Metasploit Nessus bridge plugin unleashed – Part 1

The Metasploit Team has release a new plugin, a bridge between Metasploit and Nessus. This new plugin is a collaboration between HD Moore, James Lee, Zate Berg, darkoperator and the Nessus Team. If you follow the PaulDotCom podcast, you know that Paul is a employe of the Nessus team and that darkoperator (aka Carlos Perez) is an official developer of the Metasploit project. A good collaboration between the 2 teams how has uncorked on this new important step in Metasploit.

To activate the Nessus bridge plugin, just update you Metasploit installation to the latest revision and log in the Metasploit console. The pre-requirements are that you need to have a running Nessus 4.2.x installation with a valid user account.

  • Loading the nessus plugin
Loading the Nessus plugin
Loading the Nessus plugin

Generic commands

  • Getting help – nessus_help :

To have an overview of all the Metasploit Nessus bridge plugin commands, just type :

msf auxiliary(ssh_version) > nessus_help

Or to have a specific command help, just type :

nessus_help <command>

  • Connecting to Nessus – nessus_connect :

To connect to Nessus, just type :

nessus_connect login:password@nessusd_ip:port <ssl ok>

login” and “password” variables are you’re Nessus user login and password. “nessusd_ip” variable is the IP address or the hostname of Nessusd. “port” variable is the port where Nessusd is listening, by default 8834/tcp. “ok” variable is for letting you know that nessus use a self signed certificate and that risks are present.

Connecting to Nessus
Connecting to Nessus
  • Saving your connexion configuration – nessus_save :

To save your connexion configuration just run the nessus_save command, a nessus.yaml file will be created into you $HOME/.msf3 directory. You don’t need anymore to provide the nessus_connect variables.

  • Logout from nessus – nessus_logout :

To disconnect from Nessus, just run the following command :

Nessus logout
Nessus logout
  • Checking Nessus status – nessus_server_status :

To check the Nessus version, the feed version, the Nessus Web version, the total number of users, policies, running scans, reports and plugging, run the following command :

Nessus status check
Nessus status check
  • Checking the current Nessus user privileges – nessus_admin :

If the Nessus user used is an admin, the following result is displayed

Nessus admin user check
Nessus admin user check

If the Nessus user used is not an admin, the following result is displayed

Nessus normal user check
Nessus normal user check
  • Checking the Nessusd Feed type – nessus_server_feed :

To check the Nessus version, the feed version and the Nessus Web version, run the following command :

Nessus Feed check
Nessus Feed check

User Commands

  • List of all Nessus users – nessus_user_list :

If you are an admin, you will be able to list all the Nessus users, they’re login, user rights (admin or not), and they’re last login dates.

Nessus users list
Nessus users list
  • Adding a Nessus user – nessus_user_add :

If you are an admin, you will be able to add a normal Nessus user by typing the following command :

nessus_user_add <username> <password>

Adding a Nessus user
Adding a Nessus user
  • Deleting a Nessus user – nessus_user_del :

If you are an admin, you will be able to delete a normal, or an admin, Nessus user.

Deleting a Nessus user
Deleting a Nessus user
  • Changing a Nessus user password – nessus_user_passwd :

If you are an admin, you will be able to change the password of admin, and non admin, Nessus users.

Nessus user password change
Nessus user password change

Policy commands

You still need to first create your policy in Nessus between the Nessus Client or Web Interface.

  • Listing of all Nessus policies – nessus_policy_list :

If you are a normal Nessus user, you will only be able to see the “Shared” Nessus policies.

Shared policies for normal Nessus user
Shared policies for normal Nessus user

But if you are an admin user, you will be able to see the “Shared” and “Private” Nessus policies.

Nessus shared and private policies for Nessus admin user
Nessus shared and private policies for Nessus admin user
  • Deleting a policy – nessus_policy_del :

If you are an admin, you will be able to delete a policy.

Nessus policy deletion
Nessus policy deletion

In the following post we will describe the plugin, scan, report and the “nessus_find_targets” generic command.