documentation/modules/auxiliary/scanner/nessus/nessus_rest_login.md
This module will attempt to authenticate to a Nessus server's RPC interface.
use auxiliary/scanner/nessus/nessus_rest_loginusername and password options, or pass a list via user_file and pass_file optionsrun[+] 127.0.0.1:8834 - Successful: nessus:4x15pa$$w0rd
This is a summary of installation steps for downloading, installing and running Nessus on Debian. They are as follows:
dpkg -i Nessus-<version number>-debian6_amd64.debsystemctl start nessusd command.Try blank passwords for all users
How fast to bruteforce, from 0 to 5
Try each user/password couple stored in the current database
Add all passwords in the current database to the list
Add all users in the current database to the list
Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
A specific password to authenticate with
File containing passwords, one per line
Stop guessing when a credential works for a host
The path to the Nessus server login API
The number of concurrent threads (max one per host)
A specific username to authenticate as
File containing users and passwords separated by space, one pair per line
Try the username as the password for all users
File containing usernames, one per line
Whether to print output for all attempts
HTTP server virtual host
msf > use scanner/nessus/nessus_rest_login
msf auxiliary(scanner/nessus/nessus_rest_login) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf auxiliary(scanner/nessus/nessus_rest_login) > set password N0tpassword!
password => N0tpassword!
msf auxiliary(scanner/nessus/nessus_rest_login) > set username notuser
username => notuser
msf auxiliary(scanner/nessus/nessus_rest_login) > run
[*] Attempting to login to /stop using password list
[+] 127.0.0.1:8834 - Success: 'notuser:N0tpassword'!
[*] Auxiliary module execution completed
msf auxiliary(scanner/nessus/nessus_rest_login) >