Research and Development

AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI.

Key features

  • Handles the new .nessus xml based file output
  • Keeps up to date with new Metasploit exploits as you update MSF database
  • Python based for easy access and speed

Overview

The AMES tool passes the new style .nessus xml file output from Nessus scanning software, it will then locate any exploit based on the CVE reported. The Tool will then build a selection of command lines that the user can easily copy and paste to use. Since metasploit removed the autopwn feature this is as point and click exploit that can be used.

Requirements

  • Python
  • Metasploit Framework

In addition to these you will need to edit the ames.py file and update the location of your Metasploit Trunk and save it.

Optional requirements

Nessus is only required if you wish to perform your own scans and generate reports, it is not a requirement to run the tool against reports generated elsewhere.

  • Nessus

Installation

Download the script and run, there is no installation required for this tool.

Usage

On your first run you will see the following error:

First Run Error
image-3796

First Run Error

This is just a reminder that you need to edit the ames.py file and replace the “Trunk = ” line with the location for your Metasploit trunk location.

Trunk Update
image-3797

Trunk Update

Once your Trunk location has been set in ames.py you can then use the tool as below.

$ python ames.py [nessus report file]

Copy and paste the relevant exploit you wish to attempt.

Examples

Example
image-3798

Example

Here you can see that AMES has discovered some expoilts and sorted them, just copy and paste the msfcli command line

System Example
image-3799

System Example

Here we see one of the command lines copy and pasted and successfully exploit a system discovered by Nessus.

Ames Py
ames.py.tgz
February 21, 2014
2.1 KiB
MD5 hash: f2efb955fa5b083bc9065a486f049488
Details

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)