安装配置nessus
下载nessus
# 安装
dpkg -i Nessus-8.1.0-debian6_amd64.deb
# 开启nessus服务
systemctl start nessusd.service
# 登陆浏览器
https://kali:8834
# 配置用户名和密码
nessustest
Nessus123
# 输入邮件中的激活码
B9D7-****-4B76-****-*****
加载使用nessus
# 进入metasploit
msfconsoel
# 加载nessus
load nessus
msf > load nessus
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
# 查看nessus帮助指令
nessus_help
msf > nessus_help
Command Help Text
------- ---------
Generic Commands
----------------- -----------------
nessus_connect Connect to a Nessus server
nessus_logout Logout from the Nessus server
nessus_login Login into the connected Nesssus server with a different username and password
nessus_save Save credentials of the logged in user to nessus.yml
nessus_help Listing of available nessus commands
nessus_server_properties Nessus server properties such as feed type, version, plugin set and server UUID.
nessus_server_status Check the status of your Nessus Server
nessus_admin Checks if user is an admin
nessus_template_list List scan or policy templates
nessus_folder_list List all configured folders on the Nessus server
nessus_scanner_list List all the scanners configured on the Nessus server
Nessus Database Commands
----------------- -----------------
nessus_db_scan Create a scan of all IP addresses in db_hosts
nessus_db_scan_workspace Create a scan of all IP addresses in db_hosts for a given workspace
nessus_db_import Import Nessus scan to the Metasploit connected database
Reports Commands
----------------- -----------------
nessus_report_hosts Get list of hosts from a report
nessus_report_vulns Get list of vulns from a report
nessus_report_host_details Get detailed information from a report item on a host
Scan Commands
----------------- -----------------
nessus_scan_list List of all current Nessus scans
nessus_scan_new Create a new Nessus Scan
nessus_scan_launch Launch a newly created scan. New scans need to be manually launched through this command
nessus_scan_pause Pause a running Nessus scan
nessus_scan_pause_all Pause all running Nessus scans
nessus_scan_stop Stop a running or paused Nessus scan
nessus_scan_stop_all Stop all running or paused Nessus scans
nessus_scan_resume Resume a pasued Nessus scan
nessus_scan_resume_all Resume all paused Nessus scans
nessus_scan_details Return detailed information of a given scan
nessus_scan_export Export a scan result in either Nessus, HTML, PDF, CSV, or DB format
nessus_scan_export_status Check the status of an exported scan
Plugin Commands
----------------- -----------------
nessus_plugin_list List all plugins in a particular plugin family.
nessus_family_list List all the plugin families along with their corresponding family IDs and plugin count.
nessus_plugin_details List details of a particular plugin
User Commands
----------------- -----------------
nessus_user_list Show Nessus Users
nessus_user_add Add a new Nessus User
nessus_user_del Delete a Nessus User
nessus_user_passwd Change Nessus Users Password
Policy Commands
----------------- -----------------
nessus_policy_list List all polciies
nessus_policy_del Delete a policy
# 连接nessus
nessus_connect
msf > nessus_connect nessustest:Nessus123@127.0.0.1:8834
[*] Connecting to https://127.0.0.1:8834/ as nessustest
[*] User nessustest authenticated successfully.
# 查看扫描策略
# 首先需要在页面上新建扫描策略
nessus_policy_list
msf > nessus_policy_list
Policy ID Name Policy UUID
--------- ---- -----------
4 web Applicatin c3cbcd46-329f-a9ed-1077-554f8c2af33d0d44f09d736969bf
5 basic scan ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66
# 建立一个新的扫描
nessus_scan_new policy_uuid 名称(给当前扫描起一个名字) 简单描述 目标IP
msf > nessus_scan_new ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66 scan_122 haha 192.168.10.122
[*] Creating scan from policy number ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66, called scan_122 - haha and scanning 192.168.10.122
[*] New scan added
[*] Use nessus_scan_launch 7 to launch the scan
Scan ID Scanner ID Policy ID Targets Owner
------- ---------- --------- ------- -----
7 1 6 192.168.10.122 nessustest
# 查看扫描列表
nessus_scan_list
msf > nessus_scan_list
Scan ID Name Owner Started Status Folder
------- ---- ----- ------- ------ ------
7 scan_122 nessustest empty 3
# 执行扫描
nessus_scan_launch 扫描列表ID
msf > nessus_scan_launch 7
[+] Scan ID 7 successfully launched. The Scan UUID is f742a188-7c28-3ce9-a625-e384eb3c2aca6b024dadbc5ac64a
# 查看扫描是否执行
nessus_scan_list
msf > nessus_scan_list
Scan ID Name Owner Started Status Folder
------- ---- ----- ------- ------ ------
7 scan_122 nessustest running 3
# 查看扫描的详细信息:进入,信息,主机,漏洞,历史等
nessus_scan_details
msf > nessus_scan_details 7 info
Status Policy Scan Name Scan Targets Scan Start Time Scan End Time
------ ------ --------- ------------ --------------- -------------
running Advanced Scan scan_122 192.168.10.122 1544001807
#
msf > nessus_scan_details 7 hosts
Host ID Hostname % of Critical Findings % of High Findings % of Medium Findings % of Low Findings
------- -------- ---------------------- ------------------ -------------------- -----------------
2 192.168.10.122 10 1 3 1
#
msf > nessus_scan_details 7 vulnerabilities
Plugin ID Plugin Name Plugin Family Count
--------- ----------- ------------- -----
10079 Anonymous FTP Enabled FTP 1
10092 FTP Server Detection Service detection 1
10107 HTTP Server Type and Version Web Servers 1
10114 ICMP Timestamp Request Remote Date Disclosure General 1
10150 Windows NetBIOS / SMB Remote Host Information Disclosure Windows 1
10287 Traceroute Information General 1
# 扫描执行完毕,将nessu扫描结果导入metasploit
nessus_db_import 扫描列表ID
msf > nessus_db_import 7
[*] Exporting scan ID 7 is Nessus format...
[+] The export file ID for scan ID 7 is 112652931
[*] Checking export status...
[*] Export status: loading
[*] Export status: ready
[*] The status of scan ID 7 export is ready
[*] Importing scan results to the database...
[*] Importing data of 192.168.10.122
[+] Done
# 查看漏洞
nessus_report_vulns 扫描列表ID
msf > nessus_report_vulns 7
Plugin ID Plugin Name Plugin Family Vulnerability Count
--------- ----------- ------------- -------------------
10079 Anonymous FTP Enabled FTP 1
10092 FTP Server Detection Service detection 1
10107 HTTP Server Type and Version Web Servers 1
10114 ICMP Timestamp Request Remote Date Disclosure General 1
10150 Windows NetBIOS / SMB Remote Host Information Disclosure Windows 1
10287 Traceroute Information General 1
10394 Microsoft Windows SMB Log In Possible Windows 1
10395 Microsoft Windows SMB Shares Enumeration Windows 1
10397 Microsoft Windows SMB LanMan Pipe Server Listing Disclosure Windows 1
10736 DCE Services Enumeration Windows 6
10785 Microsoft Windows SMB NativeLanManager Remote System Information Disclosure Windows 1
11011 Microsoft Windows SMB Service Detection Windows 2
11808 MS03-026: Microsoft RPC Interface Buffer Overrun (823980) (uncredentialed check) Windows 1
11835 MS03-039: Microsoft RPC Interface Buffer Overrun (824146) (uncredentialed check) Windows 1
11936 OS Identification General 1
12209 MS04-011: Security Update for Microsoft Windows (835732) (uncredentialed check) Windows 1
19506 Nessus Scan Information Settings 1
20094 VMware Virtual Machine Detection General 1
21334 MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow DoS (913580) (uncredentialed check) Windows 1
22034 MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (uncredentialed check) Windows 1
22194 MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (uncredentialed check) Windows 1
24260 HyperText Transfer Protocol (HTTP) Information Web Servers 1
24786 Nessus Windows Scan Not Performed with Admin Privileges Settings 1
25220 TCP/IP Timestamps Supported General 1
26917 Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry Windows 1
26920 Microsoft Windows SMB NULL Session Authentication Windows 1
34324 FTP Supports Cleartext Authentication FTP 1
34477 MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (ECLIPSEDWING) (uncredentialed check) Windows 1
35362 MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (uncredentialed check) Windows 1
35716 Ethernet Card Manufacturer Detection Misc. 1
43111 HTTP Methods Allowed (per directory) Web Servers 1
45590 Common Platform Enumeration (CPE) General 1
54615 Device Type General 1
57608 SMB Signing not required Misc. 1
59373 WellinTech KingView History Server Detection SCADA 1
84729 Microsoft Windows Server 2003 Unsupported Installation Detection Windows 1
86420 Ethernet MAC Addresses General 1
90510 MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527) (Badlock) (uncredentialed check) Windows 1
96982 Server Message Block (SMB) Protocol Version 1 Enabled (uncredentialed check) Misc. 1
97833 MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check) Windows 1
97994 Microsoft IIS 6.0 Unsupported Version Detection Web Servers 1
100871 Microsoft Windows SMB Versions Supported (remote check) Windows 1
106716 Microsoft Windows SMB2 Dialects Supported (remote check) Windows 1
108797 Unsupported Windows OS Windows 1
110723 No Credentials Provided Settings 1
117886 Local Checks Not Enabled (info) Settings 1
网友评论