New feature added.

Talking in the #metasploit channel on freenode.net today someone (you know who you are) gave me the idea of saving the username, password, hostname/ip and port to a nessus.yaml file so they would be saved between metasploit sessions.

So tonight, I added that. New commands added are:

  • nessus_save: this will save those 4 items to ~/.msf3/nessus.yaml
  • nessus_logout will now remove that file when invoked.
  • nessus_connect will look for that file and use it’s contents if invoked with no arguments.  If the file doesn’t exist, it will display usage.

So basically, load nessus, nessus_connect admin:[email protected]:8834 and then nessus_save.  Now each time you load nessus you just need to nessus_connect and it will reuse those saved creds, until you wiped them out with nessus_logout.

Up next is investigating a way to have the nessus.yaml house multiple sets of creds and let you invoke nessus_connect with the set name to login to that server (or the default set if no set name is given).  also need to modify nessus_save to take an argument that it will use for the set name.  Tackle that later this week I guess.

It’s been merged, so svn up and you are set.  Report bugs to me or via the metasploit redmine.

thanks!


Posted in Bananas and tagged , , , , , , , , , , by with no comments yet.

Presenting the Nessus Bridge at #Hack3rcon this weekend.

This weekend (Oct 23rd and 24th) I will be in Charleston WV presenting/demoing the Nessus Bridge for Metasploit at Hack3rcon.  This will be the first time I’ll have presented anything outside of work and should be lots of fun.  Quite a few great speakers that I look forward to meeting.

I’ll post the presentation up here once it’s done for everyone else to take a look at.  Actually going to be presenting a few new commands that are not in the metasploit svn version of the plugin.

After Hack3rcon I’ll be back into high gear adding some new functionality to the plugin and branching out into writing a wrapper for Nessus to speak IVIL for Seccubus v2.  This is pretty exciting stuff for me.  Coming up with a xml format to speak “findings” that is tool agnostic is going to be a great thing.  It will mean moving findings between tools, or comparing findings between tools, will be much much easier.  Keep a look out for that one.

There has been some talk on the metasploit mailing list this week about using tools such as Nessus to scan through a MSF pivot and into another network.  Some interesting discussion and I think it’s something I will dive into in these next few weeks.  Start to examine what some of the limitations are and how we might overcome or avoid them.

that’s it for now.  have a good weekend.


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , by with no comments yet.

Nessus Bridge for Metasploit :: Plugin Commands

Welcome to part 5 of my Nessus Bridge for Metasploit coverage.  Here is part 1part 2part 3 and part 4 if you are just joining us.

Next up are the plugin commands.  These helpful little beasts are all about showing you what plugins are available on your nessus server, and how many of them you have.

  • nessus_plugin_list
  • nessus_plugin_family
  • nessus_plugin_details
  • nessus_plugin_prefs

Given that nessus has over 38,000 plugins, simply asking it to list them all would result in a very large list returned from the server.  Nessus gets around this by breaking the request down into several parts. (more…)


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , , , by with no comments yet.

It’s the small victories…

So one of the major “issues” with the Nessus for Metasploit Plugin right now is that it does not handle large reports well.  Not even the usual db_import_nessus handles large reports well and this is because it reads the entire file in one big blob then parses it.

The nexpose importer and the nmap importer both use REXML Stream Processors.

So tonight I copied the nmap_xml.rb file and am working on making it process Nessus v2 files.  I am hoping that both the Nessus plugin, and the db_import will benefit from these changes.

I’ve been looking at it for a few days and kind of avoiding it because it’s difficult and is going to require large portions of my time fumbling through learning how the current one works enough to know how/what to modify.

Well turns out it’s simpler than I thought. (more…)


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , by with no comments yet.

Nessus Bridge for Metasploit :: Scan Commands

Welcome to part 4 of my Nessus Bridge for Metasploit coverage.  Here is part 1 and part 2 and part 3 if you are just joining us.

The Scan Commands are where this plugin starts to really differ from previously importing nessus scans from flat files.  With these commands we can stay within the metasploit framework and reach out and examine things with Nessus.  We can then use the Report Commands we just learnt about to pull that data back to later pwn stuff.

Scan Commands are as follows:

  • nessus_scan_new
  • nessus_scan_status
  • nessus_scan_pause
  • nessus_scan_pause_all
  • nessus_scan_stop
  • nessus_scan_stop_all
  • nessus_scan_resume
  • nessus_scan_resume_all (more…)

Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , , , , , , , , , , , , by with no comments yet.

Nessus Plugin

I am developing a plugin for Metasploit that will allow you to use your remote Nessus 4.2 server to conduct recon from within the Metasploit console.  It speaks xmlrpc direct to the Nessus server and lets you do things such as import reports directly from Nessus or kick off scans.  More details can be found here : http://blog.zate.org/2010/09/26/nessus-bridge-for-metasploit-intro/

As I develop the plugin more, changes will be merged into the opensource version of Metasploit (not Express or Pro).  So in order to still be able to make many small rapid changes and get them tested by end users, without disrupting the main Metasploit dev team too much I am sticking the plugin and the library up on github.

http://github.com/Zate/Nessus-Bridge-for-Metasploit

Feel free to fork it, hack on it and submit pull requests.  If you want to just test the code, you can always grab the latest from there and stick it in your msf install.  Chances are that the github copy will be always ahead of the main msf dev branch as I’ll be commiting often as I develop.

If you don’t know how github works (I’m not that sure either.. lol) you should google for some docs on it.

I’ve got my setup so that plugins/nessus and lib/nessus/nessus-xmlrpc.rb in my /opt/msf3 directory link over the versions in the github branch I downloaded.  That way I can hack on it remotely and then commit directly very easily.  Not sure if that is how it’s done but thats how I am doing it.

Feel free to submit feature requests and bugs on that site also.


Posted in and tagged , , , , , , , , , , , , , , , , , , , , , by with 1 comment.

New Things

Been a while since I have written.

So what have I been upto?  Well.  Looking back over old posts let me update a couple of things.

  • Got the phone.  Ended up with the Nexus One, on ATT, bought it outright (no contract).  Totally LOVE this phone.  It’s rooted, ROM’d and rockin.  Running Cyanogenmod 6 on it.  Seriously rocking phone.
  • I completed the OffensiveSecurity.com PwV v3.0 course.  Did 30 days worth of labs and then sat the exam for my OSCP.  Passed it too.  Was probably the best training I have ever attended and next to bootcamp for the army, one of the most intense 30 days of my career.  Loved every second of it.
  • Not working on HFC so much anymore.  The project just kind of petered out with Johnny going through some changes over in Uganda.  STill keep tabs on it and offer to help where I can.

So, new projects and things coming up, lets see. (more…)


Posted in Bananas and tagged , , , , , , , , , by with no comments yet.