Nessus Bridge for Metasploit :: Generic Commands

(some features discussed in this post are not yet in msf, grab the latest code from here if you want to test)

Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.
Go ahead and fireup the msf console (“msfconsole” at your prompt) and you should be presented with the standard msfconsole banner and blurbage telling how much cool shit you just loaded up.

Lets load up some more, type “load nessus” and press enter.  Some new lines should scroll by telling you that you just loaded the Nessus Bridge for Nessus 4.2.x.  So yeah, just incase you are curious, this plugin works with the latest Nessus.  Prior to 4.0 will not work, neither will OpenVAS.

The line below that says to type nessus_help for a list of commands.  So go ahead and do that.

So it shows us the following commands available for the “Generic” group.

  • nessus_connect
  • nessus_logout
  • nessus_help
  • nessus_server_status
  • nessus_admin
  • nessus_server_feed
  • nessus_find_targets

Lets run through these one at a time.

nessus_connect

This should be your first command after looking at the help.  Nothing works in the plugin without you being logged in to your server.  You use the same URL and credentials that you used to login to the Nessus Web Client.

We offer 3 ways to login.  You can type the entire string on one line to connect, like this:

  • nessus_connect user:password@myhost:8834 ok

User and pass should be pretty self explanatory.  myhost is the hostname (ir ip address) of your nessus server and 8834 is the default port it listens on for the web client.  1241 will NOT work.  The “ok” is optional if your nessus server is on the same server (ie localhost or 127.0.0.1).  It just makes sure you know that if it’s a remote server, we are not checking the ssl cert and so you might be vulnerable to a MITM attack.

Alternatively you can do the following:

  • nessus_connect user@myhost:8834 ok

Same as above except it will now prompt you for the password.

But wait, there’s more.

  • nessus_connect myhost ok

Woa.  We just got REAL simple.  So yeah, simply your hostname or IP and the ok (optional still).  This will prompt for both username and passoword and will assume that you are using the default 8834 port.

Ok, you should get a message telling you that you are authed if you did this correctly.  Awesome.  Super Awesome.

nessus_logout

This is pretty simple.  It logs you out.  Nuff said?

nessus_server_status

Ok, this takes no args, just a pure command and will tell you a bit about your server.  It will list the versions of both your Nessus engine and Nessus Web as well as things like how many users, policies, running scans, reports and plugins you have.  Cool shit.  It does take a few seconds to come back with all this valuable info.

nessus_admin

Useful command that just checks if your current user is an admin.  A number of other commands require that your user be an admin so this is part of that.  Most of those commands automatically check if you are an admin and warn if you are not.

nessus_server_feed

Displays the information about your feed type, Nessus version and web console version.

nessus_find_targets <report id>

This we will come back to, it deserves a blog post of it’s own.  Suffice to say, right now it’s not complete.  The intent is for it to correlate Nessus vulns to msf exploits and return just a list of vulns we are pretty sure will result in a shell.  It will be able to be used to import those for use with db_autopwn.  Currently it just returns information on any hosts with vulns that are over 7.0 CVSS2 score.  Still working on having it find the msf exploit to go with the Nessus plugin

Ok, so that is the Generic Commands, coming up next is Reports Commands where we get into the guts of getting info out of our Nessus server and into msf.

Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.


Posted in Bananas and tagged , , , , , , , , , , , by with no comments yet.

Pingbacks & Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>