Nsploit (Popping boxes with Nmap) SecTor 2009

In this talk Ryan Linn (Information Security Engineer at SAS) talks about a new tool  called Nsploit which is  a series of Lua scripts that that allow Nmap to talk to Metasploit.

Nsploit consists of 3 parts-

1)Library- It facilitates all the communication
2)Triggers-Triggers fire when something is detected  .
3)Config-Helps us set the options for the attack.

Basically it helps us to launch targeted attacks against a range of Ip address (remember metasploit autopwn?) But how do we communicate Between Nmap  (port scanner) and Metasploit(Exploitation Framework). Ryan Linn talks about XMLRPC(@root>> load xmlrpc secretkey) which helps us to communicate between Nmap and metasploit using a secret Key( having a 15minute timeout).Ryan linn then shows a demo. He starts metasploit , loads the xmlrpc plugin to  create a listener and then uses Nmap with the --script option to carry out the scan . Nsploit then takes the Information (file is in  /nmap/mselib directory) and sends it to Metasploit which does the rest.In  the demo Ryan linn also talks a lot about the Meterpreter Payload and the Recently developing Nmap modules.

You can download  Nsploit from here. Ryan Linn's blog can be found here. You can download the pdf from  here.

Prateek Gianchandani , 20 is a student dedicated to the field of network security . He has organized a number of workshops and hacking events in his college. Learning more and more about network security always keeps him busy . His favourite passtimes include listening to music,reading novels, playing snooker etc.  He is currently doing B-tech in electrical engineering from the prestigious Indian Institute of technology ,Roorkee. u can contact him at prateek_gian [-at*] yahoo.co..in