Nessus Scan Port ID mapped to Metasploit Vulnerability exploits

Question

My Question: Is there any sort of website that maps Nessus Scan IDs to Metasploit Vulnerabilities?

My Situation: I'm learning about penetration testing and I'm beginning to get frustrated seeing a nessus scan like this (for example):

Plugin ID   Risk    Name
25216   Critical    Samba NDR MS-RPC Request Heap-Based Remote Buffer Overflow

And then having to figure out which metasploit exploit module I can use to exploit that vulnerability. I wind up having to do something like:

msf> search samba

And getting a ton of results to sift through.

Like I said, I'm just learning, so if you need more information try to not jump down my throat about it :) I'll give you more info :)

What would be even cooler is if there were some sort of tool I could load my nessus scan into which would exploit each of the vulnerabilities in turn. That would rock. If that doesn't exist, my question is why...? :)

score 4 · Accepted Answer · answered Oct 26 '12 at 08:39

In terms of finding the corresponding exploits for Nessus output, there's a couple of good techniques.

Firstly, Nessus puts a flag in each report item for "exploitable" which indicates that there is exploit code available.

Once you've got that you can use the CVE number which will likely be listed in the finding (or the MS number for Microsoft vulns) as they're unique to a specific issue, this lets you find the exploit quickly, if it exists in Metasploit.

As to automatic exploitation, such a tool could be written, but it would be a bad idea in most cases as exploits have differing levels of reliability and in a number of cases they risk crashing the host or the service that they're exploiting, so a safer way is to analyze your options once you know what exploits will work on a target host and pick the one with the best Metasploit ranking, which should give you a more reliable exploit.

Yes, good answer -- cvedetails.com and osvdb.org also contain CVE to exploit mappings — atdre, Jan 08 '15 at 04:35

score 2 · Answer 2 · answered Oct 24 '12 at 19:09

I just found ExploitSearch. If you search "NESSUS [NESSUS ID]" then it will take you to some details on that nessus id exploit and that contains links to metasploit's website for a module to exploit that vulnerability. I just found it so I'm not sure if this totally answers the questions, but maybe this will point in the right direction.

score 1 · Answer 3 · answered Oct 24 '12 at 23:07

1

You should have a look at db_import and db_autopwn commands, for example http://www.offensive-security.com/metasploit-unleashed/Using_The_Database and http://www.offensive-security.com/metasploit-unleashed/Working_With_Nessus

This is not exactly what you are looking for, but very close to it.

answered Oct 24 '12 at 23:07

Vitaly Osipov

863
6
14

Also check out -- http://www.offensive-security.com/metasploit-unleashed/Nessus_Via_Msfconsole -- the msfconsole `vulns' command should reveal all of the information one would need once populated – atdre Jan 08 '15 at 04:38

score 0 · Answer 4 · answered Oct 24 '12 at 18:40

0

I think Metasploit actually has this when you generate the report, it will mention if there is a module or not. On your second question, you don't want to exploit something automatically, it might take down a production system.

answered Oct 24 '12 at 18:40

Lucas Kauffman

54,169
17
112
196

That's true about avoiding taking down a production system. But wouldn't it be awesome if it could prompt you 1 by 1 on each vulnerability and you could say exploit or no? I don't know, maybe I'm alone on this, but I think that'd really increase productivity. – kentcdodds Oct 24 '12 at 18:43
As far as your answer, I think you mean Nessus when you said Metasploit (referring to the report). Nessus does say there is a module available, but it doesn't say what module to use. – kentcdodds Oct 24 '12 at 18:44

Nessus Scan Port ID mapped to Metasploit Vulnerability exploits

4 Answers4