Nessus Bridge for Metasploit :: Plugin Commands

Welcome to part 5 of my Nessus Bridge for Metasploit coverage.  Here is part 1part 2part 3 and part 4 if you are just joining us.

Next up are the plugin commands.  These helpful little beasts are all about showing you what plugins are available on your nessus server, and how many of them you have.

  • nessus_plugin_list
  • nessus_plugin_family
  • nessus_plugin_details
  • nessus_plugin_prefs

Given that nessus has over 38,000 plugins, simply asking it to list them all would result in a very large list returned from the server.  Nessus gets around this by breaking the request down into several parts.

nessus_plugin_list

[singlepic id=16 w=320 h=240 mode=web20 float=]

This will list all the plugin families and show you how many plugins are in each family.  They can range from just a few, to thousands.  The plugin family names returned here are used in further commands.

nessus_plugin_family

[singlepic id=15 w=320 h=240 mode=web20 float=]

Now armed with our plugin family name from the list command above, we can request the names of the plugins from one of the families.  Be warned, for some families this can result in a long list.  Returned from this command is a table showing the plugin ID, plugin name and plugin file name. The file name is what we use to get the plugin details (this strikes me as odd, I would have used the plugin ID as the identifier, the file name is annoying to use.)

nessus_plugin_details

[singlepic id=19 w=320 h=240 mode=web20 float=]

This cool command returns us the details of exactly what the plugin does.  Included are such gems as the risk factor, cvss score(s), cvss vector(s), description, solution, any identifiers such as CVE/BID and details on exploit availability.  As yet the exploit availability does not link to the exploit, though I’d love to see us come up with some common reference method for exploits, similar to CVE (you listening NIST/SCAP people, hop to it).

nessus_plugin_prefs

[singlepic id=17 w=320 h=240 mode=web20 float=]

Lastly, we have the prefs.  This shows the default server/plugin prefs and is quite long.  This is what things will default too if you do not change the setting to what you want in your policy. It returns 3 columns, Name, Value and Type.  Value shows what it’s currently set to and type tells you what kinds of settings it can have.  Really though it’s much easier to change these through the nessus web console right now for each policy.

I’m working on being able to create policies and templates from the command line to be used to do pinpoint scans for specific vulns on specific ports but it’s not there yet.  Missing is the ability to accurately and quickly tie a plugin to an exploit and working with these large entry/value pair lists on the command line is cumbersome.  End goal is to allow you to go through a process to create a scan template for a specific exploit and then scan for it and autopwn it when found.  Still a bit of work to do before I get there.

Thats all for plugins, up next in the series is User Commands.


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , , , by with no comments yet.

Pingbacks & Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *