• Nessus Bridge for Metasploit :: Generic Commands
    (some features discussed in this post are not yet in msf, grab the latest code from here if you want to test)

    Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.
    Go ahead and fireup the msf console (“msfconsole” at your prompt) and you should be presented with the standard msfconsole banner and blurbage telling how much cool shit you just loaded up.

    Lets load up some more, type “load nessus” and press enter.  Some new lines should scroll by telling you that you just loaded the Nessus Bridge for Nessus 4.2.x.  So yeah, just incase you are curious, this plugin works with the latest Nessus.  Prior to 4.0 will not work, neither will OpenVAS.

    The line below that says to type nessus_help for a list of commands.  So go ahead and do that.

    So it shows us the following commands available for the “Generic” group. Read the rest of this entry »

    Written on September 26th, 2010 , Bananas Tags: , , , , , , , , , , ,
    Nessus Plugin

    I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

    As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

    http://github.com/Zate/Nessus-Bridge-for-Metasploit

    Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

    If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

    I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

    Feel free to submit feature requests and bugs on that site also.

    Written on September 26th, 2010 , Tags: , , , , , , , , , , , , , , , , , , , , ,
    Newer Entries >>

    Things and Stuff is proudly powered by WordPress and the Theme Adventure by Eric Schwarz
    Entries (RSS) and Comments (RSS).

    Things and Stuff

    A Blog about things and stuff.