Research and Development

AMES is a tool to parse the new Nessus output files and autogenerate an easy to copy and paste command line exploit using Metasploit CLI.

Key features

  • Handles the new .nessus xml based file output
  • Keeps up to date with new Metasploit exploits as you update MSF database
  • Python based for easy access and speed


The AMES tool passes the new style .nessus xml file output from Nessus scanning software, it will then locate any exploit based on the CVE reported. The Tool will then build a selection of command lines that the user can easily copy and paste to use. Since metasploit removed the autopwn feature this is as point and click exploit that can be used.


  • Python
  • Metasploit Framework

In addition to these you will need to edit the file and update the location of your Metasploit Trunk and save it.

Optional requirements

Nessus is only required if you wish to perform your own scans and generate reports, it is not a requirement to run the tool against reports generated elsewhere.

  • Nessus


Download the script and run, there is no installation required for this tool.


On your first run you will see the following error:

First Run Error

First Run Error

This is just a reminder that you need to edit the file and replace the “Trunk = ” line with the location for your Metasploit trunk location.

Trunk Update

Trunk Update

Once your Trunk location has been set in you can then use the tool as below.

$ python [nessus report file]

Copy and paste the relevant exploit you wish to attempt.




Here you can see that AMES has discovered some expoilts and sorted them, just copy and paste the msfcli command line

System Example

System Example

Here we see one of the command lines copy and pasted and successfully exploit a system discovered by Nessus.

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)