Re: nessus scanning through a metasploit tunnel

[Robin Wood <robin () digininja org>]

On 19 October 2010 16:41, Robin Wood <robin () digininja org> wrote:
> I've been playing with running Nessus scans through Metasploit and got
> it working fine but I then tried to run it through a route set up
> through a Meterpreter tunnel but it didn't work. I assume that this is
> because all Metasploit is doing is just accessing Nessus through its
> API and it isn't actually integrating with Nessus. Is there any way
> now we have the Nessus integration to get it to scan through the a
> Meterpreter tunnel?
>
> I know that it can be done through an SSH tunnel being installed on
> the target machine but it would be nice to be able to run it directly
> through Metasploit routing.

After various bits of help I got this working. I used Meterpreter to
create a route through to the target machine then the SOCKS proxy aux
module to allow Nessus to route through to the target.

I've written it all up here:

http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php

It all worked fine in the end, the only problem is that it is very
slow, over an hour to scan the compromised machine and even longer to
scan another machine on the same subnet. Using this on a test I'd want
to create a very minimal Nessus profile to keep the time down as much
as possible.

Thanks for all the tips that got this working.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com