ST

In this talk Ryan Linn (Information Security Engineer at SAS) talks about a new tool  called Nsploit which is  a series of Lua scripts that that allow Nmap to talk to Metasploit.

Nsploit consists of 3 parts-

1)Library- It facilitates all the communication
2)Triggers-Triggers fire when something is detected  .
3)Config-Helps us set the options for the attack.

Basically it helps us to launch targeted attacks against a range of Ip address (remember metasploit autopwn?) But how do we communicate Between Nmap  (port scanner) and Metasploit(Exploitation Framework). Ryan Linn talks about XMLRPC(@root>> load xmlrpc secretkey) which helps us to communicate between Nmap and metasploit using a secret Key( having a 15minute timeout).Ryan linn then shows a demo. He starts metasploit , loads the xmlrpc plugin to  create a listener and then uses Nmap with the --script option to carry out the scan . Nsploit then takes the Information (file is in  /nmap/mselib directory) and sends it to Metasploit which does the rest.In  the demo Ryan linn also talks a lot about the Meterpreter Payload and the Recently developing Nmap modules.