Metasploit and Nessus

Metasploit provides flexibility to penetration testers as it can support some of the most important tools inside the framework like Nessus and Nmap. You can initiate Nessus scans directly from the metasploit console, import existing scans and actually operate Nessus from inside the framework.

The main advantage is that the information is centralized between these tools since Nessus and Nmap scans are stored in the Metasploit database in an organized manner. Therefore it is possible to launch a Nessus scan via Metasploit, identify a vulnerability and then execute the appropriate exploit without leaving the framework and saving pentesting time.

The first step is to start and connect the postgresql database to Metasploit:

screenshot-from-2016-09-26-03-40-28

Starting the Database and Verification of Connectivity

If the database is not created you can initiate it with the following command:

screenshot-from-2016-09-27-11-49-14

Building the Metasploit Database

Then you can load the Nessus plugin:

screenshot-from-2016-09-26-13-58-59

Load Nessus Inside Metasploit

Before you can operate Nessus via Metasploit you need to authenticate with your existing credentials:

screenshot-from-2016-09-26-03-46-50

Nessus Authentication via Metasploit

Metasploit requires the policy UUID before the creation of a new nessus scan and the scan ID in order to execute it:

launching-nessus-scans-metasploit

Launching a Nessus Scan

When the scan is finished the list of vulnerabilities that Nessus has discovered can be generated:

list-vulnerabilities-nessus-metasploit

Listing Nessus Vulnerabilities

Metasploit can divide also the number of findings by host and criticality:

list-of-issues-by-host-nessus-metasploit

List of Findings by Host

Existing Nessus scans can also imported to Metasploit.

screenshot-from-2016-09-28-21-02-44

Importing existing Nessus Scan to Metasploit Database

Running Nessus or Nmap via Metasploit in a large pentest can help the penetration tester to manage his results effectively, save project time and therefore to conduct a quality assessment.

List of Tools for Pentest Rookies

It is difficult sometimes for someone without any experience that he wants to join the field of the penetration testing to establish which tools he should know as a starting point. Based on what the industry usually expects from rookies during the interview or in their first year if they join the company that is hiring, the following list has been created as a pointer with the most common tools.

These tools can cover the basics in an infrastructure and in a web application penetration test. Of course all of these should be used in a safe lab environment and not across the Internet.