2010-09-15 16:41:49 +08:00
|
|
|
|
|
|
|
require 'nessus/nessus-xmlrpc'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
class Plugin::Nessus < Msf::Plugin
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This class implements a sample console command dispatcher.
|
|
|
|
#
|
|
|
|
###
|
|
|
|
class ConsoleCommandDispatcher
|
|
|
|
include Msf::Ui::Console::CommandDispatcher
|
|
|
|
def name
|
|
|
|
"Nessus"
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns the hash of commands supported by this dispatcher.
|
|
|
|
#
|
|
|
|
def commands
|
|
|
|
{
|
2010-09-20 10:18:25 +08:00
|
|
|
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <ssl ok>",
|
|
|
|
"nessus_report_list" => "List all Nessus reports",
|
|
|
|
"nessus_report_get" => "Import a report from the nessus server in Nessus v2 format",
|
|
|
|
"nessus_scan_status" => "List all currently running Nessus scans",
|
|
|
|
"nessus_server_status" => "Check the status of your Nessus Server",
|
|
|
|
"nessus_server_feed" => "Nessus Feed Type",
|
|
|
|
"nessus_plugin_list" => "Displays each plugin family and the number of plugins",
|
2010-09-24 07:17:13 +08:00
|
|
|
"nessus_user_list" => "Show Nessus Users",
|
2010-09-20 10:18:25 +08:00
|
|
|
"nessus_scan_new" => "Create new Nessus Scan",
|
|
|
|
"nessus_scan_pause" => "Pause a Nessus Scan",
|
2010-09-24 07:17:13 +08:00
|
|
|
"nessus_scan_pause_all" => "Pause all Nessus Scans",
|
|
|
|
"nessus_scan_stop" => "Stop a Nessus Scan",
|
|
|
|
"nessus_scan_stop_all" => "Stop all Nessus Scans",
|
|
|
|
"nessus_scan_resume" => "Resume a Nessus Scan",
|
|
|
|
"nessus_scan_resume_all" => "Resume all Nessus Scans",
|
|
|
|
"nessus_user_add" => "Add a new Nessus User",
|
|
|
|
"nessus_user_del" => "Delete a Nessus User",
|
|
|
|
"nessus_user_passwd" => "Change Nessus Users Password",
|
|
|
|
"nessus_plugin_family" => "List plugins in a family",
|
2010-09-20 10:18:25 +08:00
|
|
|
#"nessus_plugin_details" => "List details of a particular plugin"
|
|
|
|
#"nessus_server_prefs" => "Display Server Prefs"
|
|
|
|
#"nessus_policy_list" => "List all polciies"
|
|
|
|
#"nessus_policy_new" => "Save new policy"
|
|
|
|
#"nessus_policy_del" => "Delete a policy"
|
|
|
|
#"nessus_policy_dupe" => "Duplicate a policy"
|
|
|
|
#"nessus_policy_rename" => "Rename a policy"
|
|
|
|
#"nessus_report_del" => "Delete a report"
|
2010-09-24 07:17:13 +08:00
|
|
|
"nessus_report_hosts" => "Get list of hosts from a report",
|
|
|
|
"nessus_admin" => "Checks if user is an admin",
|
2010-09-20 10:18:25 +08:00
|
|
|
#"nessus_report_hosts_filter" => "Get list of hosts from a report with filter"
|
2010-09-24 07:17:13 +08:00
|
|
|
"nessus_report_host_ports" => "Get list of open ports from a host from a report",
|
|
|
|
"nessus_report_host_detail" => "Detail from a report item on a host"
|
2010-09-20 10:18:25 +08:00
|
|
|
#"nessus_report_tags" => "Not sure what this does yet"
|
|
|
|
#"nessus_report_upload" => "Upload nessusv2 report"
|
|
|
|
|
2010-09-15 16:41:49 +08:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_server_feed
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
if nessus_verify_token
|
|
|
|
@feed, @version, @web_version = @n.feed
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Feed',
|
|
|
|
'Nessus Version',
|
|
|
|
'Nessus Web Version'
|
|
|
|
])
|
|
|
|
tbl << [@feed, @version, @web_version]
|
|
|
|
print_good("Nessus Status")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
def nessus_verify_token
|
|
|
|
if ! @token
|
|
|
|
if ((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
|
|
|
nessus_login
|
|
|
|
return false
|
|
|
|
else
|
|
|
|
print_status("You are not logged in")
|
|
|
|
ncusage
|
|
|
|
return false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
def nessus_verify_db
|
|
|
|
|
|
|
|
if ! (framework.db and framework.db.active)
|
2010-09-15 16:41:49 +08:00
|
|
|
print_error("No database has been configured, please use db_create/db_connect first")
|
|
|
|
return false
|
|
|
|
end
|
2010-09-20 06:18:56 +08:00
|
|
|
|
2010-09-15 16:41:49 +08:00
|
|
|
true
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
def ncusage
|
|
|
|
print_status("Usage: ")
|
2010-09-20 10:18:25 +08:00
|
|
|
print_status(" nessus_connect username:password@hostname:port <ssl ok>")
|
|
|
|
print_status(" Example:> nessus_connect msf:msf@192.168.1.10:8834 ok")
|
2010-09-20 06:18:56 +08:00
|
|
|
return
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_connect(*args)
|
2010-09-20 06:18:56 +08:00
|
|
|
|
2010-09-15 16:41:49 +08:00
|
|
|
if(args.length == 0 or args[0].empty? or args[0] == "-h")
|
2010-09-20 06:18:56 +08:00
|
|
|
ncusage
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
@user = @pass = @host = @port = @sslv = nil
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1,2
|
|
|
|
cred,targ = args[0].split('@', 2)
|
|
|
|
@user,@pass = cred.split(':', 2)
|
|
|
|
targ ||= '127.0.0.1:8834'
|
|
|
|
@host,@port = targ.split(':', 2)
|
|
|
|
@port ||= '8834'
|
|
|
|
@sslv = args[1]
|
|
|
|
when 3,4,5
|
2010-09-20 06:18:56 +08:00
|
|
|
ncusage
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
else
|
2010-09-20 06:18:56 +08:00
|
|
|
ncusage
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if /\/\//.match(@host)
|
2010-09-20 06:18:56 +08:00
|
|
|
ncusage
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! ((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
2010-09-20 06:18:56 +08:00
|
|
|
ncusage
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if(@host != "localhost" and @host != "127.0.0.1" and @sslv != "ok")
|
|
|
|
print_error("Warning: SSL connections are not verified in this release, it is possible for an attacker")
|
|
|
|
print_error(" with the ability to man-in-the-middle the Nessus traffic to capture the Nessus")
|
|
|
|
print_error(" credentials. If you are running this on a trusted network, please pass in 'ok'")
|
|
|
|
print_error(" as an additional parameter to this command.")
|
|
|
|
return
|
|
|
|
end
|
2010-09-20 06:18:56 +08:00
|
|
|
nessus_login
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def nessus_login
|
|
|
|
|
|
|
|
if ! ((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
2010-09-20 06:18:56 +08:00
|
|
|
print_status("You need to connect to a server first.")
|
|
|
|
ncusage
|
|
|
|
exit!
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
2010-09-20 06:18:56 +08:00
|
|
|
@url = "https://#{@host}:#{@port}/"
|
2010-09-15 16:41:49 +08:00
|
|
|
|
2010-09-20 06:18:56 +08:00
|
|
|
print_status("Connecting to #{@url}")
|
|
|
|
@n=NessusXMLRPC::NessusXMLRPC.new(@url,@user,@pass)
|
|
|
|
@token=@n.login(@user,@pass)
|
2010-09-15 16:41:49 +08:00
|
|
|
if @n.logged_in
|
2010-09-20 06:18:56 +08:00
|
|
|
print_status("Authenticated")
|
2010-09-15 16:41:49 +08:00
|
|
|
else
|
|
|
|
print_error("Error connecting/logging to the server!")
|
|
|
|
exit 2
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_report_list
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
if ! nessus_verify_token
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2010-09-15 16:41:49 +08:00
|
|
|
list=@n.report_list_hash
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'ID',
|
|
|
|
'Name',
|
|
|
|
'Status',
|
|
|
|
'Date'
|
|
|
|
])
|
|
|
|
|
|
|
|
list.each {|report|
|
|
|
|
t = Time.at(report['timestamp'].to_i)
|
|
|
|
tbl << [ report['id'], report['name'], report['status'], t.strftime("%H:%M %b %d %Y") ]
|
2010-09-15 16:41:49 +08:00
|
|
|
}
|
2010-09-24 07:17:13 +08:00
|
|
|
print_good("Nessus Report List")
|
2010-09-20 06:18:56 +08:00
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_report_get(*args)
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
if ! nessus_verify_token
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! nessus_verify_db
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2010-09-15 16:41:49 +08:00
|
|
|
if(args.length == 0 or args[0].empty? or args[0] == "-h")
|
2010-09-20 06:18:56 +08:00
|
|
|
print_status("Usage: ")
|
2010-09-20 10:18:25 +08:00
|
|
|
print_status(" nessus_report_get <report id> ")
|
|
|
|
print_status(" use nessus_report_list to list all available reports for importing")
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
rid = nil
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
rid = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
2010-09-20 10:18:25 +08:00
|
|
|
print_status(" nessus_report_get <report id> ")
|
2010-09-24 07:17:13 +08:00
|
|
|
print_status(" use nessus_report_list to list all available reports for importing")
|
2010-09-15 16:41:49 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
content=@n.report_file_download(rid)
|
|
|
|
print_status("importing " + rid)
|
|
|
|
framework.db.import({:data => content})
|
|
|
|
|
|
|
|
end
|
2010-09-20 06:18:56 +08:00
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_scan_status
|
2010-09-24 07:17:13 +08:00
|
|
|
#need to expand this to list policies and templates too.
|
2010-09-20 06:18:56 +08:00
|
|
|
nessus_login
|
|
|
|
list=@n.scan_list_hash
|
|
|
|
if list.empty?
|
|
|
|
print_status("No Scans Running.")
|
|
|
|
print_status("You can:")
|
2010-09-24 07:17:13 +08:00
|
|
|
print_status(" List of completed scans: nessus_report_list")
|
|
|
|
print_status(" Create a scan: nessus_scan_new <policy id> <scan name> <target(s)>")
|
2010-09-20 06:18:56 +08:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
2010-09-20 10:18:25 +08:00
|
|
|
'Scan ID',
|
2010-09-20 06:18:56 +08:00
|
|
|
'Name',
|
2010-09-20 10:18:25 +08:00
|
|
|
'Owner',
|
|
|
|
'Started',
|
|
|
|
'Status',
|
2010-09-20 06:18:56 +08:00
|
|
|
'Current Hosts',
|
|
|
|
'Total Hosts'
|
|
|
|
])
|
|
|
|
|
|
|
|
list.each {|scan|
|
2010-09-20 10:18:25 +08:00
|
|
|
t = Time.at(scan['start'].to_i)
|
|
|
|
tbl << [ scan['id'], scan['name'], scan['owner'], t.strftime("%H:%M %b %d %Y"), scan['status'], scan['current'], scan['total'] ]
|
2010-09-20 06:18:56 +08:00
|
|
|
}
|
|
|
|
print_good("Running Scans")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
$stdout.puts "\n"
|
2010-09-20 10:18:25 +08:00
|
|
|
print_status("You can:")
|
|
|
|
print_good(" Import Nessus report to database : nessus_report_get <reportid>")
|
|
|
|
print_good(" Pause a nessus scan : nessus_scan_pause <scanid>")
|
2010-09-20 06:18:56 +08:00
|
|
|
end
|
|
|
|
|
2010-09-24 07:17:13 +08:00
|
|
|
def cmd_nessus_user_list
|
2010-09-20 06:18:56 +08:00
|
|
|
if ! nessus_verify_token
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
list=@n.users_list
|
|
|
|
print_good("There are #{list.length} users")
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Name',
|
|
|
|
'Is Admin?',
|
|
|
|
'Last Login'
|
|
|
|
])
|
|
|
|
|
|
|
|
list.each {|user|
|
|
|
|
t = Time.at(user['lastlogin'].to_i)
|
|
|
|
tbl << [ user['name'], user['admin'], t.strftime("%H:%M %b %d %Y") ]
|
|
|
|
}
|
|
|
|
print_good("Nessus users")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_server_status
|
2010-09-20 06:18:56 +08:00
|
|
|
#Auth
|
|
|
|
if ! nessus_verify_token
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
#Check if we are an admin
|
|
|
|
if @n.is_admin
|
|
|
|
print_status("Your Nessus user is an admin")
|
|
|
|
end
|
|
|
|
|
|
|
|
#Versions
|
2010-09-20 22:27:34 +08:00
|
|
|
cmd_nessus_server_feed
|
2010-09-20 06:18:56 +08:00
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Users',
|
|
|
|
'Policies',
|
|
|
|
'Running Scans',
|
|
|
|
'Reports',
|
|
|
|
'Plugins'
|
|
|
|
])
|
|
|
|
#Count how many users the server has.
|
|
|
|
list=@n.users_list
|
|
|
|
users = list.length
|
|
|
|
|
|
|
|
#Count how many policies
|
|
|
|
list=@n.policy_list_uids
|
|
|
|
policies = list.length
|
|
|
|
|
|
|
|
#Count how many running scans
|
|
|
|
list=@n.scan_list_uids
|
|
|
|
scans = list.length
|
|
|
|
|
|
|
|
#Count how many reports are available
|
|
|
|
list=@n.report_list_hash
|
|
|
|
reports = list.length
|
|
|
|
|
|
|
|
#Count how many plugins
|
|
|
|
list=@n.plugins_list
|
|
|
|
total = Array.new
|
|
|
|
list.each {|plugin|
|
|
|
|
total.push(plugin['num'].to_i)
|
|
|
|
}
|
|
|
|
plugins = total.sum
|
|
|
|
tbl << [users, policies, scans, reports, plugins]
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
2010-09-20 10:18:25 +08:00
|
|
|
def cmd_nessus_plugin_list
|
2010-09-20 06:18:56 +08:00
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Family Name',
|
|
|
|
'Total Plugins'
|
|
|
|
])
|
|
|
|
list=@n.plugins_list
|
|
|
|
total = Array.new
|
|
|
|
list.each {|plugin|
|
|
|
|
total.push(plugin['num'].to_i)
|
|
|
|
tbl << [ plugin['name'], plugin['num'] ]
|
|
|
|
}
|
|
|
|
plugins = total.sum
|
|
|
|
tbl << [ '', '']
|
|
|
|
tbl << [ 'Total Plugins', plugins ]
|
|
|
|
print_good("Plugins By Family")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
2010-09-20 10:18:25 +08:00
|
|
|
print_status("List plugins for a family : nessus_report_get <family name>")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_new(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 3
|
|
|
|
pid = args[0].to_i
|
|
|
|
name = args[1]
|
|
|
|
tgts = args[2]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_scan_new <policy id> <scan name> <targets>")
|
|
|
|
print_status(" use nessus_policy_list to list all available policies")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
print_status("Creating scan from policy number #{pid}, called \"#{name}\" and scanning #{tgts}")
|
|
|
|
|
|
|
|
scan = @n.scan_new(pid, name, tgts)
|
|
|
|
|
|
|
|
if scan
|
|
|
|
print_status("Scan started. uid is #{scan}")
|
|
|
|
end
|
|
|
|
#need policy id, scan name and targets
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_pause(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
sid = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_scan_pause <scan id>")
|
|
|
|
print_status(" use nessus_scan_status to list all available scans")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pause = @n.scan_pause(sid)
|
|
|
|
|
|
|
|
print_status("#{sid} has been paused")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_resume(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
sid = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_scan_resume <scan id>")
|
|
|
|
print_status(" use nessus_scan_status to list all available scans")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
resume = @n.scan_resume(sid)
|
|
|
|
|
|
|
|
print_status("#{sid} has been resumed")
|
2010-09-20 06:18:56 +08:00
|
|
|
end
|
|
|
|
|
2010-09-24 07:17:13 +08:00
|
|
|
def cmd_nessus_report_hosts(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
rid = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_report_hosts <report id>")
|
|
|
|
print_status(" use nessus_report_list to list all available reports")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Hostname',
|
|
|
|
'Severity',
|
|
|
|
'Sev 0',
|
|
|
|
'Sev 1',
|
|
|
|
'Sev 2',
|
|
|
|
'Sev 3',
|
|
|
|
'Current Progress',
|
|
|
|
'Total Progress'
|
|
|
|
])
|
|
|
|
hosts=@n.report_hosts(rid)
|
|
|
|
hosts.each {|host|
|
|
|
|
tbl << [ host['hostname'], host['severity'], host['sev0'], host['sev1'], host['sev2'], host['sev3'], host['current'], host['total'] ]
|
|
|
|
}
|
|
|
|
print_good("Report Info")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_report_host_ports(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 2
|
|
|
|
host = args[0]
|
|
|
|
rid = args[1]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_report_host_ports <hostname> <report id>")
|
|
|
|
print_status(" use nessus_report_list to list all available reports")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Port',
|
|
|
|
'Protocol',
|
|
|
|
'Severity',
|
|
|
|
'Service Name',
|
|
|
|
'Sev 0',
|
|
|
|
'Sev 1',
|
|
|
|
'Sev 2',
|
|
|
|
'Sev 3'
|
|
|
|
])
|
|
|
|
ports=@n.report_host_ports(rid, host)
|
|
|
|
ports.each {|port|
|
|
|
|
tbl << [ port['portnum'], port['protocol'], port['severity'], port['svcname'], port['sev0'], port['sev1'], port['sev2'], port['sev3'] ]
|
|
|
|
}
|
|
|
|
print_good("Host Info")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_report_host_detail(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 4
|
|
|
|
host = args[0]
|
|
|
|
port = args[1]
|
|
|
|
prot = args[2]
|
|
|
|
rid = args[3]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_report_host_detail <hostname> <port> <protocol> <report id>")
|
|
|
|
print_status(" use nessus_report_host_ports to list all available ports")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Port',
|
|
|
|
'Severity',
|
|
|
|
'PluginID',
|
|
|
|
'Plugin Name',
|
|
|
|
'CVSS2',
|
|
|
|
'Exploit?',
|
|
|
|
'CVE',
|
|
|
|
'Risk Factor',
|
|
|
|
'CVSS Vector'
|
|
|
|
])
|
|
|
|
details=@n.report_host_port_details(rid, host, port, prot)
|
|
|
|
details.each {|detail|
|
|
|
|
tbl << [ detail['port'], detail['severity'], detail['pluginID'], detail['pluginName'], detail['cvss_base_score'] || 'none', detail['exploit_available'] || '.', detail['cve'] || '.', detail['risk_factor'] || '.', detail['cvss_vector'] || '.' ]
|
|
|
|
}
|
|
|
|
print_good("Port Info")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_pause_all
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pause = @n.scan_pause_all
|
|
|
|
|
|
|
|
print_status("All scans have been paused")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_stop(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
sid = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_scan_stop <scan id>")
|
|
|
|
print_status(" use nessus_scan_status to list all available scans")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pause = @n.scan_stop(sid)
|
|
|
|
|
|
|
|
print_status("#{sid} has been stopped")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_stop_all
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pause = @n.scan_stop_all
|
|
|
|
|
|
|
|
print_status("All scans have been stopped")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_scan_resume_all
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pause = @n.scan_resume_all
|
|
|
|
|
|
|
|
print_status("All scans have been resumed")
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_user_add(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! @n.is_admin
|
|
|
|
print_error("Your Nessus user is not an admin")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 2
|
|
|
|
user = args[0]
|
|
|
|
pass = args[1]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_user_add <username> <password>")
|
|
|
|
print_status(" Only adds non admin users")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
add = @n.user_add(user,pass)
|
|
|
|
status = add.root.elements['status'].text
|
|
|
|
if status == "OK"
|
|
|
|
print_good("#{user} has been added")
|
|
|
|
else
|
|
|
|
print_error("#{user} was not added")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_user_del(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! @n.is_admin
|
|
|
|
print_error("Your Nessus user is not an admin")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
user = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_user_del <username>")
|
|
|
|
print_status(" Only dels non admin users")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
del = @n.user_del(user)
|
|
|
|
status = del.root.elements['status'].text
|
|
|
|
if status == "OK"
|
|
|
|
print_good("#{user} has been deleted")
|
|
|
|
else
|
|
|
|
print_error("#{user} was not deleted")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_user_passwd(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! @n.is_admin
|
|
|
|
print_error("Your Nessus user is not an admin")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 2
|
|
|
|
user = args[0]
|
|
|
|
pass = args[1]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_user_passwd <username> <password>")
|
|
|
|
print_status(" User list from nessus_user_list")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
pass = @n.user_pass(user,pass)
|
|
|
|
status = pass.root.elements['status'].text
|
|
|
|
if status == "OK"
|
|
|
|
print_good("#{user}'s password has been changed")
|
|
|
|
else
|
|
|
|
print_error("#{user}'s password has not been changed")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_admin
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if ! @n.is_admin
|
|
|
|
print_error("Your Nessus user is not an admin")
|
|
|
|
else
|
|
|
|
print_good("Your Nessus user is an admin")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_nessus_plugin_family(*args)
|
|
|
|
if ! nessus_verify_token
|
|
|
|
nessus_login
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
case args.length
|
|
|
|
when 1
|
|
|
|
fam = args[0]
|
|
|
|
else
|
|
|
|
print_status("Usage: ")
|
|
|
|
print_status(" nessus_plugin_family <plugin family name>")
|
|
|
|
print_status(" Family list from nessus_plugin_list")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
'Columns' =>
|
|
|
|
[
|
|
|
|
'Plugin ID',
|
|
|
|
'Plugin Name',
|
|
|
|
'Plugin File Name'
|
|
|
|
])
|
|
|
|
|
|
|
|
family = @n.plugin_family(fam)
|
|
|
|
|
|
|
|
family.each {|plugin|
|
|
|
|
tbl << [ plugin['id'], plugin['name'], plugin['filename'] ]
|
|
|
|
}
|
|
|
|
print_good("#{fam} Info")
|
|
|
|
$stdout.puts "\n"
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
end
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The constructor is called when an instance of the plugin is created. The
|
|
|
|
# framework instance that the plugin is being associated with is passed in
|
|
|
|
# the framework parameter. Plugins should call the parent constructor when
|
|
|
|
# inheriting from Msf::Plugin to ensure that the framework attribute on
|
|
|
|
# their instance gets set.
|
|
|
|
#
|
|
|
|
def initialize(framework, opts)
|
|
|
|
super
|
|
|
|
|
|
|
|
# If this plugin is being loaded in the context of a console application
|
|
|
|
# that uses the framework's console user interface driver, register
|
|
|
|
# console dispatcher commands.
|
|
|
|
add_console_dispatcher(ConsoleCommandDispatcher)
|
|
|
|
|
2010-09-20 06:18:56 +08:00
|
|
|
print_status("Nessus Bridge for Nessus 4.2.x")
|
2010-09-15 16:41:49 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The cleanup routine for plugins gives them a chance to undo any actions
|
|
|
|
# they may have done to the framework. For instance, if a console
|
|
|
|
# dispatcher was added, then it should be removed in the cleanup routine.
|
|
|
|
#
|
|
|
|
def cleanup
|
|
|
|
# If we had previously registered a console dispatcher with the console,
|
|
|
|
# deregister it now.
|
|
|
|
remove_console_dispatcher('Nessus')
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# This method returns a short, friendly name for the plugin.
|
|
|
|
#
|
|
|
|
def name
|
|
|
|
"nessus"
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# This method returns a brief description of the plugin. It should be no
|
|
|
|
# more than 60 characters, but there are no hard limits.
|
|
|
|
#
|
|
|
|
def desc
|
|
|
|
"HTTP Bridge to control a Nessus 4.2 scanner."
|
|
|
|
end
|
|
|
|
|
|
|
|
protected
|
|
|
|
end
|
|
|
|
|
2010-09-20 22:27:34 +08:00
|
|
|
end
|