![]() ![]() Now if you configure your Nessus scanner to target 203.0.113.11 or , SSH will be redirected to the port bound on the scanning box, which in turn will proxy via the bastion and hit the ultimate target. Configure Nessus to not ping the remote host (it’s behind the bastion box, so won’t succeed):.Redirect any SSH traffic destined to the target 203.0.113.11 to the locally bound port:.Set up an SSH connection to your ultimate target (using SSH proxy config), binding port 22 on the target to your scanning box:.In a pinch it is possible to hack around this problem by tricking the Nessus scanner into thinking it’s scanning the remote host when it is in fact connecting via a port bound to the localhost. Binding a port to localhost and pointing Nessus to 127.0.0.1 is also not an option as Nessus handles scanning localhost in a different way and will report issues with the scanning box itself. This is a problem when scanning remote hosts behind a bastion box, especially when it is not possible to bind or connect to a new port to the bastion box due to firewall rules. Unfortunately, Nessus does not support SSH proxying. SSH’ing to will proxy the connection via the bastion. An example of a SSH proxy file is below: Host SSH Proxying is a neat way to bounce via a bastion host to a target within a network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |