前面讲了在外面如何使用Nessus,但是bash下使用绝对是王道,有可能没有UI的界面和操作简便,但是需要的环境较为简单,还是学一下!
1.登录!以及之前的准备
当然,首先你还是需要先下载好Nessus,我的实验是发现不下载的话我无法开启一些列服务的,Metasploit应该只是调用了它的一个接口吧!(如果有错误欢迎指正!),具体需要如何配置请看我之前的文章
http://blog.csdn.net/qq_35078631/article/details/76160336
万物之始我们需要开启Nessus服务,然后使用Metasploit中的登录,首先要
load nessus
加载模块,然后登录
nessus_connect username:passwrod@localhost:8834 ok
注意这里面的usernmae和password是之前Nessus申请的帐号哈。如果没有也应该使用命令行建立也是可以的,这里就不实验了。
申请链接成功后是这样的
msf > nessus_connect Assassin:password@localhost:8834 ok
[*] Connecting to https://localhost:8834/ as Assassin
[*] User Assassin authenticated successfully.
然后我们看一下help,输入指令
nessus_help
然后这里贴一下help的内容
Command Help Text
------- ---------
Generic Commands
----------------- -----------------
nessus_connect Connect to a Nessus server
nessus_logout Logout from the Nessus server
nessus_login Login into the connected Nesssus server with a different username and password
nessus_save Save credentials of the logged in user to nessus.yml
nessus_help Listing of available nessus commands
nessus_server_properties Nessus server properties such as feed type, version, plugin set and server UUID.
nessus_server_status Check the status of your Nessus Server
nessus_admin Checks if user is an admin
nessus_template_list List scan or policy templates
nessus_folder_list List all configured folders on the Nessus server
nessus_scanner_list List all the scanners configured on the Nessus server
Nessus Database Commands
----------------- -----------------
nessus_db_scan Create a scan of all IP addresses in db_hosts
nessus_db_scan_workspace Create a scan of all IP addresses in db_hosts for a given workspace
nessus_db_import Import Nessus scan to the Metasploit connected database
Reports Commands
----------------- -----------------
nessus_report_hosts Get list of hosts from a report
nessus_report_vulns Get list of vulns from a report
nessus_report_host_details Get detailed information from a report item on a host
Scan Commands