How to do it...

  1. First, we will launch msfconsole and load the nessus plugin:
msf > load nessus 
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
msf >
  1. By running the nessus_help command, we can display all the available commands:
msf > nessus_help 

Command                     Help Text
-------                     ---------
Generic                     Commands 
-----------------           -----------------
nessus_connect              Connect to a Nessus server
nessus_logout               Logout from the Nessus server
nessus_login                Login into the connected Nesssus server with a different username and password
nessus_save                 Save credentials of the logged in user ...

Scan                        Commands 
-----------------           -----------------
nessus_scan_list            List of all current Nessus scans
nessus_scan_new             Create a new Nessus Scan
nessus_scan_launch          Launch a newly created scan. New scans need to be manually launched through this command
nessus_scan_pause           Pause a running Nessus scan
nessus_scan_pause_all       Pause all running Nessus scans

...
                        
Policy                      Commands 
-----------------           -----------------
nessus_policy_list          List all polciies
nessus_policy_del           Delete a policy

msf >
  1. To connect to Nessus, use the nessus_connect command with the Nessus credentials, hostname, port (if not using the default port 8834), and verify the SSL certificate:
msf > nessus_connect NessusUser:NessusP4ssw0rd@127.0.0.1 ok
[*] Connecting to https://127.0.0.1:8834/ as NessusUser
[*] User NessusUser authenticated successfully.
msf >
  1. Using the nessus_policy_list command, we can list all policies on the server; before using Nessus via msfconsole, you need to connect to the Nessus GUI and create a policy before being able to use it:
msf > nessus_policy_list 
Policy ID  Name               Policy UUID
---------  ----               -----------
4          Basic Network Scan 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65

msf >
  1. To create a new Nessus scan, we use the nessus_scan_new command followed by the UUID of the policy we want to use, the name for the scan, description, and the target:
msf > nessus_scan_new 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 Metasploitable3 "Windows Machine" 192.168.216.10
[*] Creating scan from policy number 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65, called Metasploitable3 - Windows Machine and scanning 192.168.216.10
[*] New scan added
[*] Use nessus_scan_launch 6 to launch the scan
Scan ID  Scanner ID  Policy ID  Targets         Owner
-------  ----------  ---------  -------         -----
9        1           8          192.168.216.10  NessusUser

msf >
  1. The nessus_scan_list command returns a list of information about current scans:
msf > nessus_scan_list 
Scan ID  Name             Owner       Started  Status  Folder
-------  ----             -----       -------  ------  ------
9        Metasploitable3  NessusUser           empty   3

msf >
  1. From the output, we can see that the scan was created, but not started. To start the scan, we use the nessus_scan_launch followed by the scan ID:
msf > nessus_scan_launch 9
[+] Scan ID 9 successfully launched. The Scan UUID is f6309e8e-8ff4-2744-a9f3-40fa6b0d737793e6668aadb812c9

msf >
  1. By running the nessus_scan_list command, again we can see that the scan is running:
msf > nessus_scan_list 
Scan ID  Name             Owner       Started  Status   Folder
-------  ----             -----       -------  ------   ------
9        Metasploitable3  NessusUser           running  3

msf >
  1. The nessus_scan_details allows us to get information about the scan, such as information, hosts, vulnerabilities, and history, as shown in the following screenshot:
  1. To check if the scan has completed, use the nessus_scan_details command:
  1. When the scan is complete, we can import scan results into Metasploit using the nessus_db_import command:
  1. Now that we have imported all the data into Metasploit, we can use the msfconsole database commands to find services and vulnerabilities and try to exploit them:
msf > hosts 

Hosts
=====

address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.216.10 08:00:27:2f:fe:84 192.168.216.10 Windows 2008 SP1 server 

msf > services 

Services
========

host            port   proto  name        state  info
----            ----   -----  ----        -----  ----
192.168.216.10  22     tcp    ssh         open 
192.168.216.10  135    tcp    epmap       open 
192.168.216.10  137    udp    netbios-ns  open 
192.168.216.10  139    tcp    smb         open 
...

[*] Time: 2017-10-23 09:12:50 UTC Vuln: host=192.168.216.10 name=Service Detection refs=NSS-22964 
[*] Time: 2017-10-23 09:12:50 UTC Vuln: host=192.168.216.10 name=Nessus SYN scanner refs=NSS-11219
上一章目录下一章