Re: [Pauldotcom] nessus scanning through a metasploit tunnel

[Carlos Perez <carlos_perez () darkoperator com>]

just look at this:

https://metasploit.com/redmine/projects/framework/repository/revisions/10337/diff/lib/rex/proto/proxy/socks4a.rb

https://www.metasploit.com/redmine/projects/framework/repository/changes/modules/auxiliary/server/socks4a.rb

A Meterpreter script to auto set this for a specific session can be done quite easily I believe


On Oct 20, 2010, at 12:38 PM, Robin Wood wrote:

> On 20 October 2010 13:18, Sherwyn <infolookup () gmail com> wrote:
> > Hi Robin,
> >
> > I have also been testing the "Nessus bridge for Metasploit" and it looks like you do need a nessus server to connect 
> > back too and run the various scans through.
> >
> > I would however point you to Zate in the metasploit chat room or sometimes in the PDC IRC, he is still activity 
> > developing this plugin and might have some undocumented tricks he is willing to share.
> >
> > Let us know what you fine cause this can be very useful.
>
> I think I might have a way to do it with a SOCKS proxy and proxychains
> but without having to install SSH. Will test it out and write up a
> post when I get it working.
>
> Robin
>
>
> > ------Original Message------
> > From: Robin Wood
> > Sender: pauldotcom-bounces () mail pauldotcom com
> > To: PaulDotCom Mailing List
> > To: Metasploit List
> > ReplyTo: PaulDotCom Security Weekly Mailing List
> > Subject: [Pauldotcom] nessus scanning through a metasploit tunnel
> > Sent: Oct 19, 2010 11:41 AM
> >
> > I've been playing with running Nessus scans through Metasploit and got
> > it working fine but I then tried to run it through a route set up
> > through a Meterpreter tunnel but it didn't work. I assume that this is
> > because all Metasploit is doing is just accessing Nessus through its
> > API and it isn't actually integrating with Nessus. Is there any way
> > now we have the Nessus integration to get it to scan through the a
> > Meterpreter tunnel?
> >
> > I know that it can be done through an SSH tunnel being installed on
> > the target machine but it would be nice to be able to run it directly
> > through Metasploit routing.
> >
> > Robin
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> >
> > Infolookup
> > http://infolookup.securegossip.com
> > www.twitter.com/infolookup
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework