Metasploit mailing list archives
Re: nessus scanning through a metasploit tunnel
From: Robin Wood <robin () digininja org>
Date: Sun, 24 Oct 2010 11:41:43 +0100
On 19 October 2010 16:41, Robin Wood <robin () digininja org> wrote:
I've been playing with running Nessus scans through Metasploit and got it working fine but I then tried to run it through a route set up through a Meterpreter tunnel but it didn't work. I assume that this is because all Metasploit is doing is just accessing Nessus through its API and it isn't actually integrating with Nessus. Is there any way now we have the Nessus integration to get it to scan through the a Meterpreter tunnel? I know that it can be done through an SSH tunnel being installed on the target machine but it would be nice to be able to run it directly through Metasploit routing.
After various bits of help I got this working. I used Meterpreter to create a route through to the target machine then the SOCKS proxy aux module to allow Nessus to route through to the target. I've written it all up here: http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php It all worked fine in the end, the only problem is that it is very slow, over an hour to scan the compromised machine and even longer to scan another machine on the same subnet. Using this on a test I'd want to create a very minimal Nessus profile to keep the time down as much as possible. Thanks for all the tips that got this working. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- nessus scanning through a metasploit tunnel Robin Wood (Oct 19)
- Re: nessus scanning through a metasploit tunnel Zate Berg (Oct 19)
- Re: nessus scanning through a metasploit tunnel Zate Berg (Oct 19)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 19)
- Re: nessus scanning through a metasploit tunnel egypt (Oct 19)
- Re: nessus scanning through a metasploit tunnel Terrence (Oct 19)
- Re: nessus scanning through a metasploit tunnel HD Moore (Oct 19)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 21)
- Re: nessus scanning through a metasploit tunnel HD Moore (Oct 21)
- Re: nessus scanning through a metasploit tunnel Zate Berg (Oct 19)
- Re: nessus scanning through a metasploit tunnel Zate Berg (Oct 19)
- <Possible follow-ups>
- Re: nessus scanning through a metasploit tunnel Vlatko Kosturjak (Oct 21)
- Re: nessus scanning through a metasploit tunnel Oliver Kleinecke (Oct 21)
- Re: nessus scanning through a metasploit tunnel Robin Wood (Oct 21)
- Re: nessus scanning through a metasploit tunnel Oliver Kleinecke (Oct 21)