diff --git a/plugins/nessus.rb b/plugins/nessus.rb index 99195b7cf0..93490df90e 100644 --- a/plugins/nessus.rb +++ b/plugins/nessus.rb @@ -36,10 +36,6 @@ module Msf "#{Msf::Config.local_directory}" end - def cmd_nessus_index - nessus_index - end - def commands { "nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port ", @@ -84,75 +80,6 @@ module Msf } end - def cmd_nessus_help(*args) - tbl = Rex::Ui::Text::Table.new( - 'Columns' => [ - "Command", - "Help Text" - ], - 'SortIndex' => -1 - ) - tbl << [ "Generic Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_connect", "Connect to a Nessus server" ] - tbl << [ "nessus_logout", "Logout from the Nessus server" ] - tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"] - tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"] - tbl << [ "nessus_help", "Listing of available nessus commands" ] - tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ] - tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ] - tbl << [ "nessus_admin", "Checks if user is an admin" ] - tbl << [ "nessus_template_list", "List scan or policy templates" ] - tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ] - tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ] - tbl << [ "Nessus Database Commands", "" ] - tbl << [ "-----------------", "-----------------" ] - tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ] - tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ] - tbl << [ "", ""] - tbl << [ "Reports Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ] - tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ] - tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ] - tbl << [ "", ""] - tbl << [ "Scan Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_scan_list", "List of all current Nessus scans" ] - tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ] - tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ] - tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ] - tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ] - tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ] - tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ] - tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ] - tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ] - tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ] - tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ] - tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ] - tbl << [ "", ""] - tbl << [ "Plugin Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ] - tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ] - tbl << [ "nessus_plugin_details", "List details of a particular plugin" ] - tbl << [ "", ""] - tbl << [ "User Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_user_list", "Show Nessus Users" ] - tbl << [ "nessus_user_add", "Add a new Nessus User" ] - tbl << [ "nessus_user_del", "Delete a Nessus User" ] - tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ] - tbl << [ "", ""] - tbl << [ "Policy Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_policy_list", "List all polciies" ] - tbl << [ "nessus_policy_del", "Delete a policy" ] - print_line "" - print_line tbl.to_s - print_line "" - end - def ncusage print_status("%redYou must do this before any other commands.%clr") print_status("Usage: ") @@ -223,6 +150,24 @@ module Msf end end + def nessus_login + if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) + print_status("You need to connect to a server first.") + ncusage + return + end + @url = "https://#{@host}:#{@port}/" + print_status("Connecting to #{@url} as #{@user}") + @n = Nessus::Client.new(@url, @user, @pass,@sslv) + if @n.authenticated + print_status("User #{@user} authenticated successfully.") + @token = 1 + else + print_error("Error connecting/logging to the server!") + return + end + end + def nessus_verify_token if @token.nil? or @token == '' ncusage @@ -231,6 +176,132 @@ module Msf true end + def valid_policy(*args) + case args.length + when 1 + pid = args[0] + else + print_error("No Policy ID supplied.") + return + end + pol = @n.list_policies + pol["policies"].each { |p| + if p["template_uuid"] == pid + return true + end + } + return false + end + + def nessus_verify_db + if !(framework.db and framework.db.active) + print_error("No database has been configured, please use db_create/db_connect first") + return false + end + true + end + + def check_scan(*args) + case args.length + when 1 + scan_id = args[0] + else + print_error("No scan ID supplied") + return + end + scans = @n.scan_list + scans.each { |scan| + if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" + return true + end + } + return false + end + + def is_scan_complete(scan_id) + complete = false + status = @n.scan_list + status["scans"].each { |scan| + if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") + complete = true + end + } + complete + end + + def cmd_nessus_help(*args) + tbl = Rex::Ui::Text::Table.new( + 'Columns' => [ + "Command", + "Help Text" + ], + 'SortIndex' => -1 + ) + tbl << [ "Generic Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_connect", "Connect to a Nessus server" ] + tbl << [ "nessus_logout", "Logout from the Nessus server" ] + tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"] + tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"] + tbl << [ "nessus_help", "Listing of available nessus commands" ] + tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ] + tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ] + tbl << [ "nessus_admin", "Checks if user is an admin" ] + tbl << [ "nessus_template_list", "List scan or policy templates" ] + tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ] + tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ] + tbl << [ "Nessus Database Commands", "" ] + tbl << [ "-----------------", "-----------------" ] + tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ] + tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ] + tbl << [ "", ""] + tbl << [ "Reports Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ] + tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ] + tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ] + tbl << [ "", ""] + tbl << [ "Scan Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_scan_list", "List of all current Nessus scans" ] + tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ] + tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ] + tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ] + tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ] + tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ] + tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ] + tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ] + tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ] + tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ] + tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ] + tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ] + tbl << [ "", ""] + tbl << [ "Plugin Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ] + tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ] + tbl << [ "nessus_plugin_details", "List details of a particular plugin" ] + tbl << [ "", ""] + tbl << [ "User Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_user_list", "Show Nessus Users" ] + tbl << [ "nessus_user_add", "Add a new Nessus User" ] + tbl << [ "nessus_user_del", "Delete a Nessus User" ] + tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ] + tbl << [ "", ""] + tbl << [ "Policy Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_policy_list", "List all polciies" ] + tbl << [ "nessus_policy_del", "Delete a policy" ] + print_line "" + print_line tbl.to_s + print_line "" + end + + def cmd_nessus_index + nessus_index + end + def cmd_nessus_connect(*args) # Check if config file exists and load it if !args[0] @@ -326,24 +397,6 @@ module Msf return end - def nessus_login - if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) - print_status("You need to connect to a server first.") - ncusage - return - end - @url = "https://#{@host}:#{@port}/" - print_status("Connecting to #{@url} as #{@user}") - @n = Nessus::Client.new(@url, @user, @pass,@sslv) - if @n.authenticated - print_status("User #{@user} authenticated successfully.") - @token = 1 - else - print_error("Error connecting/logging to the server!") - return - end - end - def cmd_nessus_save(*args) #if we are logged in, save session details to nessus.yaml if args[0] == "-h" @@ -370,15 +423,23 @@ module Msf end def cmd_nessus_server_properties(*args) - if args[0] == "-h" - print_status("nessus_server_feed") - print_status("Example:> nessus_server_feed") - print_status() - print_status("Returns information about the feed type and server version.") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_feed") + print_status("Example:> nessus_server_feed -S searchterm") + print_status() + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + resp = @n.server_properties tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Feed', 'Type', @@ -392,14 +453,22 @@ module Msf end def cmd_nessus_server_status(*args) - if args[0] == "-h" - print_status("nessus_server_status") - print_status("Example:> nessus_server_status") - print_status() - print_status("Returns some status items for the server..") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_status") + print_status("Example:> nessus_server_status -S searchterm") + print_status() + print_status("Returns some status items for the server..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Status', 'Progress' @@ -410,13 +479,19 @@ module Msf end def cmd_nessus_admin(*args) + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_admin") + print_status("Example:> nessus_admin") + print_status() + print_status("Checks to see if the current user is an admin") + print_status("Use nessus_user_list to list all users") + return + end + end if args[0] == "-h" - print_status("nessus_admin") - print_status("Example:> nessus_admin") - print_status() - print_status("Checks to see if the current user is an admin") - print_status("Use nessus_user_list to list all users") - return + end if !nessus_verify_token return @@ -429,15 +504,22 @@ module Msf end def cmd_nessus_template_list(*args) - if args[0] == "-h" - print_status("nessus_template_list | ") - print_status("Example:> nessus_template_list scan") - print_status("OR") - print_status("nessus_template_list policy") - print_status() - print_status("Returns a list of information about the scan or policy templates..") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_template_list | ") + print_status("Example:> nessus_template_list scan -S searchterm") + print_status("OR") + print_status("nessus_template_list policy") + print_status() + print_status("Returns a list of information about the scan or policy templates..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -465,11 +547,12 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Name', 'Title', 'Description', - 'Subscription Only', + 'Subscription Only', 'Cloud Only' ]) list["templates"].each { |template| @@ -479,12 +562,20 @@ module Msf print_line tbl.to_s end - def cmd_nessus_folder_list + def cmd_nessus_folder_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end list = @n.list_folders tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -497,7 +588,20 @@ module Msf print_line tbl.to_s end - def cmd_nessus_scanner_list + def cmd_nessus_scanner_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scanner_list") + print_status("Example:> nessus_scanner_list -S searchterm") + print_status() + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end @@ -506,6 +610,7 @@ module Msf end list = @n.list_scanners tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -520,40 +625,31 @@ module Msf print_line tbl.to_s end - def check_scan(*args) - case args.length - when 1 - scan_id = args[0] - else - print_error("No scan ID supplied") - return - end - scans = @n.scan_list - scans.each { |scan| - if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" - return true - end - } - return false - end - def cmd_nessus_report_hosts(*args) - if args[0] == "-h" - print_status("nessus_report_hosts ") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_hosts -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id - else + + if scan_id.nil? print_status("Usage: ") - print_status("nessus_report_hosts ") + print_status("nessus_report_hosts -S searchterm") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -576,22 +672,28 @@ module Msf end def cmd_nessus_report_vulns(*args) - if args[0] == "-h" - print_status("nessus_report_vulns ") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_vulns -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id.to_i - else + if scan_id.nil? print_status("Usage: ") print_status("nessus_report_vulns ") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -613,21 +715,29 @@ module Msf end def cmd_nessus_report_host_details(*args) - if args[0] == "-h" - print_status("nessus_report_host_details ") - print_status("Example:> nessus_report_host_details 10 5") - print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") - print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") - return - end - if !nessus_verify_token - return - end - case args.length - when 2 - scan_id = args[0] - host_id = args[1] - else + search_term = nil + search_vuln = nil + scan_id = nil + host_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_details ") + print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo") + print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") + print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + when '-SV', '--search-vuln' + search_vuln = /#{args.shift}/nmi + else + scan_id = arg, + host_id = args.shift + end + end + + if [scan_id, host_id].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_detail ") print_status("Example:> nessus_report_host_detail 10 5") @@ -636,6 +746,7 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -654,6 +765,7 @@ module Msf } print_line tbl.to_s tbl2 = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_vuln, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -698,27 +810,33 @@ module Msf end def cmd_nessus_report_host_ports(*args) - if args[0] == "-h" - print_status("nessus_report_host_ports ") - print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() - print_status("Returns all the ports associated with a host and details about their vulnerabilities") - print_status("Use nessus_report_hosts to list all available hosts for a report") - end - if !nessus_verify_token - return - end - case args.length - when 2 - host = args[0] - rid = args[1] - else + search_term = nil + rid = nil + host = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_ports ") + print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm") + print_status() + print_status("Returns all the ports associated with a host and details about their vulnerabilities") + print_status("Use nessus_report_hosts to list all available hosts for a report") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end + end + + if [host,rid].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_ports ") print_status("Use nessus_report_list to list all available reports") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Port', 'Protocol', @@ -775,13 +893,20 @@ module Msf end def cmd_nessus_scan_list(*args) - if args[0] == "-h" - print_status("nessus_scan_list") - print_status("Example:> nessus_scan_list") - print_status() - print_status("Returns a list of information about currently running scans.") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scan_list") + print_status("Example:> nessus_scan_list -S searchterm") + print_status() + print_status("Returns a list of information about currently running scans.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -791,6 +916,7 @@ module Msf return else tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Scan ID', 'Name', @@ -1014,18 +1140,6 @@ module Msf else print_error("Only completed scans could be used for import") end - - end - - def is_scan_complete(scan_id) - complete = false - status = @n.scan_list - status["scans"].each { |scan| - if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") - complete = true - end - } - complete end def cmd_nessus_scan_pause_all(*args) @@ -1174,35 +1288,39 @@ module Msf end def cmd_nessus_scan_details(*args) - if args[0] == "-h" - print_status("nessus_scan_details ") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return - end + valid_categories = ['info', 'hosts', 'vulnerabilities', 'history'] + search_term = nil + scan_id = nil + category = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("Usage: ") + print_status("nessus_scan_details -S searchterm") + print_status("Availble categories are info, hosts, vulnerabilities, and history") + print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + if args[0].in?(valid_categories) + category = args.shift + else + print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") + return + end + end + end + if !nessus_verify_token return end - case args.length - when 2 - scan_id = args[0] - category = args[1] - if category.in?(['info', 'hosts', 'vulnerabilities', 'history']) - category = args[1] - else - print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") - return - end - else - print_status("Usage: ") - print_status("nessus_scan_details ") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return - end + details = @n.scan_details(scan_id) if category == "info" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Status", "Policy", @@ -1214,6 +1332,7 @@ module Msf tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ] elsif category == "hosts" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -1227,6 +1346,7 @@ module Msf } elsif category == "vulnerabilities" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -1238,6 +1358,7 @@ module Msf } elsif category == "history" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "History ID", "Status", @@ -1319,27 +1440,32 @@ module Msf end def cmd_nessus_plugin_list(*args) - if args[0] == "-h" - print_status("nessus_plugin_list ") - print_status("Example:> nessus_plugin_list 10") - print_status() - print_status("Returns a list of all plugins in that family.") - print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") - return - end - if !nessus_verify_token - return - end - case args.length - when 1 - family_id = args[0] - else + search_term = nil + family_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_list -S searchterm") + print_status("Example:> nessus_plugin_list 10") + print_status() + print_status("Returns a list of all plugins in that family.") + print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + family_id = arg + end + end + + if family_id.nil? print_status("Usage: ") print_status("nessus_plugin_list ") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin ID', 'Plugin Name' @@ -1355,15 +1481,23 @@ module Msf end def cmd_nessus_family_list(*args) - if args[0] == "-h" - print_status("nessus_family_list") - print_status("Example:> nessus_family_list") - print_status() - print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_family_list") + print_status("Example:> nessus_family_list -S searchterm") + print_status() + print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + list = @n.list_families tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Family ID', 'Family Name', @@ -1377,27 +1511,36 @@ module Msf end def cmd_nessus_plugin_details(*args) - if args[0] == "-h" - print_status("nessus_plugin_details ") - print_status("Example:> nessus_plugin_details 10264") - print_status() - print_status("Returns details on a particular plugin.") - print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") - return - end + search_term = nil + plugin_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_details ") + print_status("Example:> nessus_plugin_details 10264 -S searchterm") + print_status() + print_status("Returns details on a particular plugin.") + print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + plugin_id = arg + end + end + if !nessus_verify_token return end - case args.length - when 1 - plugin_id = args[0] - else + + if plugin_id.nil? print_status("Usage: ") print_status("nessus_plugin_details ") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Reference', 'Value' @@ -1423,13 +1566,20 @@ module Msf end def cmd_nessus_user_list(*args) - if args[0] == "-h" - print_status("nessus_user_list") - print_status("Example:> nessus_user_list") - print_status() - print_status("Returns a list of the users on the Nessus server and their access level.") - return - end + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_user_list") + print_status("Example:> nessus_user_list -S searchterm") + print_status() + print_status("Returns a list of the users on the Nessus server and their access level.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -1438,6 +1588,7 @@ module Msf end list=@n.list_users tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'ID', 'Name', @@ -1574,13 +1725,20 @@ module Msf end def cmd_nessus_policy_list(*args) - if args[0] == "-h" - print_status("nessus_policy_list") - print_status("Example:> nessus_policy_list") - print_status() - print_status("Lists all policies on the server") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_policy_list") + print_status("Example:> nessus_policy_list -S searchterm") + print_status() + print_status("Lists all policies on the server") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -1642,31 +1800,6 @@ module Msf print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.") end end - - def valid_policy(*args) - case args.length - when 1 - pid = args[0] - else - print_error("No Policy ID supplied.") - return - end - pol = @n.list_policies - pol["policies"].each { |p| - if p["template_uuid"] == pid - return true - end - } - return false - end - - def nessus_verify_db - if !(framework.db and framework.db.active) - print_error("No database has been configured, please use db_create/db_connect first") - return false - end - true - end end def initialize(framework, opts)