2010 October | Things and Stuff

Presenting the Nessus Bridge at #Hack3rcon this weekend.

This weekend (Oct 23rd and 24th) I will be in Charleston WV presenting/demoing the Nessus Bridge for Metasploit at Hack3rcon. This will be the first time I’ll have presented anything outside of work and should be lots of fun. Quite a few great speakers that I look forward to meeting.

I’ll post the presentation up here once it’s done for everyone else to take a look at. Actually going to be presenting a few new commands that are not in the metasploit svn version of the plugin.

After Hack3rcon I’ll be back into high gear adding some new functionality to the plugin and branching out into writing a wrapper for Nessus to speak IVIL for Seccubus v2. This is pretty exciting stuff for me. Coming up with a xml format to speak “findings” that is tool agnostic is going to be a great thing. It will mean moving findings between tools, or comparing findings between tools, will be much much easier. Keep a look out for that one.

There has been some talk on the metasploit mailing list this week about using tools such as Nessus to scan through a MSF pivot and into another network. Some interesting discussion and I think it’s something I will dive into in these next few weeks. Start to examine what some of the limitations are and how we might overcome or avoid them.

that’s it for now. have a good weekend.

Written on October 21st, 2010 , Bananas, Security, Stuff, Technology, Things Tags: agnostic, Auto, Bridge, charleston wv, Draft, Hack, hacker convention, look, Metasploit, metasploit framework, nessus, Oct, Presenting, using tools, work, xml format

Latest changes to the Nessus Plugin submitted to Metasploit.

Late night last night I got the code cleaned up and submitted to msfdev.

Should probably be in the Metasploit svn in a few days, I know those guys are super busy with an upcoming release.

In the mean time you can download it from the GitHub – http://github.com/Zate/Nessus-Bridge-for-Metasploit

Changes:

Streaming Parser for Nessus V2 Reports.
- This streams the file from the nessus server and processes each host as it finds it instead of loading the entire file into memory which can be very intensive on large reports. Performance is much better though it can take a while to interate through large numbers of hosts. Read the rest of this entry »

Written on October 9th, 2010 , Security, Technology Tags: Auto, curre, Draft, experimental support, index system, msf, nessus server, search functionality

Nessus Bridge for Metasploit :: Plugin Commands

Welcome to part 5 of my Nessus Bridge for Metasploit coverage. Here is part 1, part 2 , part 3 and part 4 if you are just joining us.

Next up are the plugin commands. These helpful little beasts are all about showing you what plugins are available on your nessus server, and how many of them you have.

nessus_plugin_list
nessus_plugin_family
nessus_plugin_details
nessus_plugin_prefs

Given that nessus has over 38,000 plugins, simply asking it to list them all would result in a very large list returned from the server. Nessus gets around this by breaking the request down into several parts. Read the rest of this entry »

Written on October 6th, 2010 , Bananas, Security, Stuff, Technology, Things Tags: Auto, Bridge, Commands, CVE, default server, Draft, family names, list, little beasts, Metasploit, nessus, nessus server, plugin, prefs, risk factor, server plugin, Value, web

Streaming Parser for Nessus Plugin up for testing.

A few late night sessions of coding and I have a version of the plugin up on github.com that uses REXML Streaming Listener to parse the NessusV2 Reports. The benefits of this is being able to handle much larger scans, much faster as it will itterate over each host and add it as it parses it, instead of the DOM/Tree method which loads the entire file into memory before parsing.

What I’d like is a few people to test it.

So, grab the code from here, unpack it and then over write your metasploit install with the files in that archive. Should be 4 of them.

Once you have done that, test it, connect to a Nessus server, import some reports, test all the other functions and maybe even just test some importing of nmap etc too if you like.

Report any bugs to me to be fixed and then when you want to remove these files, just delete these 4 from your metasploit install and then do “svn update”.

Written on October 1st, 2010 , Bananas, Security, Stuff, Technology, Things Tags: Auto, com, dom tree, Draft, late night sessions, Metasploit, nessus server, Parser, REXML, Streaming, test

Things and Stuff is proudly powered by WordPress and the Theme Adventure by Eric Schwarz
Entries (RSS) and Comments (RSS).

Pages

Archives

Categories

A Blog about things and stuff.