Metasploit-framework: Nessus Plugin unable to create new scan
Steps to reproduce
- Load Nessus plugin (load nessus)
- Connect to Nessus server (nessus_connect)
- Create new scan (nessus_scan_new
)
Expected behavior
New scan is created which can then be launched.
Current behavior
msf > nessus_scan_new UUID Test Test IP
[] Creating scan from policy number UUID, called Test - Test and scanning IP
[] New scan added
[-] Error while running command nessus_scan_new: undefined method `[]' for nil:NilClass
Call stack:
/usr/share/metasploit-framework/plugins/nessus.rb:979:in cmd_nessus_scan_new'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:501:inrun_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:453:in block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:ineach'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:151:inrun'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:instart'
/usr/bin/msfconsole:49:in `
System stuff
Nessus versions 7.1.2 and 8.1.0 tested.
Metasploit version
Framework: 4.17.26-dev
Console : 4.17.26-dev
I installed Metasploit with:
Kali package via apt
OS
Kali GNU/Linux Rolling
baltimoremd
All 21 comments
State altering requests are protected with a new mechanism since Nessus version 7.0. I sent a pull request to the maintainer of nessus_rest-ruby to handle that new protection (see https://github.com/kost/nessus_rest-ruby/pull/7).
Once it gets merged, I'll create a PR for metasploit-framework in order to get Nessus scan management back :)
With the fixed version of nessus_rest-ruby I can manage scans on Nessus 7.x/8.x with the latest version of Metasploit:
msf5 > nessus_scan_new xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx test test 127.0.0.1
[*] Creating scan from policy number xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, called test - test and scanning 127.0.0.1
[*] New scan added
[*] Use nessus_scan_launch 312 to launch the scan
Scan ID Scanner ID Policy ID Targets Owner
------- ---------- --------- ------- -----
312 1 311 127.0.0.1 admin
msf5 > nessus_scan_launch 312
[+] Scan ID 312 successfully launched. The Scan UUID is xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
msf5 > nessus_scan_pause 312
[*] 312 has been paused
msf5 > nessus_scan_stop 312
[*] 312 has been stopped
QKaiser
on 12 Jan 2019
Same to me
daxueba
on 27 Mar 2019
Thank you for this temporary fix @QKaiser.
I fixed this file in /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rb and now it works like a charm.
Hackndo
on 1 Jul 2019
I have the same issue in Metasploit installed in Kali. Can someone please tell me what should I do?
plutonic88
on 15 Oct 2019
Hi,
I have this same issue:
what should I do?
k4n4n
on 23 Oct 2019
@k4n4n the fix is still not included in nessus_rest library which means it still won't work in Metasploit.
What you could do is replace the file directly on your installation. On Kali Linux, you would do the following:
curl "https://raw.githubusercontent.com/QKaiser/nessus_rest-ruby/nessus-protected-api-support/lib/nessus_rest.rb" > /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rb
Please note that this is a really hacky hot fix and I don't recommend doing it.
QKaiser
on 25 Oct 2019
@bcoles @wvu-r7 @space-r7 the Nessus integration in Metasploit has been broken for more than a year now. The fix is available since January 2019 but was never merged in the third party library you rely on for Nessus integration.
Anything Rapid7 team can do ? Maybe create its own fork of nessus_rest-ruby to merge the fix into it ? I'd do it but I have no experience with gem publishing.
QKaiser
on 25 Oct 2019
@QKaiser I'll see if we can take a look at this in the next few weeks.
ccondon-r7
on 23 Feb 2020
So I tried the "hacky" and not-recommended fix above and landed a new error on connecting to nessus v8.9.0:
nessus_connect msf:msf@kali:8834
[-] Error while running command nessus_connect: uninitialized constant Msf::Plugin::Nessus::ConsoleCommandDispatcher::NessusREST
Call stack:
/usr/share/metasploit-framework/plugins/nessus.rb:165:in `nessus_login'
/usr/share/metasploit-framework/plugins/nessus.rb:388:in `cmd_nessus_connect'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/usr/share/metasploit-framework/lib/msf/ui/web/console.rb:76:in `block in initialize'
/usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
any ideas?
DanielSCrouch
on 25 Feb 2020
So I tried the "hacky" and not-recommended fix above and landed a new error on connecting to nessus v8.9.0:
nessus_connect msf:msf@kali:8834[-] Error while running command nessus_connect: uninitialized constant Msf::Plugin::Nessus::ConsoleCommandDispatcher::NessusREST Call stack: /usr/share/metasploit-framework/plugins/nessus.rb:165:in `nessus_login' /usr/share/metasploit-framework/plugins/nessus.rb:388:in `cmd_nessus_connect' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run' /usr/share/metasploit-framework/lib/msf/ui/web/console.rb:76:in `block in initialize' /usr/share/metasploit-framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'any ideas?
Yes. I provided bad instructions. The wget command does not work like curl, so when you ran the command I provided above it created an empty file (/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rb). That's why you get an unitialized constant for NessusREST.
Can you try with curl instead ?
curl "https://raw.githubusercontent.com/QKaiser/nessus_rest-ruby/nessus-protected-api-support/lib/nessus_rest.rb" > /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rb
Thanks for pointing this out, I edited my previous instructions.
QKaiser
on 25 Feb 2020
@QKaiser excellent!!! Works perfectly so far. Very much appreciate the fix and immediate response - university project owes you a mention :)
DanielSCrouch
on 25 Feb 2020
Further to above fix, directory of broken file on Ubuntu 18.04 is as follows. Works as expect.
/opt/metasploit-framework/embedded/lib/ruby/gems/2.6.0/gems/nessus_rest-0.1.6/lib#
DanielSCrouch
on 29 Feb 2020
Hey folks, we took a look at this and it seems like changes Tenable made to its API support mean that Nessus version 7 and later (presumably) can't support this integration. This should still work with Nessus 6 and below, but it looks like a further-reaching fix is out of our hands for now. Tenable docs here: https://community.tenable.com/s/article/The-differences-between-Nessus-6-and-Nessus-7
@QKaiser's fix may be a workaround for those looking for an out-of-band solution!
ccondon-r7
on 2 Mar 2020
The fix provided by @QKaiser stopped working today. Anyone else experienced the same issue?
DanielSCrouch
on 3 Mar 2020
The fix provided by @QKaiser stopped working today. Anyone else experienced the same issue?
Can you elaborate ? I haven't seen breaking updates with Nessus 8.9.1
QKaiser
on 5 Mar 2020
The fix provided by @QKaiser stopped working today. Anyone else experienced the same issue?
Can you elaborate ? I haven't seen breaking updates with Nessus 8.9.1
Hi, thanks for the reply. The bug seems intermittent and is likely linked to editing the policy name in the UI policy configurations (and or attempting to run an incorrect scan name from Metasploit at an earlier stage)
I recreated the policy, restarted Nessus and restarted the OS, then re-ran the scan from Metasploit - turn things off and on enough and evidently they work.
Here's the trace anyway:
[*] Creating scan from policy number bbd4f805-3966-d464-b2d1-0079eb89d69708c3a05ec2812bcf, called host_scan_policy - none and scanning 10.91.251.173
[*] New scan added
[-] Error while running command nessus_scan_new: undefined method `[]' for nil:NilClass
Call stack:
/opt/metasploit-framework/embedded/framework/plugins/nessus.rb:979:in `cmd_nessus_scan_new'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/opt/metasploit-framework/embedded/framework/lib/rex/ui/text/shell.rb:158:in `run'
/opt/metasploit-framework/embedded/framework/lib/msf/ui/web/console.rb:76:in `block in initialize'
/opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:106:in `block in spawn'
@QKaiser Well Done! I tried your workaround, it works perfect for Nessus 8.10.0 (#232) LINUX on Kali Daily image. Really appreciate for your excellent work!
yuanzhel
on 31 Mar 2020
As pointed out here https://github.com/kost/nessus_rest-ruby/pull/7#issuecomment-716829764 my fix no longer works starting from Nessus 8.12 due to a change in token format. I'll update the code this week to support that change.
QKaiser
on 27 Oct 2020
Fix is now working again, let me know if you encounter any issues.
msf6 > load nessus
[*] Nessus Bridge for Metasploit
[*] Type nessus_help for a command listing
[*] Successfully loaded plugin: Nessus
msf6 > nessus_connect quentin:[email protected]:8834
[*] Connecting to https://192.168.121.7:8834/ as quentin
[*] User quentin authenticated successfully.
msf6 > nessus_server_
nessus_server_properties nessus_server_status
msf6 > nessus_server_properties
Feed Type Nessus Version Nessus Web Version Plugin Set Server UUID
---- ---- -------------- ------------------ ---------- -----------
Nessus Essentials 18.11.2 8.12.0 202010280530 60ebbaaa-2c2a-ad49-f76f-923735b7253b194bfb12223231e2
msf6 > nessus_scan_new 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 test test 127.0.0.1
[*] Creating scan from policy number 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65, called test - test and scanning 127.0.0.1
[*] New scan added
[*] Use nessus_scan_launch 14 to launch the scan
Scan ID Scanner ID Policy ID Targets Owner
------- ---------- --------- ------- -----
14 1 13 127.0.0.1 quentin
@QKaiser , i have tried the following curl "https://raw.githubusercontent.com/QKaiser/nessus_rest-ruby/nessus-protected-api-support/lib/nessus_rest.rb" > /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rb
and still got the error mentioned above.
xovoxxtipsy
on 23 Nov 2020
@QKaiser , i have tried the following curl
"https://raw.githubusercontent.com/QKaiser/nessus_rest-ruby/nessus-protected-api-support/lib/nessus_rest.rb" > /usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/nessus_rest-0.1.6/lib/nessus_rest.rband still got the error mentioned above.
Which version of Nessus are you using ? Did you re-launch msfconsole ? Are you running msfconsole on Kali linux ?
QKaiser
on 23 Nov 2020
Related issues
bcoles
路
3Comments
Sonya2010
路
3Comments
XSecr3t
路
3Comments
0x27
路
3Comments
Acidical
路
3Comments
Most helpful comment
@QKaiser I'll see if we can take a look at this in the next few weeks.