This is a quick post about importing nessus6 scan results into metasploit. This can be very useful for adding a ton of information into a new Metsploit database, or adding to information you already have (eg importing results from a weekly or monthly scan of a website / web server)
To import your Nessus results into Metasploit, there are a few steps that you have to complete, in order:
1) start msfconsole from your terminal
msfconsole
inside msfconsole, start the nessus module
load nessus
Once the Nessus module has loaded, connect to your Nessus server
nessus_connect user:password@127.0.0.1:8834
Now that you have a connection to your running Nessus server, you can show all the scans that have completed with the following:
nessus_scan_list
This tutorial is about importing nessus6 scan results into metasploit, so the most important command is this – you can then import any of the completed Nessus scans with:
nessus_db_import scan_ID
There are a number of additional commands that you can run for help inside the nessus module:
# to get a list of all the things you can do nessus help# to show all your policies nessus_policy_list#to start a new scan nessus_scan_new# to show all the completed scans nessus_scan_list#to import a scan into metasploit database nessus_db_import (scan_ID)
You can initiate nessus scans through msfconsole too with the nessus_scan_new command, and alter / add new policies, etc. Nessus is a great tool as a baseline for your website checking, and makes a great addition to metasploit (and numerous static-analysis tools) – especially when used as part of a QA process when developing webistes. It can be very time-consuming, but using metasploit and nessus you can set these up on a QA box and have them run periodically against your assets and can deal with their results accordingly!
If you enjoy this tutorial, please check out my metasploit tutorials below
Sources: Tenable
