of 14
8/8/2019 Nessus Bridge for Metasploit
1/14
8/8/2019 Nessus Bridge for Metasploit
2/14
8/8/2019 Nessus Bridge for Metasploit
3/14
How did the plugin came about?
Past Nessus / MSF Integration.
What does it do?
Do a little Demo
8/8/2019 Nessus Bridge for Metasploit
4/14
What could it do?
What now?
Questions?
8/8/2019 Nessus Bridge for Metasploit
5/14
I was going to integrate Nessusand Drupal
So I got to know the xmlrpcinterface.
Discovered k0st's nessus-xmlrpcruby library.
8/8/2019 Nessus Bridge for Metasploit
6/14
Was going to create a MissingCVE Plugin
Wished for Nexpose/MSF Expressfunctionality with Nessus
Put all that together and out cameNessus Bridge for Metasploit.
8/8/2019 Nessus Bridge for Metasploit
7/14
Does NBE, V1 and V2 imports.
Only from local file.
Scan
from webinterface.
Check
progressfrom webinterface.
Export
from webinterface.
Swap toMSF
Locate
file ondisk.
Import.
8/8/2019 Nessus Bridge for Metasploit
8/14
Scans
Imports
Shows you info about your server
Shows you info about your scans
8/8/2019 Nessus Bridge for Metasploit
9/14
Shows you info about your reports
Lets you manage users.
Shows you info about your policies
Holy Crap!ThatsAwesome!
8/8/2019 Nessus Bridge for Metasploit
10/14
loginstatus
plugins
policies
reportsusers
new scan
view hosts while scan running
import report
exploits
8/8/2019 Nessus Bridge for Metasploit
11/14
Sniper scans - scan for port x orvuln y and pwn
Scan hosts from the db.*done*
Only import things from thereport that are sploitable
What else?
8/8/2019 Nessus Bridge for Metasploit
12/14
Vuln to Exploit connection sucks
Need something like CVE/CWE .. CXE
maybe?
MSF 3.5 - Hot Shit.
8/8/2019 Nessus Bridge for Metasploit
13/14
Nessus added exploit data to reportfindings (love that!)
Plugin is in MSF svn.
Latest Code:
http://github.com/Zate/Nessus-Bridge-for-Metasploit
8/8/2019 Nessus Bridge for Metasploit
14/14
Bugs to MSF Redmine, or zate75[at]gmail.com
Suggestions and Code welcomed
Big thanks to hdm,jduck,egyp7 andDarkoperator for much patience in #metasploit
Thanks to the guys at Tenable for info on xmlrpcinterface
Thanks to K0st for his Ruby lib which I destroyed