Post

Tenable Plugin Downloads Links

Posted Updated
By Matt Dennett
2 min read
Tenable Plugin Downloads Links

There are a few instances where you might need to manually download the latest set of Tenable plugin files. If you have the link handy, it’s a straightforward task. However, if the download link hasn’t been recorded during installation or has been lost over time, it’s a little more tricky. Here, I’ll run through the process to recover the link from a licensed Tenable Security Center.

Process

This process it’s complicated, nor is is a secret - I’m pretty sure Tenable have their own KB articles for this process.

1 - Generate a Diagnostics File

In general, the only time you need to generate a diagnostics file is when you’re working with Tenable Support. However, in this case, it is the easiest way for us to get the information we need, including our download credentials.

To generate the diagnostics file

  • Log into Tenable Security Center as an admin user.
  • Navigate to System -> Diagnostics File.
  • Leave all the options selected and click “Generate file”.
  • Once the file is generated, this can take a few minutes, download the file to your local machine

2 - Extract the Credential details

The diagnostics file generated by Tenable Security Center contains a plethora of information. Of all the information in the file, we are only interested in two fields.PluginSubscriptionLogin and PluginSubscriptionPassword

  • Extract the debug.zip archive with the tool of your choice.
  • In the extracted content, find the file sc-configuration.txt and open it with any text editor.
  • In the file take note of the two fields PluginSubscriptionLogin and PluginSubscriptionPassword

3 - Build the Download Link

Now that we have the download credentials from SC, all we need to do is construct the download link. In the URL below, replace <login> with the value of PluginSubscriptionLogin and <password> with the value of PluginSubscriptionPassword. Depending on the file you need, you can also change the f= field in the URL to download the file you need, as shown below.

  • https://plugins.nessus.org/get.php?f=SecurityCenterFeed48.tar.gz&u=<login>&p=<password>
  • https://plugins.nessus.org/get.php?f=sc-plugins-diff.tar.gz&u=<login>&p=<password>
  • https://plugins.nessus.org/get.php?f=all-2.0.tar.gz&u=<login>&p=<password>

Note

I’ve seen some Tenable documentation use https://downloads.nessus.org instead of https://plugins.nessus.org. I’m not sure what the difference is or if there is any. At the time of writing this, all three files are available from both URLs and have matching hashes.

1
2
3
4
5
6
7
8
9
10

PS E:\tmp> Get-FileHash -Path *  -Algorithm SHA1 | Select Hash, Path
Hash                                      Path
----                                      ----
6B067ACED0D383608CE60AEE2FA119C98A042B34  E:\all-2.0-p.tar.gz
6B067ACED0D383608CE60AEE2FA119C98A042B34  E:\all-2.0.tar.gz
A54D6F94104AADE01E8231F4AE0161A3F58CD4E0  E:\sc-plugins-diff-p.tar.gz
A54D6F94104AADE01E8231F4AE0161A3F58CD4E0  E:\sc-plugins-diff.tar.gz
A15FEFABB0E15B488801637D7C2A3C5C840CA217  E:\SecurityCenterFeed48-p.tar.gz
A15FEFABB0E15B488801637D7C2A3C5C840CA217  E:\SecurityCenterFeed48.tar.gz
PS E:\tmp>
Blog, Tenable
Tenable Tips Plugins
This post is licensed under CC BY 4.0 by the author.