infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nessus plugin - add search to relevant commands 

Utilize the SearchTerm param in Rex' Tables to filter scrolling
outputs.
Clean up argument parsing (implement one of the MSF standards).
Update help commands to reflect changes

Testing: basic functional tests only so far
bug/bundler_fix
RageLtMan 2016-01-31 22:11:20 -05:00
parent 1828b7fda6
commit 4992c5c3c5
1 changed files with 435 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

589
plugins/nessus.rb
View File

@ -36,10 +36,6 @@ module Msf
"#{Msf::Config.local_directory}" "#{Msf::Config.local_directory}"
end end
def cmd_nessus_index
nessus_index
end
def commands def commands
{ {
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>", "nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>",
@ -84,75 +80,6 @@ module Msf
} }
end end
def cmd_nessus_help(*args)
tbl = Rex::Ui::Text::Table.new(
'Columns' => [
"Command",
"Help Text"
],
'SortIndex' => -1
)
tbl << [ "Generic Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
tbl << [ "nessus_help", "Listing of available nessus commands" ]
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
tbl << [ "nessus_admin", "Checks if user is an admin" ]
tbl << [ "nessus_template_list", "List scan or policy templates" ]
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
tbl << [ "Nessus Database Commands", "" ]
tbl << [ "-----------------", "-----------------" ]
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
tbl << [ "", ""]
tbl << [ "Reports Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
tbl << [ "", ""]
tbl << [ "Scan Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
tbl << [ "", ""]
tbl << [ "Plugin Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
tbl << [ "", ""]
tbl << [ "User Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_user_list", "Show Nessus Users" ]
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
tbl << [ "", ""]
tbl << [ "Policy Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_policy_list", "List all polciies" ]
tbl << [ "nessus_policy_del", "Delete a policy" ]
print_line ""
print_line tbl.to_s
print_line ""
end
def ncusage def ncusage
print_status("%redYou must do this before any other commands.%clr") print_status("%redYou must do this before any other commands.%clr")
print_status("Usage: ") print_status("Usage: ")
@ -223,6 +150,24 @@ module Msf
end end
end end
def nessus_login
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
print_status("You need to connect to a server first.")
ncusage
return
end
@url = "https://#{@host}:#{@port}/"
print_status("Connecting to #{@url} as #{@user}")
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
if @n.authenticated
print_status("User #{@user} authenticated successfully.")
@token = 1
else
print_error("Error connecting/logging to the server!")
return
end
end
def nessus_verify_token def nessus_verify_token
if @token.nil? or @token == '' if @token.nil? or @token == ''
ncusage ncusage
@ -231,6 +176,132 @@ module Msf
true true
end end
def valid_policy(*args)
case args.length
when 1
pid = args[0]
else
print_error("No Policy ID supplied.")
return
end
pol = @n.list_policies
pol["policies"].each { |p|
if p["template_uuid"] == pid
return true
end
}
return false
end
def nessus_verify_db
if !(framework.db and framework.db.active)
print_error("No database has been configured, please use db_create/db_connect first")
return false
end
true
end
def check_scan(*args)
case args.length
when 1
scan_id = args[0]
else
print_error("No scan ID supplied")
return
end
scans = @n.scan_list
scans.each { |scan|
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
return true
end
}
return false
end
def is_scan_complete(scan_id)
complete = false
status = @n.scan_list
status["scans"].each { |scan|
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
complete = true
end
}
complete
end
def cmd_nessus_help(*args)
tbl = Rex::Ui::Text::Table.new(
'Columns' => [
"Command",
"Help Text"
],
'SortIndex' => -1
)
tbl << [ "Generic Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
tbl << [ "nessus_help", "Listing of available nessus commands" ]
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
tbl << [ "nessus_admin", "Checks if user is an admin" ]
tbl << [ "nessus_template_list", "List scan or policy templates" ]
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
tbl << [ "Nessus Database Commands", "" ]
tbl << [ "-----------------", "-----------------" ]
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
tbl << [ "", ""]
tbl << [ "Reports Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
tbl << [ "", ""]
tbl << [ "Scan Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
tbl << [ "", ""]
tbl << [ "Plugin Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
tbl << [ "", ""]
tbl << [ "User Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_user_list", "Show Nessus Users" ]
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
tbl << [ "", ""]
tbl << [ "Policy Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_policy_list", "List all polciies" ]
tbl << [ "nessus_policy_del", "Delete a policy" ]
print_line ""
print_line tbl.to_s
print_line ""
end
def cmd_nessus_index
nessus_index
end
def cmd_nessus_connect(*args) def cmd_nessus_connect(*args)
# Check if config file exists and load it # Check if config file exists and load it
if !args[0] if !args[0]
@ -326,24 +397,6 @@ module Msf
return return
end end
def nessus_login
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
print_status("You need to connect to a server first.")
ncusage
return
end
@url = "https://#{@host}:#{@port}/"
print_status("Connecting to #{@url} as #{@user}")
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
if @n.authenticated
print_status("User #{@user} authenticated successfully.")
@token = 1
else
print_error("Error connecting/logging to the server!")
return
end
end
def cmd_nessus_save(*args) def cmd_nessus_save(*args)
#if we are logged in, save session details to nessus.yaml #if we are logged in, save session details to nessus.yaml
if args[0] == "-h" if args[0] == "-h"
@ -370,15 +423,23 @@ module Msf
end end
def cmd_nessus_server_properties(*args) def cmd_nessus_server_properties(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_server_feed") print_status("nessus_server_feed")
print_status("Example:> nessus_server_feed") print_status("Example:> nessus_server_feed -S searchterm")
print_status() print_status()
print_status("Returns information about the feed type and server version.") print_status("Returns information about the feed type and server version.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
resp = @n.server_properties resp = @n.server_properties
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Feed', 'Feed',
'Type', 'Type',
@ -392,14 +453,22 @@ module Msf
end end
def cmd_nessus_server_status(*args) def cmd_nessus_server_status(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_server_status") print_status("nessus_server_status")
print_status("Example:> nessus_server_status") print_status("Example:> nessus_server_status -S searchterm")
print_status() print_status()
print_status("Returns some status items for the server..") print_status("Returns some status items for the server..")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Status', 'Status',
'Progress' 'Progress'
@ -410,7 +479,9 @@ module Msf
end end
def cmd_nessus_admin(*args) def cmd_nessus_admin(*args)
if args[0] == "-h" while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_admin") print_status("nessus_admin")
print_status("Example:> nessus_admin") print_status("Example:> nessus_admin")
print_status() print_status()
@ -418,6 +489,10 @@ module Msf
print_status("Use nessus_user_list to list all users") print_status("Use nessus_user_list to list all users")
return return
end end
end
if args[0] == "-h"
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -429,15 +504,22 @@ module Msf
end end
def cmd_nessus_template_list(*args) def cmd_nessus_template_list(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_template_list <scan> | <policy>") print_status("nessus_template_list <scan> | <policy>")
print_status("Example:> nessus_template_list scan") print_status("Example:> nessus_template_list scan -S searchterm")
print_status("OR") print_status("OR")
print_status("nessus_template_list policy") print_status("nessus_template_list policy")
print_status() print_status()
print_status("Returns a list of information about the scan or policy templates..") print_status("Returns a list of information about the scan or policy templates..")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -465,6 +547,7 @@ module Msf
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Name', 'Name',
'Title', 'Title',
@ -479,12 +562,20 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def cmd_nessus_folder_list def cmd_nessus_folder_list(*args)
search_term = nil
while (arg = args.shift)
case arg
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
list = @n.list_folders list = @n.list_folders
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"ID", "ID",
"Name", "Name",
@ -497,7 +588,20 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def cmd_nessus_scanner_list def cmd_nessus_scanner_list(*args)
search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_scanner_list")
print_status("Example:> nessus_scanner_list -S searchterm")
print_status()
print_status("Returns information about the feed type and server version.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -506,6 +610,7 @@ module Msf
end end
list = @n.list_scanners list = @n.list_scanners
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"ID", "ID",
"Name", "Name",
@ -520,40 +625,31 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def check_scan(*args) def cmd_nessus_report_hosts(*args)
case args.length search_term = nil
when 1 scan_id = nil
scan_id = args[0] while (arg = args.shift)
else case arg
print_error("No scan ID supplied") when '-h', '--help'
print_status("nessus_report_hosts <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
scan_id = arg
end end
scans = @n.scan_list
scans.each { |scan|
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
return true
end
}
return false
end end
def cmd_nessus_report_hosts(*args) if scan_id.nil?
if args[0] == "-h"
print_status("nessus_report_hosts <scan ID>")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return
end
case args.length
when 1
scan_id = args[0]
scan_id = scan_id
else
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_hosts <scan ID>") print_status("nessus_report_hosts <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Host ID", "Host ID",
"Hostname", "Hostname",
@ -576,22 +672,28 @@ module Msf
end end
def cmd_nessus_report_vulns(*args) def cmd_nessus_report_vulns(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_report_vulns <scan ID>") scan_id = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_report_vulns <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
end when '-S', '--search'
case args.length search_term = /#{args.shift}/nmi
when 1
scan_id = args[0]
scan_id = scan_id.to_i
else else
scan_id = arg
end
end
if scan_id.nil?
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_vulns <scan ID>") print_status("nessus_report_vulns <scan ID>")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Plugin ID", "Plugin ID",
"Plugin Name", "Plugin Name",
@ -613,21 +715,29 @@ module Msf
end end
def cmd_nessus_report_host_details(*args) def cmd_nessus_report_host_details(*args)
if args[0] == "-h" search_term = nil
search_vuln = nil
scan_id = nil
host_id = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_report_host_details <scan ID> <host ID>") print_status("nessus_report_host_details <scan ID> <host ID>")
print_status("Example:> nessus_report_host_details 10 5") print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo")
print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.")
print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.")
return return
end when '-S', '--search'
if !nessus_verify_token search_term = /#{args.shift}/nmi
return when '-SV', '--search-vuln'
end search_vuln = /#{args.shift}/nmi
case args.length
when 2
scan_id = args[0]
host_id = args[1]
else else
scan_id = arg,
host_id = args.shift
end
end
if [scan_id, host_id].any?(&:nil?)
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_host_detail <scan ID> <host ID>") print_status("nessus_report_host_detail <scan ID> <host ID>")
print_status("Example:> nessus_report_host_detail 10 5") print_status("Example:> nessus_report_host_detail 10 5")
@ -636,6 +746,7 @@ module Msf
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Plugin Name', 'Plugin Name',
'Plugin Famil', 'Plugin Famil',
@ -654,6 +765,7 @@ module Msf
} }
print_line tbl.to_s print_line tbl.to_s
tbl2 = Rex::Ui::Text::Table.new( tbl2 = Rex::Ui::Text::Table.new(
'SearchTerm' => search_vuln,
'Columns' => [ 'Columns' => [
'Plugin Name', 'Plugin Name',
'Plugin Famil', 'Plugin Famil',
@ -698,27 +810,33 @@ module Msf
end end
def cmd_nessus_report_host_ports(*args) def cmd_nessus_report_host_ports(*args)
if args[0] == "-h" search_term = nil
rid = nil
host = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_report_host_ports <hostname> <report id>") print_status("nessus_report_host_ports <hostname> <report id>")
print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm")
print_status() print_status()
print_status("Returns all the ports associated with a host and details about their vulnerabilities") print_status("Returns all the ports associated with a host and details about their vulnerabilities")
print_status("Use nessus_report_hosts to list all available hosts for a report") print_status("Use nessus_report_hosts to list all available hosts for a report")
end
if !nessus_verify_token
return return
end when '-S', '--search'
case args.length search_term = /#{args.shift}/nmi
when 2
host = args[0]
rid = args[1]
else else
scan_id = arg
end
end
if [host,rid].any?(&:nil?)
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_host_ports <hostname> <report id>") print_status("nessus_report_host_ports <hostname> <report id>")
print_status("Use nessus_report_list to list all available reports") print_status("Use nessus_report_list to list all available reports")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Port', 'Port',
'Protocol', 'Protocol',
@ -775,13 +893,20 @@ module Msf
end end
def cmd_nessus_scan_list(*args) def cmd_nessus_scan_list(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_scan_list") print_status("nessus_scan_list")
print_status("Example:> nessus_scan_list") print_status("Example:> nessus_scan_list -S searchterm")
print_status() print_status()
print_status("Returns a list of information about currently running scans.") print_status("Returns a list of information about currently running scans.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -791,6 +916,7 @@ module Msf
return return
else else
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Scan ID', 'Scan ID',
'Name', 'Name',
@ -1014,18 +1140,6 @@ module Msf
else else
print_error("Only completed scans could be used for import") print_error("Only completed scans could be used for import")
end end
end
def is_scan_complete(scan_id)
complete = false
status = @n.scan_list
status["scans"].each { |scan|
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
complete = true
end
}
complete
end end
def cmd_nessus_scan_pause_all(*args) def cmd_nessus_scan_pause_all(*args)
@ -1174,35 +1288,39 @@ module Msf
end end
def cmd_nessus_scan_details(*args) def cmd_nessus_scan_details(*args)
if args[0] == "-h" valid_categories = ['info', 'hosts', 'vulnerabilities', 'history']
print_status("nessus_scan_details <scan ID> <category>") search_term = nil
scan_id = nil
category = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("Usage: ")
print_status("nessus_scan_details <scan ID> <category> -S searchterm")
print_status("Availble categories are info, hosts, vulnerabilities, and history") print_status("Availble categories are info, hosts, vulnerabilities, and history")
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
return return
end when '-S', '--search'
if !nessus_verify_token search_term = /#{args.shift}/nmi
return else
end scan_id = arg
case args.length if args[0].in?(valid_categories)
when 2 category = args.shift
scan_id = args[0]
category = args[1]
if category.in?(['info', 'hosts', 'vulnerabilities', 'history'])
category = args[1]
else else
print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
return return
end end
else end
print_status("Usage: ") end
print_status("nessus_scan_details <scan ID> <category>")
print_status("Availble categories are info, hosts, vulnerabilities, and history") if !nessus_verify_token
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
return return
end end
details = @n.scan_details(scan_id) details = @n.scan_details(scan_id)
if category == "info" if category == "info"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Status", "Status",
"Policy", "Policy",
@ -1214,6 +1332,7 @@ module Msf
tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ] tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ]
elsif category == "hosts" elsif category == "hosts"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Host ID", "Host ID",
"Hostname", "Hostname",
@ -1227,6 +1346,7 @@ module Msf
} }
elsif category == "vulnerabilities" elsif category == "vulnerabilities"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Plugin ID", "Plugin ID",
"Plugin Name", "Plugin Name",
@ -1238,6 +1358,7 @@ module Msf
} }
elsif category == "history" elsif category == "history"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"History ID", "History ID",
"Status", "Status",
@ -1319,27 +1440,32 @@ module Msf
end end
def cmd_nessus_plugin_list(*args) def cmd_nessus_plugin_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_plugin_list <Family ID>") family_id = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_plugin_list <Family ID> -S searchterm")
print_status("Example:> nessus_plugin_list 10") print_status("Example:> nessus_plugin_list 10")
print_status() print_status()
print_status("Returns a list of all plugins in that family.") print_status("Returns a list of all plugins in that family.")
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
return return
end when '-S', '--search'
if !nessus_verify_token search_term = /#{args.shift}/nmi
return
end
case args.length
when 1
family_id = args[0]
else else
family_id = arg
end
end
if family_id.nil?
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_plugin_list <Family ID>") print_status("nessus_plugin_list <Family ID>")
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Plugin ID', 'Plugin ID',
'Plugin Name' 'Plugin Name'
@ -1355,15 +1481,23 @@ module Msf
end end
def cmd_nessus_family_list(*args) def cmd_nessus_family_list(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_family_list") print_status("nessus_family_list")
print_status("Example:> nessus_family_list") print_status("Example:> nessus_family_list -S searchterm")
print_status() print_status()
print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
list = @n.list_families list = @n.list_families
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Family ID', 'Family ID',
'Family Name', 'Family Name',
@ -1377,27 +1511,36 @@ module Msf
end end
def cmd_nessus_plugin_details(*args) def cmd_nessus_plugin_details(*args)
if args[0] == "-h" search_term = nil
plugin_id = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_plugin_details <Plugin ID>") print_status("nessus_plugin_details <Plugin ID>")
print_status("Example:> nessus_plugin_details 10264") print_status("Example:> nessus_plugin_details 10264 -S searchterm")
print_status() print_status()
print_status("Returns details on a particular plugin.") print_status("Returns details on a particular plugin.")
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
plugin_id = arg
end end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
case args.length
when 1 if plugin_id.nil?
plugin_id = args[0]
else
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_plugin_details <Plugin ID>") print_status("nessus_plugin_details <Plugin ID>")
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Reference', 'Reference',
'Value' 'Value'
@ -1423,13 +1566,20 @@ module Msf
end end
def cmd_nessus_user_list(*args) def cmd_nessus_user_list(*args)
if args[0] == "-h" scan_id = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_user_list") print_status("nessus_user_list")
print_status("Example:> nessus_user_list") print_status("Example:> nessus_user_list -S searchterm")
print_status() print_status()
print_status("Returns a list of the users on the Nessus server and their access level.") print_status("Returns a list of the users on the Nessus server and their access level.")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -1438,6 +1588,7 @@ module Msf
end end
list=@n.list_users list=@n.list_users
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'ID', 'ID',
'Name', 'Name',
@ -1574,13 +1725,20 @@ module Msf
end end
def cmd_nessus_policy_list(*args) def cmd_nessus_policy_list(*args)
if args[0] == "-h" search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_policy_list") print_status("nessus_policy_list")
print_status("Example:> nessus_policy_list") print_status("Example:> nessus_policy_list -S searchterm")
print_status() print_status()
print_status("Lists all policies on the server") print_status("Lists all policies on the server")
return return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -1642,31 +1800,6 @@ module Msf
print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.") print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.")
end end
end end
def valid_policy(*args)
case args.length
when 1
pid = args[0]
else
print_error("No Policy ID supplied.")
return
end
pol = @n.list_policies
pol["policies"].each { |p|
if p["template_uuid"] == pid
return true
end
}
return false
end
def nessus_verify_db
if !(framework.db and framework.db.active)
print_error("No database has been configured, please use db_create/db_connect first")
return false
end
true
end
end end
def initialize(framework, opts) def initialize(framework, opts)