0

I am thinking about launching wide nessus scans (in the "IP range" sense) against exploits present in metasploit. The idea is to limit the number of plugins so that that the scan finishes in a reasonable time. (As a side note nessus 5.0 comes with a set of filters which allow to chose for instance "critical" vulnerabilities but, this is unfathomable to me, it is not possible to save such a configuration, ie. you have to do this manually before each scan if you want to catch the newest vulnerabilities)

This would be in essence an exercise to match the relevant plugins in nessus with the current vulnerability list in metasploit. I know it is possible to do the reverse (import into metasploit the results of nessus scans).

lisa17
  • 1,958
  • 7
  • 21
  • 43
WoJ
  • 8,957
  • 2
  • 32
  • 51
  • Most things in Nessus are scriptable, so what I would recommend is having a good read of the Nessus documentation and Discussion Forum. They would be your best bet to overcoming the 'unfathomable' - not sure this question is on topic here – Rory Alsop Apr 10 '12 at 12:12
  • I am not sure I understand your comment. Current versions of Nessus are not that easy to script, but this is doable. My question was about the approach to match Metsploit and Nessus vulnerabilities. The 'unfathomable' part is about a critical option introduced to nessus but effectively hardly useable in an enterprise setup (where you have to run automated scans) – WoJ Apr 10 '12 at 15:27

1 Answers1

2

Nessus Filter Options:

  • "exploit available" = true (filters plug-ins to those with public exploits)
  • "metasploit exploit framework" = true (filters plug-ins to those with Metasploit vulnerabilities)

The explanations of these filters can be found in the user guide.

But, I assume that you also want the plugin list to automatically update when the Nessus plugins update. I do not have any info on how to do that, but I think you would need to generate a new policy with the appropriate filters after each plugin update.

Here is Tenable's guide to running scans from within Metasploit.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Thanks for the answer -- unfortunately what I am trying to do is to precisely fix the lack of persistent filtering in Metasploit you mentioned. Currently one needs to recreate the policy at each plugin update, which is not realistic in a distributed environment where the scans run automatically. – WoJ Apr 11 '12 at 09:07
  • As for the ability to run scans from metasplot, I mentioned I am aware of it but it does not help to reduce the number of tests (it basically allows to run & import scan results to be reused by Metsploit) – WoJ Apr 11 '12 at 09:09
  • I've been trying to research the scripting capabilities so that new policies could be created daily with a filter in place, but I'm having no luck. Seems like a straight-forward task to be able to script. I will keep looking. – schroeder Apr 11 '12 at 19:44
  • Thanks - I will be looking into that as well and update this page if any luck (I have some years of dev lagging :)) – WoJ Apr 12 '12 at 09:23