped:
bash sudo systemctl start nessusd -
Check if port 8834 is listening:
bash sudo netstat -tlnp | grep 8834
Password Change Not Working
If the password change doesn't seem to take effect:
- Restart the Nessus service after changing the password
- Clear your browser cache or try incognito mode
- Verify you're using the correct username with
lsuser
"This Nessus installation is password-protected"
Some Nessus deployments are locked with an installation-level password that prevents normal chpasswd from working. You will see the error:
This Nessus installation is password-protected
To bypass this, use one of the following commands depending on your Nessus version:
# Tenable-recommended reset (Nessus 8.x and newer)
sudo /opt/nessus/sbin/nessuscli fetch --reset
# Full reset — removes all scans, policies, and users (use as last resort)
sudo /opt/nessus/sbin/nessuscli fix --reset-all
After running nessuscli fetch --reset, restart the Nessus service and complete the initial setup wizard at https://localhost:8834 to create a new admin account.
Warning: nessuscli fix --reset-all wipes the entire Nessus database. Back up /opt/nessus/var/nessus/ before running it.
Summary
To reset your Nessus password:
- Locate nessuscli: Usually at
/opt/nessus/sbin/nessuscli(Linux) or/Library/Nessus/run/sbin/nessuscli(macOS) - List users:
sudo nessuscli lsuser - Reset password:
sudo nessuscli chpasswd username - Log in: Access
https://localhost:8834with your new password
This method works for Nessus Essentials, Nessus Professional, and Nessus Expert on all supported platforms.