Latest changes to the Nessus Plugin submitted to Metasploit.

Late night last night I got the code cleaned up and submitted to msfdev.

Should probably be in the Metasploit svn in a few days, I know those guys are super busy with an upcoming release.

In the mean time you can download it from the GitHub – http://github.com/Zate/Nessus-Bridge-for-Metasploit

Changes:

  • Streaming Parser for Nessus V2 Reports.
    • This streams the file from the nessus server and processes each host as it finds it instead of loading the entire file into memory which can be very intensive on large reports.  Performance is much better though it can take a while to interate through large numbers of hosts. (more…)

Posted in Security, Technology and tagged , , , , , , , by with 2 comments.

Nessus Bridge for Metasploit :: Generic Commands

(some features discussed in this post are not yet in msf, grab the latest code from here if you want to test)

Ok, so you have your msf installed (I like to install from the svn) and you have run “svn update” to ensure you have all the latest goodies.
Go ahead and fireup the msf console (“msfconsole” at your prompt) and you should be presented with the standard msfconsole banner and blurbage telling how much cool shit you just loaded up.

Lets load up some more, type “load nessus” and press enter.  Some new lines should scroll by telling you that you just loaded the Nessus Bridge for Nessus 4.2.x.  So yeah, just incase you are curious, this plugin works with the latest Nessus.  Prior to 4.0 will not work, neither will OpenVAS.

The line below that says to type nessus_help for a list of commands.  So go ahead and do that.

So it shows us the following commands available for the “Generic” group. (more…)


Posted in Bananas and tagged , , , , , , , , , , , by with no comments yet.

Nessus Plugin

I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

http://github.com/Zate/Nessus-Bridge-for-Metasploit

Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

Feel free to submit feature requests and bugs on that site also.


Posted in and tagged , , , , , , , , , , , , , , , , , , , , , by with 1 comment.

Nessus Bridge for Metasploit :: Intro

One of the most frustrating things for me when I started with metasploit (known as msf from here in) was not exploiting something, but finding something to exploit.  I had all these exploits at my finger tips but my ability to find something to pwn was limited by having to move back and forth between a bunch of tools and cross reference things.

This changed when I did my PwB v3 course, I got much better at determining when and how to use msf to take advantage of something I found.  There was still a lot of moving between tools but I was at least able to identify vulnerable hosts.

I use Nessus in my day job to scan for vulns and sometimes I need to be able to turn those results into demonstrations or do false positive checking.  It was a little annoying to run the scan either from the cli, or usually from the Nessus Web Client and then have to manually import the Nessusv2 report.

At the same time MSF Express came out.  WoW, that is some slick shit. (more…)


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , by with 7 comments.