The Metasploit Team has release a new plugin, a bridge between Metasploit and Nessus. This new plugin is a collaboration between HD Moore, James Lee, Zate Berg, darkoperator and the Nessus Team. If you follow the PaulDotCom podcast, you know that Paul is a employe of the Nessus team and that darkoperator (aka Carlos Perez) is an official developer of the Metasploit project. A good collaboration between the 2 teams how has uncorked on this new important step in Metasploit.
To activate the Nessus bridge plugin, just update you Metasploit installation to the latest revision and log in the Metasploit console. The pre-requirements are that you need to have a running Nessus 4.2.x installation with a valid user account.
- Loading the nessus plugin
- Getting help – nessus_help :
To have an overview of all the Metasploit Nessus bridge plugin commands, just type :
msf auxiliary(ssh_version) > nessus_help
Or to have a specific command help, just type :
- Connecting to Nessus – nessus_connect :
To connect to Nessus, just type :
nessus_connect login:[email protected]_ip:port
“login” and “password” variables are you’re Nessus user login and password. “nessusd_ip” variable is the IP address or the hostname of Nessusd. “port” variable is the port where Nessusd is listening, by default 8834/tcp. “ok” variable is for letting you know that nessus use a self signed certificate and that risks are present.
- Saving your connexion configuration – nessus_save :
To save your connexion configuration just run the nessus_save command, a nessus.yaml file will be created into you $HOME/.msf3 directory. You don’t need anymore to provide the nessus_connect variables.
- Logout from nessus – nessus_logout :
To disconnect from Nessus, just run the following command :
- Checking Nessus status – nessus_server_status :
To check the Nessus version, the feed version, the Nessus Web version, the total number of users, policies, running scans, reports and plugging, run the following command :
- Checking the current Nessus user privileges – nessus_admin :
If the Nessus user used is an admin, the following result is displayed
If the Nessus user used is not an admin, the following result is displayed
- Checking the Nessusd Feed type – nessus_server_feed :
To check the Nessus version, the feed version and the Nessus Web version, run the following command :
- List of all Nessus users – nessus_user_list :
If you are an admin, you will be able to list all the Nessus users, they’re login, user rights (admin or not), and they’re last login dates.
- Adding a Nessus user – nessus_user_add :
If you are an admin, you will be able to add a normal Nessus user by typing the following command :
- Deleting a Nessus user – nessus_user_del :
If you are an admin, you will be able to delete a normal, or an admin, Nessus user.
- Changing a Nessus user password – nessus_user_passwd :
If you are an admin, you will be able to change the password of admin, and non admin, Nessus users.
You still need to first create your policy in Nessus between the Nessus Client or Web Interface.
- Listing of all Nessus policies – nessus_policy_list :
If you are a normal Nessus user, you will only be able to see the “Shared” Nessus policies.
But if you are an admin user, you will be able to see the “Shared” and “Private” Nessus policies.
- Deleting a policy – nessus_policy_del :
If you are an admin, you will be able to delete a policy.