John, This is fantastic information. I cannot thank you enough for the time you took to share this knowledge with me and the community!
Anatoly On Jun 11, 2011 5:12 PM, "Jonathan Cran" <[email protected]> wrote: > On 06/11/2011 02:10 PM, Jim Halfpenny wrote: >> Has anyone ever looked into scripting/automating community or commercial >> > security scanners? Are there utilities which anyone found helpful to support >> > this? How effective and what aspects of automation have you been able to >> > achieve, auto execution of regularly-scheduled scans, or creation and >> > modification of new scans, targets, and outputs of reports? >> > Anatoly > You'll want to take a look at the nexpose, nessus, and openvas API > wrappers in the Metasploit Framework. You'll find them directly under > the lib directory. Props to their creators, (hdm/jabra, zate, and Vlatko > Kosturjak respectively) i'm only conveying the usage info. > > There's a number of ways you can integrate this code into your own > workflow: > > 1) Directly use the libraries in your own ruby scripts - > > For the nexpose library, specifically take a look at the > cmd_nexpose_scan function, this should give you 80% of what you need to > start running scans via ruby. > > The nessus lib has some nice usage examples directly in the library: > > require 'nessus-xmlrpc' > n=NessusXMLRPC::NessusXMLRPC.new('https://localhost:8834','user','pass'); > if n.logged_in > id,name = n.policy_get_first > puts "using policy ID: " + id + " with name: " + name > uid=n.scan_new(id,"textxmlrpc","127.0.0.1") > puts "status: " + n.scan_status(uid) > while not n.scan_finished(uid) > sleep 10 > end > content=n.report_file_download(uid) > File.open('report.xml', 'w') {|f| f.write(content) } > end > > > Take a look at the plugins/ directory for more examples of how to use > the libraries. If you're not familiar w/ ruby, irb is an awesome way to > play around w/ a library while getting familiar with it. Nessus library > has some nice usage in the library: > > jcran@disko$: irb -r openvas-omp.rb > irb> vas = OpenVASOMP.new(user=>'openvas',password=>'[password]') > ## connect to localhost:9390 > irb> vas.version_get ## return the OpenVAS version > irb> > > > fwiw, the openVAS api seems somewhat unnecessarily complicated to me > > > 2) Use framework RC scripts to drive the code (which in turn, drives the > vulnscanner API) > > This is a quick way to hammer out a couple working scripts you can stick > in a cronjob, but it also gives you the least control. Depends on what > you're looking for. Here's an example of an RC file that connects to > nexpose & runs a scan: > > # Connect to a postgres db so we can save / auto-import results > db_connect msf3:[password]@localhost:5432/msf3 > # Load the Nexpose Plugin > load nexpose > # Connect to the host > nexpose_connect nxadmin:[password]@sob ok > # Run a scan w/ default settings > nexpose_scan 10.0.0.0/24 > # say bye bye! > exit -y > > you could then create a .sh which calls the rc: > #!/bin/bash > /path/to/framework/msfconsole -r nexpose_scan.rc > > > 3) Use the command line client (nessus-only) > > The nessus plugin / library also includes cli interface (hell yeah) > which is pretty sexy if you're looking to quick way to automate stuff -- > and there's some great examples of usage in the README: > > ./nessus-cli.rb --user user --password pass --scan localhost-scan --wait > 5 -D --output report-localhost.xml --target 127.0.0.1 --verbose --policy > mypolicy --url https://localhost:8834 > > > Hope it helps! > > > jcran > > -- > Jonathan Cran > [email protected] > 515.890.0070 >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
