Nessus Plugin

I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

http://github.com/Zate/Nessus-Bridge-for-Metasploit

Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

Feel free to submit feature requests and bugs on that site also.


by with 1 comment.

Comments

Pingbacks & Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>