Nessus Bridge for Metasploit :: Generic Commands
Lets load up some more, type “load nessus” and press enter. Some new lines should scroll by telling you that you just loaded the Nessus Bridge for Nessus 4.2.x. So yeah, just incase you are curious, this plugin works with the latest Nessus. Prior to 4.0 will not work, neither will OpenVAS.
The line below that says to type nessus_help for a list of commands. So go ahead and do that.
So it shows us the following commands available for the “Generic” group.
Lets run through these one at a time.
This should be your first command after looking at the help. Nothing works in the plugin without you being logged in to your server. You use the same URL and credentials that you used to login to the Nessus Web Client.
We offer 3 ways to login. You can type the entire string on one line to connect, like this:
- nessus_connect user:password@myhost:8834 ok
User and pass should be pretty self explanatory. myhost is the hostname (ir ip address) of your nessus server and 8834 is the default port it listens on for the web client. 1241 will NOT work. The “ok” is optional if your nessus server is on the same server (ie localhost or 127.0.0.1). It just makes sure you know that if it’s a remote server, we are not checking the ssl cert and so you might be vulnerable to a MITM attack.
Alternatively you can do the following:
- nessus_connect user@myhost:8834 ok
Same as above except it will now prompt you for the password.
But wait, there’s more.
- nessus_connect myhost ok
Woa. We just got REAL simple. So yeah, simply your hostname or IP and the ok (optional still). This will prompt for both username and passoword and will assume that you are using the default 8834 port.
Ok, you should get a message telling you that you are authed if you did this correctly. Awesome. Super Awesome.
This is pretty simple. It logs you out. Nuff said?
Ok, this takes no args, just a pure command and will tell you a bit about your server. It will list the versions of both your Nessus engine and Nessus Web as well as things like how many users, policies, running scans, reports and plugins you have. Cool shit. It does take a few seconds to come back with all this valuable info.
Useful command that just checks if your current user is an admin. A number of other commands require that your user be an admin so this is part of that. Most of those commands automatically check if you are an admin and warn if you are not.
Displays the information about your feed type, Nessus version and web console version.
nessus_find_targets <report id>
This we will come back to, it deserves a blog post of it’s own. Suffice to say, right now it’s not complete. The intent is for it to correlate Nessus vulns to msf exploits and return just a list of vulns we are pretty sure will result in a shell. It will be able to be used to import those for use with db_autopwn. Currently it just returns information on any hosts with vulns that are over 7.0 CVSS2 score. Still working on having it find the msf exploit to go with the Nessus plugin
Ok, so that is the Generic Commands, coming up next is Reports Commands where we get into the guts of getting info out of our Nessus server and into msf.
Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.
Posted in Bananas and tagged Auto, Commands, cool shit, Draft, first command, generic commands, generic group, msf, myhost, svn, type, web client by Zate with no comments yet.