Class: Metasploit::Framework::LoginScanner::Nessus

Inherits:
HTTP
  • Object
show all
Defined in:
lib/metasploit/framework/login_scanner/nessus.rb

Constant Summary collapse

DEFAULT_PORT =
8834
PRIVATE_TYPES =
[ :password ]
LIKELY_SERVICE_NAMES =
[ 'nessus' ]
LOGIN_STATUS =

Shorter name

Metasploit::Model::Login::Status

Constants inherited from HTTP

HTTP::DEFAULT_REALM, HTTP::DEFAULT_SSL_PORT, HTTP::LIKELY_PORTS, HTTP::REALM_KEY

Instance Attribute Summary

Attributes inherited from HTTP

#digest_auth_iis, #evade_header_folding, #evade_method_random_case, #evade_method_random_invalid, #evade_method_random_valid, #evade_pad_fake_headers, #evade_pad_fake_headers_count, #evade_pad_get_params, #evade_pad_get_params_count, #evade_pad_method_uri_count, #evade_pad_method_uri_type, #evade_pad_post_params, #evade_pad_post_params_count, #evade_pad_uri_version_count, #evade_pad_uri_version_type, #evade_uri_dir_fake_relative, #evade_uri_dir_self_reference, #evade_uri_encode_mode, #evade_uri_fake_end, #evade_uri_fake_params_start, #evade_uri_full_url, #evade_uri_use_backslashes, #evade_version_random_invalid, #evade_version_random_valid, #http_password, #http_username, #method, #ntlm_domain, #ntlm_send_lm, #ntlm_send_ntlm, #ntlm_send_spn, #ntlm_use_lm_key, #ntlm_use_ntlmv2, #ntlm_use_ntlmv2_session, #uri, #user_agent, #vhost

Instance Method Summary collapse

Methods inherited from HTTP

#send_request

Instance Method Details

#attempt_login(credential) ⇒ Result

Attempts to login to Nessus.

Parameters:

Returns:

  • (Result)

    A Result object indicating success or failure


63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 63

def (credential)
  result_opts = {
    credential: credential,
    status: Metasploit::Model::Login::Status::INCORRECT,
    proof: nil,
    host: host,
    port: port,
    protocol: 'tcp'
  }

  begin
    result_opts.merge!((credential.public, credential.private))
  rescue ::Rex::ConnectionError => e
    # Something went wrong during login. 'e' knows what's up.
    result_opts.merge!(status: LOGIN_STATUS::UNABLE_TO_CONNECT, proof: e.message)
  end

  Result.new(result_opts)
end

#check_setupBoolean

Checks if the target is a Tenable Nessus server.

Returns:

  • (Boolean)

    TrueClass if target is Nessus server, otherwise FalseClass


19
20
21
22
23
24
25
26
27
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 19

def check_setup
   = "/server/properties"
  res = send_request({'uri'=> })
  if res && res.body.include?('Nessus')
    return true
  end

  false
end

#get_login_state(username, password) ⇒ Hash

Actually doing the login. Called by #attempt_login

Parameters:

  • username (String)

    The username to try

  • password (String)

    The password to try

Returns:

  • (Hash)
    • :status [Metasploit::Model::Login::Status]

    • :proof [String] the HTTP response body


36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 36

def (username, password)
   = "#{uri}"

  res = send_request({
    'uri' => ,
    'method' => 'POST',
    'vars_post' => {
      'username' => username,
      'password' => password
    }
  })

  unless res
    return {:status => LOGIN_STATUS::UNABLE_TO_CONNECT, :proof => res.to_s}
  end
  if res.code == 200 && res.body =~ /token/
    return {:status => LOGIN_STATUS::SUCCESSFUL, :proof => res.body.to_s}
  end

  {:status => LOGIN_STATUS::INCORRECT, :proof => res.to_s}
end

#set_sane_defaultsObject


83
84
85
86
87
88
# File 'lib/metasploit/framework/login_scanner/nessus.rb', line 83

def set_sane_defaults
  super
  # nessus_rest_login has the same default in TARGETURI, but rspec doesn't check nessus_rest_login
  # so we have to set the default here, too.
  self.uri = '/session'
end