PaulDotCom mailing list archives
Re: [framework] nessus scanning through a metasploit tunnel
From: Robin Wood <robin () digininja org>
Date: Thu, 21 Oct 2010 00:14:50 +0100
On 20 October 2010 17:52, Carlos Perez <carlos_perez () darkoperator com> wrote:
just look at this: https://metasploit.com/redmine/projects/framework/repository/revisions/10337/diff/lib/rex/proto/proxy/socks4a.rb https://www.metasploit.com/redmine/projects/framework/repository/changes/modules/auxiliary/server/socks4a.rb A Meterpreter script to auto set this for a specific session can be done quite easily I believe
Thanks, that is what I was planning to have a play with when things calm down a bit. Robin
On Oct 20, 2010, at 12:38 PM, Robin Wood wrote: On 20 October 2010 13:18, Sherwyn <infolookup () gmail com> wrote: Hi Robin, I have also been testing the "Nessus bridge for Metasploit" and it looks like you do need a nessus server to connect back too and run the various scans through. I would however point you to Zate in the metasploit chat room or sometimes in the PDC IRC, he is still activity developing this plugin and might have some undocumented tricks he is willing to share. Let us know what you fine cause this can be very useful. I think I might have a way to do it with a SOCKS proxy and proxychains but without having to install SSH. Will test it out and write up a post when I get it working. Robin ------Original Message------ From: Robin Wood Sender: pauldotcom-bounces () mail pauldotcom com To: PaulDotCom Mailing List To: Metasploit List ReplyTo: PaulDotCom Security Weekly Mailing List Subject: [Pauldotcom] nessus scanning through a metasploit tunnel Sent: Oct 19, 2010 11:41 AM I've been playing with running Nessus scans through Metasploit and got it working fine but I then tried to run it through a route set up through a Meterpreter tunnel but it didn't work. I assume that this is because all Metasploit is doing is just accessing Nessus through its API and it isn't actually integrating with Nessus. Is there any way now we have the Nessus integration to get it to scan through the a Meterpreter tunnel? I know that it can be done through an SSH tunnel being installed on the target machine but it would be nice to be able to run it directly through Metasploit routing. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Infolookup http://infolookup.securegossip.com www.twitter.com/infolookup _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- nessus scanning through a metasploit tunnel Robin Wood (Oct 19)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 24)
- <Possible follow-ups>
- Re: nessus scanning through a metasploit tunnel Sherwyn (Oct 20)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 21)
- Re: [framework] nessus scanning through a metasploit tunnel Carlos Perez (Oct 20)
- Re: [framework] nessus scanning through a metasploit tunnel Robin Wood (Oct 21)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 21)