Nessus Bridge for Metasploit :: Plugin Commands

Welcome to part 5 of my Nessus Bridge for Metasploit coverage.  Here is part 1part 2part 3 and part 4 if you are just joining us.

Next up are the plugin commands.  These helpful little beasts are all about showing you what plugins are available on your nessus server, and how many of them you have.

  • nessus_plugin_list
  • nessus_plugin_family
  • nessus_plugin_details
  • nessus_plugin_prefs

Given that nessus has over 38,000 plugins, simply asking it to list them all would result in a very large list returned from the server.  Nessus gets around this by breaking the request down into several parts. (more…)


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , , , by with no comments yet.

Nessus Bridge for Metasploit :: Scan Commands

Welcome to part 4 of my Nessus Bridge for Metasploit coverage.  Here is part 1 and part 2 and part 3 if you are just joining us.

The Scan Commands are where this plugin starts to really differ from previously importing nessus scans from flat files.  With these commands we can stay within the metasploit framework and reach out and examine things with Nessus.  We can then use the Report Commands we just learnt about to pull that data back to later pwn stuff.

Scan Commands are as follows:

  • nessus_scan_new
  • nessus_scan_status
  • nessus_scan_pause
  • nessus_scan_pause_all
  • nessus_scan_stop
  • nessus_scan_stop_all
  • nessus_scan_resume
  • nessus_scan_resume_all (more…)

Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , , , , , , by with no comments yet.

Nessus Bridge for Metasploit :: Generic Commands

(some features discussed in this post are not yet in msf, grab the latest code from here if you want to test)

Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.
Go ahead and fireup the msf console (“msfconsole” at your prompt) and you should be presented with the standard msfconsole banner and blurbage telling how much cool shit you just loaded up.

Lets load up some more, type “load nessus” and press enter.  Some new lines should scroll by telling you that you just loaded the Nessus Bridge for Nessus 4.2.x.  So yeah, just incase you are curious, this plugin works with the latest Nessus.  Prior to 4.0 will not work, neither will OpenVAS.

The line below that says to type nessus_help for a list of commands.  So go ahead and do that.

So it shows us the following commands available for the “Generic” group. (more…)


Posted in Bananas and tagged , , , , , , , , , , , by with no comments yet.

Nessus Bridge for Metasploit :: Intro

One of the most frustrating things for me when I started with metasploit (known as msf from here in) was not exploiting something, but finding something to exploit.  I had all these exploits at my finger tips but my ability to find something to pwn was limited by having to move back and forth between a bunch of tools and cross reference things.

This changed when I did my PwB v3 course, I got much better at determining when and how to use msf to take advantage of something I found.  There was still a lot of moving between tools but I was at least able to identify vulnerable hosts.

I use Nessus in my day job to scan for vulns and sometimes I need to be able to turn those results into demonstrations or do false positive checking.  It was a little annoying to run the scan either from the cli, or usually from the Nessus Web Client and then have to manually import the Nessusv2 report.

At the same time MSF Express came out.  WoW, that is some slick shit. (more…)


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , by with 7 comments.