Since Nessus version 7.0, the state altering requests (for example, the create/launch/pause/stop/delete scans) are protected by a new authentication mechanism. For Metasploit to follow the newly updated mechanism for user authentication, we need to patch the nessus_rest RubyGem. To do this, just search for the nessus_rest.rb file in the RubyGems directory. The code that doesn't interact with the new authentication mechanism of Nessus can be found at line 152:

We need to replace the code on line 152 with the one given here:

The code can be found here: https://github.com/kost/nessus_rest-ruby/pull/7/files.

Next, we will be performing a Nessus scan.