Re: [Pauldotcom] nessus scanning through a metasploit tunnel

[Robin Wood <robin () digininja org>]

On 20 October 2010 17:52, Carlos Perez <carlos_perez () darkoperator com> wrote:
> just look at this:
> https://metasploit.com/redmine/projects/framework/repository/revisions/10337/diff/lib/rex/proto/proxy/socks4a.rb
> https://www.metasploit.com/redmine/projects/framework/repository/changes/modules/auxiliary/server/socks4a.rb
> A Meterpreter script to auto set this for a specific session can be done
> quite easily I believe

Thanks, that is what I was planning to have a play with when things
calm down a bit.
Robin

> On Oct 20, 2010, at 12:38 PM, Robin Wood wrote:
>
> On 20 October 2010 13:18, Sherwyn <infolookup () gmail com> wrote:
>
> Hi Robin,
>
> I have also been testing the "Nessus bridge for Metasploit" and it looks
> like you do need a nessus server to connect back too and run the various
> scans through.
>
> I would however point you to Zate in the metasploit chat room or sometimes
> in the PDC IRC, he is still activity developing this plugin and might have
> some undocumented tricks he is willing to share.
>
> Let us know what you fine cause this can be very useful.
>
> I think I might have a way to do it with a SOCKS proxy and proxychains
> but without having to install SSH. Will test it out and write up a
> post when I get it working.
>
> Robin
>
>
> ------Original Message------
>
> From: Robin Wood
>
> Sender: pauldotcom-bounces () mail pauldotcom com
>
> To: PaulDotCom Mailing List
>
> To: Metasploit List
>
> ReplyTo: PaulDotCom Security Weekly Mailing List
>
> Subject: [Pauldotcom] nessus scanning through a metasploit tunnel
>
> Sent: Oct 19, 2010 11:41 AM
>
> I've been playing with running Nessus scans through Metasploit and got
>
> it working fine but I then tried to run it through a route set up
>
> through a Meterpreter tunnel but it didn't work. I assume that this is
>
> because all Metasploit is doing is just accessing Nessus through its
>
> API and it isn't actually integrating with Nessus. Is there any way
>
> now we have the Nessus integration to get it to scan through the a
>
> Meterpreter tunnel?
>
> I know that it can be done through an SSH tunnel being installed on
>
> the target machine but it would be nice to be able to run it directly
>
> through Metasploit routing.
>
> Robin
>
> _______________________________________________
>
> Pauldotcom mailing list
>
> Pauldotcom () mail pauldotcom com
>
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>
> Main Web Site: http://pauldotcom.com
>
>
> Infolookup
>
> http://infolookup.securegossip.com
>
> www.twitter.com/infolookup
>
> _______________________________________________
>
> Pauldotcom mailing list
>
> Pauldotcom () mail pauldotcom com
>
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>
> Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework