root@hi:~# service postgresql start\n[ ok ] Starting PostgreSQL 9.1 database server: main.\nroot@hi:~# service metasploit start\n[ ok ] Starting Metasploit rpc server: prosvc.\n[ ok ] Starting Metasploit web server: thin.\n[ ok ] Starting Metasploit worker: worker.<\/pre>\n\u8fdb\u5165\u547d\u4ee4\u884c\u754c\u9762\uff1a<\/p>\n
root@hi:~# msfconsole<\/p>\n
msf >\u00a0help \u00a0 \u00a0#\u53ef\u7528\u4e8e\u5728\u4e0d\u719f\u6089\u7684\u60c5\u51b5\u4e0b\u67e5\u770b\u6709\u54ea\u4e9b\u53ef\u7528\u547d\u4ee4\n\nCore Commands\n=============\n\nCommand Description\n------- -----------\n? Help menu\nback Move back from the current context\nbanner Display an awesome metasploit banner\ncd Change the current working directory\ncolor Toggle color\nconnect Communicate with a host\nedit Edit the current module with $VISUAL or $EDITOR\nexit Exit the console\ngo_pro Launch Metasploit web GUI\ngrep Grep the output of another command\nhelp Help menu\ninfo Displays information about one or more module\nirb Drop into irb scripting mode\njobs Displays and manages jobs\nkill Kill a job\nload Load a framework plugin\nloadpath Searches for and loads modules from a path\nmakerc Save commands entered since start to a file\npopm Pops the latest module off the stack and makes it active\nprevious Sets the previously loaded module as the current module\npushm Pushes the active or list of modules onto the module stack\nquit Exit the console\nreload_all Reloads all modules from all defined module paths\nresource Run the commands stored in a file\nroute Route traffic through a session\nsave Saves the active datastores\nsearch Searches module names and descriptions\nsessions Dump session listings and display information about sessions\nset Sets a variable to a value\nsetg Sets a global variable to a value\nshow Displays modules of a given type, or all modules\nsleep Do nothing for the specified number of seconds\nspool Write console output into a file as well the screen\nthreads View and manipulate background threads\nunload Unload a framework plugin\nunset Unsets one or more variables\nunsetg Unsets one or more global variables\nuse Selects a module by name\nversion Show the framework and console library version numbers\n\n\nDatabase Backend Commands\n=========================\n\nCommand Description\n------- -----------\ncreds List all credentials in the database\ndb_connect Connect to an existing database\ndb_disconnect Disconnect from the current database instance\ndb_export Export a file containing the contents of the database\ndb_import Import a scan result file (filetype will be auto-detected)\ndb_nmap Executes nmap and records the output automatically\ndb_rebuild_cache Rebuilds the database-stored module cache\ndb_status Show the current database status\nhosts List all hosts in the database\nloot List all loot in the database\nnotes List all notes in the database\nservices List all services in the database\nvulns List all vulnerabilities in the database\nworkspace Switch between database workspaces\n\n\nAuxiliary Commands\n==================\n\nCommand Description\n------- -----------\ncheck Check to see if a target is vulnerable\nexploit This is an alias for the run command\npry Open a Pry session on the current module\nreload Reloads the auxiliary module\nrerun Reloads and launches the auxiliary module\nrexploit This is an alias for the rerun command\nrun Launches the auxiliary module<\/pre>\n\u52a0\u8f7dNessus\u6a21\u5757\uff1a<\/p>\n
msf>\u00a0\n\nmsf> load nessus\n[*] Nessus Bridge for Metasploit 1.1\n[+] Type nessus_help for a command listing\n[*] Successfully loaded plugin: nessus\nmsf> nessus_help\n[*]\nCommand Help Text\n------- ---------\nGeneric Commands\n----------------- -----------------\nnessus_connect Connect to a nessus server\nnessus_save Save nessus login info between sessions\nnessus_logout Logout from the nessus server\nnessus_help Listing of available nessus commands\nnessus_server_status Check the status of your Nessus Server\nnessus_admin Checks if user is an admin\nnessus_server_feed Nessus Feed Type\nnessus_find_targets Try to find vulnerable targets from a report\nnessus_server_prefs Display Server Prefs\n\nReports Commands\n----------------- -----------------\nnessus_report_list List all Nessus reports\nnessus_report_get Import a report from the nessus server in Nessus v2 format\nnessus_report_vulns Get list of vulns from a report\nnessus_report_hosts Get list of hosts from a report\nnessus_report_host_ports Get list of open ports from a host from a report\nnessus_report_host_detail Detail from a report item on a host\n\nScan Commands\n----------------- -----------------\nnessus_scan_new Create new Nessus Scan\nnessus_scan_status List all currently running Nessus scans\nnessus_scan_pause Pause a Nessus Scan\nnessus_scan_pause_all Pause all Nessus Scans\nnessus_scan_stop Stop a Nessus Scan\nnessus_scan_stop_all Stop all Nessus Scans\nnessus_scan_resume Resume a Nessus Scan\nnessus_scan_resume_all Resume all Nessus Scans\n\nPlugin Commands\n----------------- -----------------\nnessus_plugin_list Displays each plugin family and the number of plugins\nnessus_plugin_family List plugins in a family\nnessus_plugin_details List details of a particular plugin\n\nUser Commands\n----------------- -----------------\nnessus_user_list Show Nessus Users\nnessus_user_add Add a new Nessus User\nnessus_user_del Delete a Nessus User\nnessus_user_passwd Change Nessus Users Password\n\nPolicy Commands\n----------------- -----------------\nnessus_policy_list List all polciies\nnessus_policy_del Delete a policy\n\n[*]<\/pre>\n\u67e5\u770b\u626b\u63cf\u72b6\u6001\uff1a<\/p>\n
msf> nessus_scan_status\n[*] You must do this before any other commands.\n[*] Usage:\n[*] nessus_connect username:password@hostname:port <ssl ok>\n[*] Example:> nessus_connect msf:msf@192.168.1.10:8834 ok\n[*] OR\n[*] nessus_connect username@hostname:port <ssl ok>\n[*] Example:> nessus_connect msf@192.168.1.10:8834 ok\n[*] OR\n[*] nessus_connect hostname:port <ssl ok>\n[*] Example:> nessus_connect 192.168.1.10:8834 ok\n[*] OR\n[*] nessus_connect\n[*] Example:> nessus_connect\n[*] This only works after you have saved creds with nessus_save<\/pre>\n\u63d0\u793a\u4f60\u9700\u8981\u5148\u767b\u9646\u624d\u53ef\u8fdb\u884c\u626b\u63cf\u4ee5\u53ca\u67e5\u770b\u626b\u63cf\u72b6\u6001\uff08\u9700\u8981\u7528\u5230\u4e4b\u524d\u7684\u8d26\u53f7\uff09\uff1a<\/p>\n
msf> nessus_connect root:root_Pass@localhost:8834\n\n[*] Connecting to https:\/\/localhost:8834\/ as root\n[*] Authenticated<\/pre>\n\u67e5\u770b\u767b\u5f55\u5e10\u53f7\u7684\u626b\u63cf\u60c5\u51b5\uff1a<\/p>\n
msf> nessus_scan_status\n[+] Running Scans\n[+]\n\nScan ID Name Owner Started Status Current Hosts Total Hosts\n------- ---- ----- ------- ------ ------------- -----------\n30000bc6-6e40-ab8e-36ad-f1c4aca48198ba7e1aca9c506f0c local_scan root 13:19 Feb 24 2014 running 253 254\n\n[+]\n\n[*] You can:\n[+] Import Nessus report to database : nessus_report_get <reportid>\n[+] Pause a nessus scan : nessus_scan_pause <scanid>\nmsf> nessus_user_list\n[+] There are 1 users\n[+] Nessus users\n[+]\n\nName Is Admin? Last Login\n---- --------- ----------\nroot TRUE 13:43 Feb 24 2014<\/pre>\n\u67e5\u770b\u626b\u63cf\u7b56\u7565\uff08\u4f60\u53ef\u4ee5\u81ea\u5df1\u53bb\u6839\u636e\u6a21\u7248\u65b0\u5efa\uff09\uff1a<\/p>\n
msf> nessus_policy_list\n[+] Nessus Policy List\n[+]\n\nID Name Comments\n-- ---- --------\n-1 scan_android\n1 10.10.10.1-92___1st\n2 xxx\n3 192.168.1.102\n4 192.168.179.138<\/pre>\n\u521a\u770b\u4e86\u4e00\u4e0bNessus\u7684\u5b98\u7f51\u4ecb\u7ecd\uff0c\u8bf4\u7684\u662f\uff1a\u5185\u5efa\u7684\u626b\u63cf\u7b56\u7565\u663e\u793a\u4e3a\u8d1f\u6570\uff0c\u7528\u6237\u81ea\u5df1\u5efa\u7acb\u7684\u626b\u63cf\u7b56\u7565ID\u4e3a\u4ece1\u5f00\u59cb\u7684\u6b63\u6570\uff08\u6240\u4ee5\u4e0a\u9762\u7684\u90a3\u4e2a\u626b\u63cf\u7b56\u7565scan_android\u7684ID\u4e3a-1\uff0c\u4e0d\u8fc7\u6211\u4e5f\u4e0d\u8bb0\u5f97\u662f\u4e0d\u662f\u81ea\u5df1\u5efa\u7684o(\u256f\u25a1\u2570)o\uff09\uff1b
\n\u8fd9\u91cc\u6211\u4eec\u4f7f\u7528\u6211\u4eec\u81ea\u5df1\u5efa\u7acb\u7684\u626b\u63cf\u7b56\u7565ID\u4e3a2\u7684\u7b56\u7565\u6765\u8fdb\u884c\u626b\u63cf\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u521b\u5efa\u540d\u4e3a\u201cscan_innerNet\u201d\u7684\u626b\u63cf\u4efb\u52a1\uff1a<\/p>\n
msf > nessus_scan_new 2 scan_innerNet 192.168.1.101\n[*] Creating scan from policy number 2, called \"scan_innerNet\" and scanning 192.168.1.101\n[*] Scan started. uid is d9e7hcea-bec9-5d3d-6bd8-23eb6e7e5895f63871982c9e2aa2<\/pre>\n\u67e5\u770b\u626b\u63cf\u63d2\u4ef6\u5217\u8868\uff08\u53ef\u4ee5\u770b\u51fa\u53ef\u7528\u7684\u626b\u63cf\u63d2\u4ef6\u8fd8\u662f\u5f88\u591a\u7684\uff09\uff1a<\/p>\n
msf> nessus_plugin_list\n[+] Plugins By Family\n[+]\n\nFamily Name Total Plugins\n----------- -------------\n\nAIX Local Security Checks 11031\nAmazon Linux Local Security Checks 259\nBackdoors 94\nBrute force attacks 26\nCGI abuses 2784\nCGI abuses : XSS 529\nCISCO 413\nCentOS Local Security Checks 1603\nDNS 76\nDatabases 324\nDebian Local Security Checks 2811\nDefault Unix Accounts 86\nDenial of Service 103\nFTP 233\nFedora Local Security Checks 6524\nFirewalls 109\nFreeBSD Local Security Checks 2383\nGain a shell remotely 268\nGeneral 162\nGentoo Local Security Checks 1810\nHP-UX Local Security Checks 1963\nJunos Local Security Checks 65\nMacOS X Local Security Checks 512\nMandriva Local Security Checks 2663\nMisc. 652\nMobile Devices 25\nNetware 14\nOracle Linux Local Security Checks 1573\nPeer-To-Peer File Sharing 68\nPolicy Compliance 8\nPort scanners 7\nRPC 36\nRed Hat Local Security Checks 2790\nSCADA 3\nSMTP problems 130\nSNMP 30\nScientific Linux Local Security Checks 1545\nService detection 401\nSettings 57\nSlackware Local Security Checks 655\nSolaris Local Security Checks 3308\nSuSE Local Security Checks 5265\nTotal Plugins 60032\nUbuntu Local Security Checks 2280\nVMware ESX Local Security Checks 83\nWeb Servers 791\nWindows 2582\nWindows : Microsoft Bulletins 870\nWindows : User management 28\n\n[*] List plugins for a family : nessus_plugin_family <family name><\/pre>\n\u626b\u63cf\u6682\u505c\u547d\u4ee4\uff08\u4f60\u53ef\u4ee5\u8bd5\u8bd5\uff0cnessus_scan_pause\u547d\u4ee4\u9700\u8981\u5e26\u53c2\u6570\uff0cnessus_scan_pause_all\u547d\u4ee4\u7528\u4e8e\u7ec8\u6b62\u6240\u6709\u6b63\u5728\u8fdb\u884c\u7684\u626b\u63cf\uff09\uff1a<\/p>\n
msf> nessus_scan_pause\nnessus_scan_pause nessus_scan_pause_all\nmsf> nessus_scan_pause -h\n[*] Usage:\n[*] nessus_scan_pause <scan id>\n[*] Example:> nessus_scan_pause f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca\n[*]\n[*] Pauses a running scan\n[*] use nessus_scan_status to list all available scans\nmsf> nessus_scan_pause 30000bc6-6e40-ab8e-36ad-f1c4aca48198ba7e1aca9c506f0c\n[*] 30000bc6-6e40-ab8e-36ad-f1c4aca48198ba7e1aca9c506f0c has been paused<\/pre>\n\u91cd\u542f\u626b\u63cf\uff1a<\/p>\n
msf> nessus_scan_resume -h\n[*] Usage:\n[*] nessus_scan_resume <scan id>\n[*] Example:> nessus_scan_resume f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca\n[*]\n[*] resumes a running scan\n[*] use nessus_scan_status to list all available scans\nmsf> nessus_scan_resume 30000bc6-6e40-ab8e-36ad-f1c4aca48198ba7e1aca9c506f0c\n[*] 30000bc6-6e40-ab8e-36ad-f1c4aca48198ba7e1aca9c506f0c has been resumed<\/pre>\n\u6742\u9879\uff08\u8fd9\u4e2a\u9700\u8981\u81ea\u5df1\u6162\u6162\u719f\u6089\uff0c\u6709\u4e9b\u8fd8\u662f\u5f88\u6709\u7528\u7684\uff01\uff09\uff1a<\/p>\n
msf> nessus_plugin_family\u00a0\n\n[*] Usage:\n[*] nessus_plugin_family <plugin family name>\n[*] list all plugins from a Family from nessus_plugin_list\nmsf> nessus_server_status\n[+] Nessus Status\n[+]\n\nFeed Nessus Version Nessus Web Version\n---- -------------- ------------------\nHomeFeed 5.2.4 5.0.0 (Build H20130829A)\n\n[+]\n\nUsers Policies Running Scans Reports Plugins\n----- -------- ------------- ------- -------\n1 5 1 13 60032\n\nmsf> nessus_server_feed\n[+] Nessus Status\n[+]\n\nFeed Nessus Version Nessus Web Version\n---- -------------- ------------------\nHomeFeed 5.2.4 5.0.0 (Build H20130829A)\n\nmsf> nessus_help\n[*]\nCommand Help Text\n------- ---------\nGeneric Commands\n----------------- -----------------\nnessus_connect Connect to a nessus server\nnessus_save Save nessus login info between sessions\nnessus_logout Logout from the nessus server\nnessus_help Listing of available nessus commands\nnessus_server_status Check the status of your Nessus Server\nnessus_admin Checks if user is an admin\nnessus_server_feed Nessus Feed Type\nnessus_find_targets Try to find vulnerable targets from a report\nnessus_server_prefs Display Server Prefs\n\nReports Commands\n----------------- -----------------\nnessus_report_list List all Nessus reports\nnessus_report_get Import a report from the nessus server in Nessus v2 format\nnessus_report_vulns Get list of vulns from a report\nnessus_report_hosts Get list of hosts from a report\nnessus_report_host_ports Get list of open ports from a host from a report\nnessus_report_host_detail Detail from a report item on a host\n\nScan Commands\n----------------- -----------------\nnessus_scan_new Create new Nessus Scan\nnessus_scan_status List all currently running Nessus scans\nnessus_scan_pause Pause a Nessus Scan\nnessus_scan_pause_all Pause all Nessus Scans\nnessus_scan_stop Stop a Nessus Scan\nnessus_scan_stop_all Stop all Nessus Scans\nnessus_scan_resume Resume a Nessus Scan\nnessus_scan_resume_all Resume all Nessus Scans\n\nPlugin Commands\n----------------- -----------------\nnessus_plugin_list Displays each plugin family and the number of plugins\nnessus_plugin_family List plugins in a family\nnessus_plugin_details List details of a particular plugin\n\nUser Commands\n----------------- -----------------\nnessus_user_list Show Nessus Users\nnessus_user_add Add a new Nessus User\nnessus_user_del Delete a Nessus User\nnessus_user_passwd Change Nessus Users Password\n\nPolicy Commands\n----------------- -----------------\nnessus_policy_list List all polciies\nnessus_policy_del Delete a policy\n\n[*]\nmsf> nessus_admin\n[+] Your Nessus user is an admin\nmsf> nessus_find_targets\n[-] Unknown command: nessus_find_targets.\nmsf> nessus_find_targets\n[-] Unknown command: nessus_find_targets.\nmsf> nessus_server_\nnessus_server_feed nessus_server_prefs nessus_server_status\nmsf> nessus_server_prefs\n[+] Nessus Server Pref List\n[+]\n\nName Value\n---- -----\nallow_post_scan_editing yes\nauto_enable_dependencies yes\nauto_update yes\ncgi_path \/cgi-bin:\/scripts\nchecks_read_timeout 5\nfeed_type HomeFeed\nlisten_address 0.0.0.0\nlisten_port 1241\nlog_whole_attack no\nmax_checks 5\nmax_hosts 100\nnon_simult_ports 139, 445, 3389\noptimize_test yes\nplugin_selection.family.AIX Local Security Checks enabled\nplugin_selection.family.Amazon Linux Local Security Checks enabled\nplugin_selection.family.Backdoors enabled\nplugin_selection.family.Brute force attacks enabled\nplugin_selection.family.CGI abuses enabled\nplugin_selection.family.CGI abuses : XSS enabled\nplugin_selection.family.CISCO enabled\nplugin_selection.family.CentOS Local Security Checks enabled\nplugin_selection.family.DNS enabled\nplugin_selection.family.Databases enabled\nplugin_selection.family.Debian Local Security Checks enabled\nplugin_selection.family.Default Unix Accounts enabled\nplugin_selection.family.Denial of Service disabled\nplugin_selection.family.FTP enabled\nplugin_selection.family.Fedora Local Security Checks enabled\nplugin_selection.family.Firewalls enabled\nplugin_selection.family.FreeBSD Local Security Checks enabled\nplugin_selection.family.Gain a shell remotely enabled\nplugin_selection.family.General enabled\nplugin_selection.family.Gentoo Local Security Checks enabled\nplugin_selection.family.HP-UX Local Security Checks enabled\nplugin_selection.family.Junos Local Security Checks enabled\nplugin_selection.family.MacOS X Local Security Checks enabled\nplugin_selection.family.Mandriva Local Security Checks enabled\nplugin_selection.family.Misc. enabled\nplugin_selection.family.Mobile Devices enabled\nplugin_selection.family.Netware enabled\nplugin_selection.family.Oracle Linux Local Security Checks enabled\nplugin_selection.family.Peer-To-Peer File Sharing enabled\nplugin_selection.family.Policy Compliance enabled\nplugin_selection.family.RPC enabled\nplugin_selection.family.Red Hat Local Security Checks enabled\nplugin_selection.family.SCADA enabled\nplugin_selection.family.SMTP problems enabled\nplugin_selection.family.SNMP enabled\nplugin_selection.family.Scientific Linux Local Security Checks enabled\nplugin_selection.family.Service detection enabled\nplugin_selection.family.Settings enabled\nplugin_selection.family.Slackware Local Security Checks enabled\nplugin_selection.family.Solaris Local Security Checks enabled\nplugin_selection.family.SuSE Local Security Checks enabled\nplugin_selection.family.Ubuntu Local Security Checks enabled\nplugin_selection.family.VMware ESX Local Security Checks enabled\nplugin_selection.family.Web Servers enabled\nplugin_selection.family.Windows enabled\nplugin_selection.family.Windows : Microsoft Bulletins enabled\nplugin_selection.family.Windows : User management enabled\nplugin_upload yes\nplugins_timeout 320\nport_range default\nreduce_connections_on_congestion no\nreport_crashes yes\nsafe_checks yes\nsilent_dependencies yes\nslice_network_addresses no\nssl_cipher_list strong\nstop_scan_on_disconnect no\nstop_scan_on_hang no\nthrottle_scan yes\nuse_kernel_congestion_detection no\nxmlrpc_listen_port 8834\n\n\nmsf> nessus_scan_\nnessus_scan_new nessus_scan_pause_all nessus_scan_resume_all nessus_scan_stop\nnessus_scan_pause nessus_scan_resume nessus_scan_status nessus_scan_stop_all\nmsf> nessus_scan_new -h\n[*] Usage:\n[*] nessus_scan_new <policy id> <scan name> <targets>\n[*] Example:> nessus_scan_new 1 \"My Scan\" 192.168.1.250\n[*]\n[*] Creates a scan based on a policy id and targets.\n[*] use nessus_policy_list to list all available policies\nmsf><\/pre>\n\u53ef\u4f9b\u53c2\u8003\u7684\u6587\u7ae0\uff1a<\/p>\n
http:\/\/www.tenable.com\/blog\/using-nessus-and-metasploit-together<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Metasploit\u4f5c\u4e3a\u4e00\u4e2a\u5927\u7684\u6846\u67b6\uff0c\u505a\u7684\u662f\u975e\u5e38\u7ed9\u529b\uff0c\u4e0d\u4ec5\u81ea\u5df1\u6709\u4f17\u591a\u7684\u6a21\u5757\u53ef\u4f9b\u4f7f\u7528\uff0c\u800c\u4e14\u8fd8\u53ef\u4ee5\u548c\u5176\u4ed6\u7684\u51e0\u4e2a\u5b89\u5168 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,25,12],"tags":[30,70,69,71],"class_list":["post-80","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","category-tools","tag-linux","tag-metasploit","tag-nessus","tag-tools"],"views":5468,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/80","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=80"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/80\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=80"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=80"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=80"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}