infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Nessus plugin - add search to relevant commands 

Utilize the SearchTerm param in Rex' Tables to filter scrolling
outputs.
Clean up argument parsing (implement one of the MSF standards).
Update help commands to reflect changes

Testing: basic functional tests only so far
bug/bundler_fix
RageLtMan 2016-01-31 22:11:20 -05:00
parent 1828b7fda6
commit 4992c5c3c5
1 changed files with 435 additions and 302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

737
plugins/nessus.rb
View File

@ -36,10 +36,6 @@ module Msf
"#{Msf::Config.local_directory}" "#{Msf::Config.local_directory}"
end end
def cmd_nessus_index
nessus_index
end
def commands def commands
{ {
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>", "nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>",
@ -84,75 +80,6 @@ module Msf
} }
end end
def cmd_nessus_help(*args)
tbl = Rex::Ui::Text::Table.new(
'Columns' => [
"Command",
"Help Text"
],
'SortIndex' => -1
)
tbl << [ "Generic Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
tbl << [ "nessus_help", "Listing of available nessus commands" ]
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
tbl << [ "nessus_admin", "Checks if user is an admin" ]
tbl << [ "nessus_template_list", "List scan or policy templates" ]
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
tbl << [ "Nessus Database Commands", "" ]
tbl << [ "-----------------", "-----------------" ]
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
tbl << [ "", ""]
tbl << [ "Reports Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
tbl << [ "", ""]
tbl << [ "Scan Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
tbl << [ "", ""]
tbl << [ "Plugin Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
tbl << [ "", ""]
tbl << [ "User Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_user_list", "Show Nessus Users" ]
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
tbl << [ "", ""]
tbl << [ "Policy Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_policy_list", "List all polciies" ]
tbl << [ "nessus_policy_del", "Delete a policy" ]
print_line ""
print_line tbl.to_s
print_line ""
end
def ncusage def ncusage
print_status("%redYou must do this before any other commands.%clr") print_status("%redYou must do this before any other commands.%clr")
print_status("Usage: ") print_status("Usage: ")
@ -223,6 +150,24 @@ module Msf
end end
end end
def nessus_login
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
print_status("You need to connect to a server first.")
ncusage
return
end
@url = "https://#{@host}:#{@port}/"
print_status("Connecting to #{@url} as #{@user}")
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
if @n.authenticated
print_status("User #{@user} authenticated successfully.")
@token = 1
else
print_error("Error connecting/logging to the server!")
return
end
end
def nessus_verify_token def nessus_verify_token
if @token.nil? or @token == '' if @token.nil? or @token == ''
ncusage ncusage
@ -231,6 +176,132 @@ module Msf
true true
end end
def valid_policy(*args)
case args.length
when 1
pid = args[0]
else
print_error("No Policy ID supplied.")
return
end
pol = @n.list_policies
pol["policies"].each { |p|
if p["template_uuid"] == pid
return true
end
}
return false
end
def nessus_verify_db
if !(framework.db and framework.db.active)
print_error("No database has been configured, please use db_create/db_connect first")
return false
end
true
end
def check_scan(*args)
case args.length
when 1
scan_id = args[0]
else
print_error("No scan ID supplied")
return
end
scans = @n.scan_list
scans.each { |scan|
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
return true
end
}
return false
end
def is_scan_complete(scan_id)
complete = false
status = @n.scan_list
status["scans"].each { |scan|
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
complete = true
end
}
complete
end
def cmd_nessus_help(*args)
tbl = Rex::Ui::Text::Table.new(
'Columns' => [
"Command",
"Help Text"
],
'SortIndex' => -1
)
tbl << [ "Generic Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
tbl << [ "nessus_help", "Listing of available nessus commands" ]
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
tbl << [ "nessus_admin", "Checks if user is an admin" ]
tbl << [ "nessus_template_list", "List scan or policy templates" ]
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
tbl << [ "Nessus Database Commands", "" ]
tbl << [ "-----------------", "-----------------" ]
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
tbl << [ "", ""]
tbl << [ "Reports Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
tbl << [ "", ""]
tbl << [ "Scan Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
tbl << [ "", ""]
tbl << [ "Plugin Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
tbl << [ "", ""]
tbl << [ "User Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_user_list", "Show Nessus Users" ]
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
tbl << [ "", ""]
tbl << [ "Policy Commands", "" ]
tbl << [ "-----------------", "-----------------"]
tbl << [ "nessus_policy_list", "List all polciies" ]
tbl << [ "nessus_policy_del", "Delete a policy" ]
print_line ""
print_line tbl.to_s
print_line ""
end
def cmd_nessus_index
nessus_index
end
def cmd_nessus_connect(*args) def cmd_nessus_connect(*args)
# Check if config file exists and load it # Check if config file exists and load it
if !args[0] if !args[0]
@ -326,24 +397,6 @@ module Msf
return return
end end
def nessus_login
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
print_status("You need to connect to a server first.")
ncusage
return
end
@url = "https://#{@host}:#{@port}/"
print_status("Connecting to #{@url} as #{@user}")
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
if @n.authenticated
print_status("User #{@user} authenticated successfully.")
@token = 1
else
print_error("Error connecting/logging to the server!")
return
end
end
def cmd_nessus_save(*args) def cmd_nessus_save(*args)
#if we are logged in, save session details to nessus.yaml #if we are logged in, save session details to nessus.yaml
if args[0] == "-h" if args[0] == "-h"
@ -370,15 +423,23 @@ module Msf
end end
def cmd_nessus_server_properties(*args) def cmd_nessus_server_properties(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_server_feed") while (arg = args.shift)
print_status("Example:> nessus_server_feed") case arg
print_status() when '-h', '--help'
print_status("Returns information about the feed type and server version.") print_status("nessus_server_feed")
return print_status("Example:> nessus_server_feed -S searchterm")
print_status()
print_status("Returns information about the feed type and server version.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end end
resp = @n.server_properties resp = @n.server_properties
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Feed', 'Feed',
'Type', 'Type',
@ -392,14 +453,22 @@ module Msf
end end
def cmd_nessus_server_status(*args) def cmd_nessus_server_status(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_server_status") while (arg = args.shift)
print_status("Example:> nessus_server_status") case arg
print_status() when '-h', '--help'
print_status("Returns some status items for the server..") print_status("nessus_server_status")
return print_status("Example:> nessus_server_status -S searchterm")
print_status()
print_status("Returns some status items for the server..")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Status', 'Status',
'Progress' 'Progress'
@ -410,13 +479,19 @@ module Msf
end end
def cmd_nessus_admin(*args) def cmd_nessus_admin(*args)
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_admin")
print_status("Example:> nessus_admin")
print_status()
print_status("Checks to see if the current user is an admin")
print_status("Use nessus_user_list to list all users")
return
end
end
if args[0] == "-h" if args[0] == "-h"
print_status("nessus_admin")
print_status("Example:> nessus_admin")
print_status()
print_status("Checks to see if the current user is an admin")
print_status("Use nessus_user_list to list all users")
return
end end
if !nessus_verify_token if !nessus_verify_token
return return
@ -429,15 +504,22 @@ module Msf
end end
def cmd_nessus_template_list(*args) def cmd_nessus_template_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_template_list <scan> | <policy>") while (arg = args.shift)
print_status("Example:> nessus_template_list scan") case arg
print_status("OR") when '-h', '--help'
print_status("nessus_template_list policy") print_status("nessus_template_list <scan> | <policy>")
print_status() print_status("Example:> nessus_template_list scan -S searchterm")
print_status("Returns a list of information about the scan or policy templates..") print_status("OR")
return print_status("nessus_template_list policy")
end print_status()
print_status("Returns a list of information about the scan or policy templates..")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -465,11 +547,12 @@ module Msf
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Name', 'Name',
'Title', 'Title',
'Description', 'Description',
'Subscription Only', 'Subscription Only',
'Cloud Only' 'Cloud Only'
]) ])
list["templates"].each { |template| list["templates"].each { |template|
@ -479,12 +562,20 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def cmd_nessus_folder_list def cmd_nessus_folder_list(*args)
search_term = nil
while (arg = args.shift)
case arg
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
list = @n.list_folders list = @n.list_folders
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"ID", "ID",
"Name", "Name",
@ -497,7 +588,20 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def cmd_nessus_scanner_list def cmd_nessus_scanner_list(*args)
search_term = nil
while (arg = args.shift)
case arg
when '-h', '--help'
print_status("nessus_scanner_list")
print_status("Example:> nessus_scanner_list -S searchterm")
print_status()
print_status("Returns information about the feed type and server version.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -506,6 +610,7 @@ module Msf
end end
list = @n.list_scanners list = @n.list_scanners
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"ID", "ID",
"Name", "Name",
@ -520,40 +625,31 @@ module Msf
print_line tbl.to_s print_line tbl.to_s
end end
def check_scan(*args)
case args.length
when 1
scan_id = args[0]
else
print_error("No scan ID supplied")
return
end
scans = @n.scan_list
scans.each { |scan|
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
return true
end
}
return false
end
def cmd_nessus_report_hosts(*args) def cmd_nessus_report_hosts(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_report_hosts <scan ID>") scan_id = nil
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") while (arg = args.shift)
return case arg
when '-h', '--help'
print_status("nessus_report_hosts <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
scan_id = arg
end
end end
case args.length
when 1 if scan_id.nil?
scan_id = args[0]
scan_id = scan_id
else
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_hosts <scan ID>") print_status("nessus_report_hosts <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Host ID", "Host ID",
"Hostname", "Hostname",
@ -576,22 +672,28 @@ module Msf
end end
def cmd_nessus_report_vulns(*args) def cmd_nessus_report_vulns(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_report_vulns <scan ID>") scan_id = nil
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") while (arg = args.shift)
return case arg
when '-h', '--help'
print_status("nessus_report_vulns <scan ID> -S searchterm")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
scan_id = arg
end
end end
case args.length if scan_id.nil?
when 1
scan_id = args[0]
scan_id = scan_id.to_i
else
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_vulns <scan ID>") print_status("nessus_report_vulns <scan ID>")
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Plugin ID", "Plugin ID",
"Plugin Name", "Plugin Name",
@ -613,21 +715,29 @@ module Msf
end end
def cmd_nessus_report_host_details(*args) def cmd_nessus_report_host_details(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_report_host_details <scan ID> <host ID>") search_vuln = nil
print_status("Example:> nessus_report_host_details 10 5") scan_id = nil
print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") host_id = nil
print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") while (arg = args.shift)
return case arg
end when '-h', '--help'
if !nessus_verify_token print_status("nessus_report_host_details <scan ID> <host ID>")
return print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo")
end print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.")
case args.length print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.")
when 2 return
scan_id = args[0] when '-S', '--search'
host_id = args[1] search_term = /#{args.shift}/nmi
else when '-SV', '--search-vuln'
search_vuln = /#{args.shift}/nmi
else
scan_id = arg,
host_id = args.shift
end
end
if [scan_id, host_id].any?(&:nil?)
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_host_detail <scan ID> <host ID>") print_status("nessus_report_host_detail <scan ID> <host ID>")
print_status("Example:> nessus_report_host_detail 10 5") print_status("Example:> nessus_report_host_detail 10 5")
@ -636,6 +746,7 @@ module Msf
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Plugin Name', 'Plugin Name',
'Plugin Famil', 'Plugin Famil',
@ -654,6 +765,7 @@ module Msf
} }
print_line tbl.to_s print_line tbl.to_s
tbl2 = Rex::Ui::Text::Table.new( tbl2 = Rex::Ui::Text::Table.new(
'SearchTerm' => search_vuln,
'Columns' => [ 'Columns' => [
'Plugin Name', 'Plugin Name',
'Plugin Famil', 'Plugin Famil',
@ -698,27 +810,33 @@ module Msf
end end
def cmd_nessus_report_host_ports(*args) def cmd_nessus_report_host_ports(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_report_host_ports <hostname> <report id>") rid = nil
print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") host = nil
print_status() while (arg = args.shift)
print_status("Returns all the ports associated with a host and details about their vulnerabilities") case arg
print_status("Use nessus_report_hosts to list all available hosts for a report") when '-h', '--help'
end print_status("nessus_report_host_ports <hostname> <report id>")
if !nessus_verify_token print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm")
return print_status()
end print_status("Returns all the ports associated with a host and details about their vulnerabilities")
case args.length print_status("Use nessus_report_hosts to list all available hosts for a report")
when 2 return
host = args[0] when '-S', '--search'
rid = args[1] search_term = /#{args.shift}/nmi
else else
scan_id = arg
end
end
if [host,rid].any?(&:nil?)
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_report_host_ports <hostname> <report id>") print_status("nessus_report_host_ports <hostname> <report id>")
print_status("Use nessus_report_list to list all available reports") print_status("Use nessus_report_list to list all available reports")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Port', 'Port',
'Protocol', 'Protocol',
@ -775,13 +893,20 @@ module Msf
end end
def cmd_nessus_scan_list(*args) def cmd_nessus_scan_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_scan_list") while (arg = args.shift)
print_status("Example:> nessus_scan_list") case arg
print_status() when '-h', '--help'
print_status("Returns a list of information about currently running scans.") print_status("nessus_scan_list")
return print_status("Example:> nessus_scan_list -S searchterm")
end print_status()
print_status("Returns a list of information about currently running scans.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -791,6 +916,7 @@ module Msf
return return
else else
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Scan ID', 'Scan ID',
'Name', 'Name',
@ -1014,18 +1140,6 @@ module Msf
else else
print_error("Only completed scans could be used for import") print_error("Only completed scans could be used for import")
end end
end
def is_scan_complete(scan_id)
complete = false
status = @n.scan_list
status["scans"].each { |scan|
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
complete = true
end
}
complete
end end
def cmd_nessus_scan_pause_all(*args) def cmd_nessus_scan_pause_all(*args)
@ -1174,35 +1288,39 @@ module Msf
end end
def cmd_nessus_scan_details(*args) def cmd_nessus_scan_details(*args)
if args[0] == "-h" valid_categories = ['info', 'hosts', 'vulnerabilities', 'history']
print_status("nessus_scan_details <scan ID> <category>") search_term = nil
print_status("Availble categories are info, hosts, vulnerabilities, and history") scan_id = nil
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") category = nil
return while (arg = args.shift)
end case arg
when '-h', '--help'
print_status("Usage: ")
print_status("nessus_scan_details <scan ID> <category> -S searchterm")
print_status("Availble categories are info, hosts, vulnerabilities, and history")
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
scan_id = arg
if args[0].in?(valid_categories)
category = args.shift
else
print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
return
end
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
case args.length
when 2
scan_id = args[0]
category = args[1]
if category.in?(['info', 'hosts', 'vulnerabilities', 'history'])
category = args[1]
else
print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
return
end
else
print_status("Usage: ")
print_status("nessus_scan_details <scan ID> <category>")
print_status("Availble categories are info, hosts, vulnerabilities, and history")
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
return
end
details = @n.scan_details(scan_id) details = @n.scan_details(scan_id)
if category == "info" if category == "info"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Status", "Status",
"Policy", "Policy",
@ -1214,6 +1332,7 @@ module Msf
tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ] tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ]
elsif category == "hosts" elsif category == "hosts"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Host ID", "Host ID",
"Hostname", "Hostname",
@ -1227,6 +1346,7 @@ module Msf
} }
elsif category == "vulnerabilities" elsif category == "vulnerabilities"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"Plugin ID", "Plugin ID",
"Plugin Name", "Plugin Name",
@ -1238,6 +1358,7 @@ module Msf
} }
elsif category == "history" elsif category == "history"
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
"History ID", "History ID",
"Status", "Status",
@ -1319,27 +1440,32 @@ module Msf
end end
def cmd_nessus_plugin_list(*args) def cmd_nessus_plugin_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_plugin_list <Family ID>") family_id = nil
print_status("Example:> nessus_plugin_list 10") while (arg = args.shift)
print_status() case arg
print_status("Returns a list of all plugins in that family.") when '-h', '--help'
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") print_status("nessus_plugin_list <Family ID> -S searchterm")
return print_status("Example:> nessus_plugin_list 10")
end print_status()
if !nessus_verify_token print_status("Returns a list of all plugins in that family.")
return print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
end return
case args.length when '-S', '--search'
when 1 search_term = /#{args.shift}/nmi
family_id = args[0] else
else family_id = arg
end
end
if family_id.nil?
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_plugin_list <Family ID>") print_status("nessus_plugin_list <Family ID>")
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Plugin ID', 'Plugin ID',
'Plugin Name' 'Plugin Name'
@ -1355,15 +1481,23 @@ module Msf
end end
def cmd_nessus_family_list(*args) def cmd_nessus_family_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_family_list") while (arg = args.shift)
print_status("Example:> nessus_family_list") case arg
print_status() when '-h', '--help'
print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") print_status("nessus_family_list")
return print_status("Example:> nessus_family_list -S searchterm")
end print_status()
print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
list = @n.list_families list = @n.list_families
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Family ID', 'Family ID',
'Family Name', 'Family Name',
@ -1377,27 +1511,36 @@ module Msf
end end
def cmd_nessus_plugin_details(*args) def cmd_nessus_plugin_details(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_plugin_details <Plugin ID>") plugin_id = nil
print_status("Example:> nessus_plugin_details 10264") while (arg = args.shift)
print_status() case arg
print_status("Returns details on a particular plugin.") when '-h', '--help'
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") print_status("nessus_plugin_details <Plugin ID>")
return print_status("Example:> nessus_plugin_details 10264 -S searchterm")
end print_status()
print_status("Returns details on a particular plugin.")
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
else
plugin_id = arg
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
case args.length
when 1 if plugin_id.nil?
plugin_id = args[0]
else
print_status("Usage: ") print_status("Usage: ")
print_status("nessus_plugin_details <Plugin ID>") print_status("nessus_plugin_details <Plugin ID>")
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
return return
end end
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'Reference', 'Reference',
'Value' 'Value'
@ -1423,13 +1566,20 @@ module Msf
end end
def cmd_nessus_user_list(*args) def cmd_nessus_user_list(*args)
if args[0] == "-h" scan_id = nil
print_status("nessus_user_list") while (arg = args.shift)
print_status("Example:> nessus_user_list") case arg
print_status() when '-h', '--help'
print_status("Returns a list of the users on the Nessus server and their access level.") print_status("nessus_user_list")
return print_status("Example:> nessus_user_list -S searchterm")
end print_status()
print_status("Returns a list of the users on the Nessus server and their access level.")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -1438,6 +1588,7 @@ module Msf
end end
list=@n.list_users list=@n.list_users
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
'SearchTerm' => search_term,
'Columns' => [ 'Columns' => [
'ID', 'ID',
'Name', 'Name',
@ -1574,13 +1725,20 @@ module Msf
end end
def cmd_nessus_policy_list(*args) def cmd_nessus_policy_list(*args)
if args[0] == "-h" search_term = nil
print_status("nessus_policy_list") while (arg = args.shift)
print_status("Example:> nessus_policy_list") case arg
print_status() when '-h', '--help'
print_status("Lists all policies on the server") print_status("nessus_policy_list")
return print_status("Example:> nessus_policy_list -S searchterm")
end print_status()
print_status("Lists all policies on the server")
return
when '-S', '--search'
search_term = /#{args.shift}/nmi
end
end
if !nessus_verify_token if !nessus_verify_token
return return
end end
@ -1642,31 +1800,6 @@ module Msf
print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.") print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.")
end end
end end
def valid_policy(*args)
case args.length
when 1
pid = args[0]
else
print_error("No Policy ID supplied.")
return
end
pol = @n.list_policies
pol["policies"].each { |p|
if p["template_uuid"] == pid
return true
end
}
return false
end
def nessus_verify_db
if !(framework.db and framework.db.active)
print_error("No database has been configured, please use db_create/db_connect first")
return false
end
true
end
end end
def initialize(framework, opts) def initialize(framework, opts)