0

For my computer security class I have to prepare a malicious attack using Tenable Nessus security scanner. The scanner and target, which is Metasploitable2, both have been installed on separate virtual machines. Everything works just fine, Nessus scans the target and renders a report. Is there any Nessus' plugin to do damage to Metasploitable2 (not to my computer, of course)? So far all the vulnerability I could find was the ones that could be used by attacker, but I need some attack to be done using Nessus itself. I would be grateful for any advice, thank you.

Adam
  • 1

4 Answers4

5

Nessus is a vulnerability scanner, it's job is to find what vulnerabilities may be present in a target system. It does not actually perform the attack itself (except by accident if it were to accidentally DOS the target with an unsafe check).

Instead you should use to the results of the Nessus scan to use other tools, like Metasploit to perform the attack

Colin Cassidy
  • 1,880
  • 11
  • 19
1

You could probably get some ideas here: https://www.shellntel.com/?offset=1467995296914

The short version is to write a NASL to exploit what it finds on metasploitable instead of just checking for a vulnerability.

AtSymbolCarrot
  • 11
  • 2
0

As the other answer mentions, this is not what Nessus was built for. One could argue the developers try very hard to never do any damage. As the name suggests, metasploit contains all the tools you'll need to attack Metasploitable.

A common workflow is 1)enumerate targets and scan their services with nmap 2)find out if the services are outdated or badly coded 3) find or build exploits 4)launch and create persistence.

Nessus will do step 1 and 2, and often part of 3. But 4 is metasploits job.

So i'm afraid you're going to have to learn some actual linux skills if you want to do this.

J.A.K.
  • 4,793
  • 13
  • 30
0

To answer your question: what you need is msf alias metasploit. there you can use nessus reports or start a nessus scan from within. Metasploit is a exploitation framework, giving you easy options in exploiting well known vulnerabilities.

This tutorial explains how to use nessus from withing metasploit.

Gewure
  • 324
  • 1
  • 11