Talking in the #metasploit channel on freenode.net today someone (you know who you are) gave me the idea of saving the username, password, hostname/ip and port to a nessus.yaml file so they would be saved between metasploit sessions.
So tonight, I added that. New commands added are:
- nessus_save: this will save those 4 items to ~/.msf3/nessus.yaml
- nessus_logout will now remove that file when invoked.
- nessus_connect will look for that file and use it’s contents if invoked with no arguments. If the file doesn’t exist, it will display usage.
So basically, load nessus, nessus_connect admin:[email protected]:8834 and then nessus_save. Now each time you load nessus you just need to nessus_connect and it will reuse those saved creds, until you wiped them out with nessus_logout.
Up next is investigating a way to have the nessus.yaml house multiple sets of creds and let you invoke nessus_connect with the set name to login to that server (or the default set if no set name is given). also need to modify nessus_save to take an argument that it will use for the set name. Tackle that later this week I guess.
It’s been merged, so svn up and you are set. Report bugs to me or via the metasploit redmine.
Posted in Bananas and tagged Auto, Draft, idea, logout, Metasploit, nessus, new feature, password, report bugs, today, yaml by Zate with no comments yet.