commit
4d7871bbb1
|
@ -5,20 +5,15 @@ require 'nessus/nessus-xmlrpc'
|
|||
require 'rex/parser/nessus_xml'
|
||||
|
||||
module Msf
|
||||
#constants
|
||||
NBVer = "1.1" # Nessus Plugin Version. Increments each time we commit to msf
|
||||
Xindex = "#{Msf::Config.get_config_root}/nessus_index" # location of the exploit index file used to speed up searching for valid exploits.
|
||||
Nessus_yaml = "#{Msf::Config.get_config_root}/nessus.yaml" #location of the nessus.yml containing saved nessus creds
|
||||
|
||||
class Plugin::Nessus < Msf::Plugin
|
||||
|
||||
#creates the index of exploit details to make searching for exploits much faster.
|
||||
def create_xindex
|
||||
start = Time.now
|
||||
print_status("Creating Exploit Search Index - (#{Xindex}) - this wont take long.")
|
||||
print_status("Creating Exploit Search Index - (#{@xindex}) - this wont take long.")
|
||||
count = 0
|
||||
# use Msf::Config.get_config_root as the location.
|
||||
File.open("#{Xindex}", "w+") do |f|
|
||||
File.open("#{@xindex}", "w+") do |f|
|
||||
#need to add version line.
|
||||
f.puts(Msf::Framework::RepoRevision)
|
||||
framework.exploits.sort.each { |refname, mod|
|
||||
|
@ -48,13 +43,13 @@ module Msf
|
|||
end
|
||||
|
||||
def nessus_index
|
||||
if File.exist?("#{Xindex}")
|
||||
if File.exist?("#{@xindex}")
|
||||
#check if it's version line matches current version.
|
||||
File.open("#{Xindex}") {|f|
|
||||
File.open("#{@xindex}") {|f|
|
||||
line = f.readline
|
||||
line.chomp!
|
||||
if line.to_i == Msf::Framework::RepoRevision
|
||||
print_good("Exploit Index - (#{Xindex}) - is valid.")
|
||||
print_good("Exploit Index - (#{@xindex}) - is valid.")
|
||||
else
|
||||
create_xindex
|
||||
end
|
||||
|
@ -73,42 +68,41 @@ module Msf
|
|||
|
||||
def commands
|
||||
{
|
||||
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <ssl ok>",
|
||||
"nessus_admin" => "Checks if user is an admin",
|
||||
"nessus_help" => "Get help on all commands",
|
||||
"nessus_logout" => "Terminate the session",
|
||||
"nessus_server_status" => "Check the status of your Nessus Server",
|
||||
"nessus_server_feed" => "Nessus Feed Type",
|
||||
"nessus_server_prefs" => "Display Server Prefs",
|
||||
"nessus_report_list" => "List all Nessus reports",
|
||||
"nessus_report_get" => "Import a report from the nessus server in Nessus v2 format",
|
||||
"nessus_report_del" => "Delete a report",
|
||||
"nessus_report_hosts" => "Get list of hosts from a report",
|
||||
"nessus_report_host_ports" => "Get list of open ports from a host from a report",
|
||||
"nessus_report_host_detail" => "Detail from a report item on a host",
|
||||
"nessus_scan_status" => "List all currently running Nessus scans",
|
||||
"nessus_scan_new" => "Create new Nessus Scan",
|
||||
"nessus_scan_pause" => "Pause a Nessus Scan",
|
||||
"nessus_scan_pause_all" => "Pause all Nessus Scans",
|
||||
"nessus_scan_stop" => "Stop a Nessus Scan",
|
||||
"nessus_scan_stop_all" => "Stop all Nessus Scans",
|
||||
"nessus_scan_resume" => "Resume a Nessus Scan",
|
||||
"nessus_scan_resume_all" => "Resume all Nessus Scans",
|
||||
"nessus_user_list" => "Show Nessus Users",
|
||||
"nessus_user_add" => "Add a new Nessus User",
|
||||
"nessus_user_del" => "Delete a Nessus User",
|
||||
"nessus_user_passwd" => "Change Nessus Users Password",
|
||||
"nessus_plugin_family" => "List plugins in a family",
|
||||
"nessus_plugin_details" => "List details of a particular plugin",
|
||||
"nessus_plugin_list" => "Displays each plugin family and the number of plugins",
|
||||
"nessus_plugin_prefs" => "Display Plugin Prefs",
|
||||
"nessus_policy_list" => "List all polciies",
|
||||
"nessus_policy_del" => "Delete a policy",
|
||||
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <ssl ok>.",
|
||||
"nessus_admin" => "Checks if user is an admin.",
|
||||
"nessus_help" => "Get help on all commands.",
|
||||
"nessus_logout" => "Terminate the session.",
|
||||
"nessus_server_status" => "Check the status of your Nessus Server.",
|
||||
"nessus_server_feed" => "Nessus Feed Type.",
|
||||
"nessus_server_prefs" => "Display Server Prefs.",
|
||||
"nessus_report_list" => "List all Nessus reports.",
|
||||
"nessus_report_get" => "Import a report from the nessus server in Nessus v2 format.",
|
||||
"nessus_report_del" => "Delete a report.",
|
||||
"nessus_report_hosts" => "Get list of hosts from a report.",
|
||||
"nessus_report_host_ports" => "Get list of open ports from a host from a report.",
|
||||
"nessus_report_host_detail" => "Detail from a report item on a host.",
|
||||
"nessus_scan_status" => "List all currently running Nessus scans.",
|
||||
"nessus_scan_new" => "Create new Nessus Scan.",
|
||||
"nessus_scan_pause" => "Pause a Nessus Scan.",
|
||||
"nessus_scan_pause_all" => "Pause all Nessus Scans.",
|
||||
"nessus_scan_stop" => "Stop a Nessus Scan.",
|
||||
"nessus_scan_stop_all" => "Stop all Nessus Scans.",
|
||||
"nessus_scan_resume" => "Resume a Nessus Scan.",
|
||||
"nessus_scan_resume_all" => "Resume all Nessus Scans.",
|
||||
"nessus_user_list" => "Show Nessus Users.",
|
||||
"nessus_user_add" => "Add a new Nessus User.",
|
||||
"nessus_user_del" => "Delete a Nessus User.",
|
||||
"nessus_user_passwd" => "Change Nessus Users Password.",
|
||||
"nessus_plugin_family" => "List plugins in a family.",
|
||||
"nessus_plugin_details" => "List details of a particular plugin.",
|
||||
"nessus_plugin_list" => "Displays each plugin family and the number of plugins.",
|
||||
"nessus_plugin_prefs" => "Display Plugin Prefs.",
|
||||
"nessus_policy_list" => "List all polciies.",
|
||||
"nessus_policy_del" => "Delete a policy.",
|
||||
"nessus_index" => "Manually generates a search index for exploits.",
|
||||
"nessus_template_list" => "List all the templates on the server",
|
||||
"nessus_db_scan" => "Create a scan of all ips in db_hosts",
|
||||
"nessus_save" => "Save username/passowrd/server/port details",
|
||||
"nessus_report_exploits" => "Shows a summary of all the vulns in a scan that have a msf exploit."
|
||||
"nessus_template_list" => "List all the templates on the server.",
|
||||
"nessus_db_scan" => "Create a scan of all ips in db_hosts.",
|
||||
"nessus_save" => "Save username/passowrd/server/port details."
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -135,10 +129,10 @@ module Msf
|
|||
if ((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
||||
config = Hash.new
|
||||
config = {"#{group}" => {'username' => @user, 'password' => @pass, 'server' => @host, 'port' => @port}}
|
||||
File.open("#{Nessus_yaml}", "w+") do |f|
|
||||
File.open("#{@nessus_yaml}", "w+") do |f|
|
||||
f.puts YAML.dump(config)
|
||||
end
|
||||
print_good("#{Nessus_yaml} created.")
|
||||
print_good("#{@nessus_yaml} created.")
|
||||
|
||||
else
|
||||
print_error("Missing username/password/server/port - relogin and then try again.")
|
||||
|
@ -198,8 +192,8 @@ module Msf
|
|||
def cmd_nessus_logout
|
||||
@token = nil
|
||||
print_status("Logged out")
|
||||
system("rm #{Nessus_yaml}")
|
||||
print_good("#{Nessus_yaml} removed.")
|
||||
system("rm #{@nessus_yaml}")
|
||||
print_good("#{@nessus_yaml} removed.")
|
||||
return
|
||||
end
|
||||
|
||||
|
@ -259,7 +253,7 @@ module Msf
|
|||
tbl << [ "nessus_policy_list", "List all polciies" ]
|
||||
tbl << [ "nessus_policy_del", "Delete a policy" ]
|
||||
print_status ""
|
||||
print_status tbl.to_s
|
||||
print_line tbl.to_s
|
||||
print_status ""
|
||||
end
|
||||
|
||||
|
@ -285,7 +279,7 @@ module Msf
|
|||
tbl << [@feed, @version, @web_version]
|
||||
print_good("Nessus Status")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -327,8 +321,8 @@ module Msf
|
|||
def cmd_nessus_connect(*args)
|
||||
|
||||
if ! args[0]
|
||||
if File.exist?("#{Nessus_yaml}")
|
||||
lconfig = YAML.load_file("#{Nessus_yaml}")
|
||||
if File.exist?("#{@nessus_yaml}")
|
||||
lconfig = YAML.load_file("#{@nessus_yaml}")
|
||||
@user = lconfig['default']['username']
|
||||
@pass = lconfig['default']['password']
|
||||
@host = lconfig['default']['server']
|
||||
|
@ -483,7 +477,7 @@ module Msf
|
|||
}
|
||||
print_good("Nessus Report List")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s + "\n"
|
||||
print_status("You can:")
|
||||
print_status(" Get a list of hosts from the report: nessus_report_hosts <report id>")
|
||||
end
|
||||
|
@ -609,7 +603,7 @@ module Msf
|
|||
}
|
||||
print_good("Running Scans")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
print_good "\n"
|
||||
print_status("You can:")
|
||||
print_good(" Import Nessus report to database : nessus_report_get <reportid>")
|
||||
|
@ -655,7 +649,7 @@ module Msf
|
|||
}
|
||||
print_good("Templates")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s + "\n"
|
||||
print_good "\n"
|
||||
print_status("You can:")
|
||||
print_good(" Import Nessus report to database : nessus_report_get <reportid>")
|
||||
|
@ -695,7 +689,7 @@ module Msf
|
|||
}
|
||||
print_good("Nessus users")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_server_status(*args)
|
||||
|
@ -755,7 +749,7 @@ module Msf
|
|||
plugins = total.sum
|
||||
tbl << [users, policies, scans, reports, plugins]
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_plugin_list(*args)
|
||||
|
@ -789,7 +783,7 @@ module Msf
|
|||
tbl << [ 'Total Plugins', plugins ]
|
||||
print_good("Plugins By Family")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
print_status("List plugins for a family : nessus_plugin_family <family name>")
|
||||
end
|
||||
|
||||
|
@ -959,7 +953,7 @@ module Msf
|
|||
}
|
||||
print_good("Report Info")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
print_status("You can:")
|
||||
print_status(" Get information from a particular host: nessus_report_host_ports <hostname> <report id>")
|
||||
end
|
||||
|
@ -1007,7 +1001,7 @@ module Msf
|
|||
}
|
||||
print_good("Host Info")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
print_status("You can:")
|
||||
print_status(" Get detailed scan infromation about a specfic port: nessus_report_host_detail <hostname> <port> <protocol> <report id>")
|
||||
end
|
||||
|
@ -1069,7 +1063,7 @@ module Msf
|
|||
}
|
||||
print_good("Port Info")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_scan_pause_all(*args)
|
||||
|
@ -1358,7 +1352,7 @@ module Msf
|
|||
}
|
||||
print_good("#{fam} Info")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_policy_list(*args)
|
||||
|
@ -1388,7 +1382,7 @@ module Msf
|
|||
}
|
||||
print_good("Nessus Policy List")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_policy_del(*args)
|
||||
|
@ -1422,7 +1416,7 @@ module Msf
|
|||
return
|
||||
end
|
||||
|
||||
if answer == "Yes" || answer == "Y" || answer == "y" || answer == "yes"
|
||||
|
||||
del = @n.policy_del(pid)
|
||||
status = del.root.elements['status'].text
|
||||
if status == "OK"
|
||||
|
@ -1430,9 +1424,7 @@ module Msf
|
|||
else
|
||||
print_error("Policy number #{pid} was not deleted")
|
||||
end
|
||||
else
|
||||
print_error("wow that was close, damn we asked")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def cmd_nessus_plugin_details(*args)
|
||||
|
@ -1484,7 +1476,7 @@ module Msf
|
|||
tbl << [ "Plugin Pub Date", entry['plugin_publication_date'] ]
|
||||
tbl << [ "Plugin Modification Date", entry['plugin_modification_date'] ]
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_report_del(*args)
|
||||
|
@ -1518,7 +1510,7 @@ module Msf
|
|||
return
|
||||
end
|
||||
|
||||
if (answer == "Yes" || answer == "Y" || answer == "y" || answer == "yes")
|
||||
|
||||
del = @n.report_del(rid)
|
||||
status = del.root.elements['status'].text
|
||||
if status == "OK"
|
||||
|
@ -1526,11 +1518,6 @@ module Msf
|
|||
else
|
||||
print_error("Report #{rid} was not deleted")
|
||||
end
|
||||
else
|
||||
print_error("wow that was close, damn we asked")
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
def cmd_nessus_server_prefs(*args)
|
||||
|
@ -1564,7 +1551,7 @@ module Msf
|
|||
}
|
||||
print_good("Nessus Server Pref List")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s + "\n"
|
||||
|
||||
end
|
||||
|
||||
|
@ -1600,7 +1587,7 @@ module Msf
|
|||
}
|
||||
print_good("Nessus Plugins Pref List")
|
||||
print_good "\n"
|
||||
print_good tbl.to_s + "\n"
|
||||
print_line tbl.to_s
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -1608,9 +1595,12 @@ module Msf
|
|||
super
|
||||
|
||||
add_console_dispatcher(ConsoleCommandDispatcher)
|
||||
print_status("Nessus Bridge for Metasploit #{NBVer}")
|
||||
@nbver = "1.1" # Nessus Plugin Version. Increments each time we commit to msf
|
||||
@xindex = "#{Msf::Config.get_config_root}/nessus_index" # location of the exploit index file used to speed up searching for valid exploits.
|
||||
@nessus_yaml = "#{Msf::Config.get_config_root}/nessus.yaml" #location of the nessus.yml containing saved nessus creds
|
||||
print_status("Nessus Bridge for Metasploit #{@nbver}")
|
||||
print_good("Type %bldnessus_help%clr for a command listing")
|
||||
nessus_index
|
||||
#nessus_index
|
||||
end
|
||||
|
||||
def cleanup
|
||||
|
@ -1622,7 +1612,7 @@ module Msf
|
|||
end
|
||||
|
||||
def desc
|
||||
"Nessus Bridge for Metasploit #{NBVer}"
|
||||
"Nessus Bridge for Metasploit #{@nbver}"
|
||||
end
|
||||
protected
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue