New feature added.

Talking in the #metasploit channel on freenode.net today someone (you know who you are) gave me the idea of saving the username, password, hostname/ip and port to a nessus.yaml file so they would be saved between metasploit sessions.

So tonight, I added that. New commands added are:

  • nessus_save: this will save those 4 items to ~/.msf3/nessus.yaml
  • nessus_logout will now remove that file when invoked.
  • nessus_connect will look for that file and use it’s contents if invoked with no arguments.  If the file doesn’t exist, it will display usage.

So basically, load nessus, nessus_connect admin:[email protected]:8834 and then nessus_save.  Now each time you load nessus you just need to nessus_connect and it will reuse those saved creds, until you wiped them out with nessus_logout.

Up next is investigating a way to have the nessus.yaml house multiple sets of creds and let you invoke nessus_connect with the set name to login to that server (or the default set if no set name is given).  also need to modify nessus_save to take an argument that it will use for the set name.  Tackle that later this week I guess.

It’s been merged, so svn up and you are set.  Report bugs to me or via the metasploit redmine.

thanks!


Posted in Bananas and tagged , , , , , , , , , , by with no comments yet.

Pingbacks & Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *