Nessus Bridge for Metasploit :: Intro

One of the most frustrating things for me when I started with metasploit (known as msf from here in) was not exploiting something, but finding something to exploit.  I had all these exploits at my finger tips but my ability to find something to pwn was limited by having to move back and forth between a bunch of tools and cross reference things.

This changed when I did my PwB v3 course, I got much better at determining when and how to use msf to take advantage of something I found.  There was still a lot of moving between tools but I was at least able to identify vulnerable hosts.

I use Nessus in my day job to scan for vulns and sometimes I need to be able to turn those results into demonstrations or do false positive checking.  It was a little annoying to run the scan either from the cli, or usually from the Nessus Web Client and then have to manually import the Nessusv2 report.

At the same time MSF Express came out.  WoW, that is some slick shit.

I got to thinking, why not code a plugin that can do some limited stuff over xmlrpc from within the msfconsole and give me the ability to at least import my scan without having to go download it, transfer it over and then delete it.

So the Nessus Bridge for Metasploit was born. (Still in dev, so please report bugs)

The general concept is to allow you to do various tasks with your Nessus server, from within the msf command line.  By that I mean scan with Nessus, review the results, import the results and then exploit the results.

These next few blog posts will be some pointers on what it can (and can’t) do and how to use it.

Commands are broken up into the following categories and I will be covering each category in a separate entry.

Click though each link to see a more detailed explanation of the commands available for each category and how to use them


Posted in Bananas, Security, Stuff, Technology, Things and tagged , , , , , , , , , by with 7 comments.

Comments

  • Anil says:
    October 1, 2010 at 2:45 am

    Policy Commands:-
    how about including a policy command for creating new policy.

  • Zate says:
    October 1, 2010 at 7:48 am

    Absolutely, It’s on the list of things I can add. also looking to add template support so you can setup different scan types and create scans based on them.

  • denied39 says:
    October 1, 2010 at 10:18 am

    Do you know if this will get added to Metasploit Express? We already use Nessus in house and I can’t see making the change to Nexpose, but the add-in to Express would be perfect. Great job by the way!

  • Zate says:
    October 1, 2010 at 10:20 am

    I doubt it, Express is purely Rapid7. I am toying with the idea of creating something that ties Nessus xmlrpc and Msf xmlrpc together in a web interface though.

  • bla says:
    October 22, 2010 at 4:17 am

    Is it possible to use OpenVAS instead of Nessus ?

  • cozmic says:
    December 1, 2010 at 6:19 am

    Zate, awesome plugin, thanks! But does the plugin work with Nessus 4.4?

  • Zate says:
    December 2, 2010 at 10:47 am

    Yep works with 4.4

Pingbacks & Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>