NeXpose is Rapid7’s vulnerability scanner that scans networks to
identify the devices running on them and performs checks to identify
security weaknesses in operating systems and applications.
We will first perform a basic overt scan of our
target and import the vulnerability scan results into Metasploit. We
will close out this section by showing you how to run a NeXpose
vulnerability scan directly from msfconsole rather than using the
web-based GUI.
Configuration:
After installing NeXpose Community, open a web browser and navigate to
https://<youripaddress>:3780
On the NeXpose main page, you will notice a number of tabs at the top
of the interface like Assets tab,Reports tab,Vulnerabilities tab,
Administration tab.
The New Site Wizard :
Prior to running a vulnerability scan with NeXpose, you need to
configure a site. This sites will then be scanned by
NeXpose, and different scan types can be defined for a particular site.
To create a site, click the New Site button on the NeXpose home page,
enter a name for your site and a brief description, and then
click Next.
In the devices step, you have quite a bit of granularity
in defining your targets. You can add a single IP address, address
ranges, hostnames, and more. Click Next when you have finished adding
and excluding devices.
At the scan setup step, you can choose from several different scan templates,
such as Discovery Scan and Penetration test; select the scanning
engine you want to use. click Next to continue.
Add credentials for the site you want to scan, if you have them.
On the Credentials tab, click the New Login button, type a username
and password for the IP address you want to scan, and then click Test
Login to verify your credentials then save them.
The New Report Wizard :
Click New Report, Enter a friendly name, and then in the Report format
field, select NeXpose Simple XML Export so that you will be able to
import the scan results into Metasploit.
Click Next when you are ready to proceed.
In the subsequent window, add the devices you want to be included in
the report by clicking Select Sites to add your scanned target range,
Then click Save.
In the Select Devices dialog, select the targets to include in your
report and then click Save.
Back in the Report Configuration wizard, click Save to accept the
remaining defaults for the report.
Importing Your Report into the Metasploit Framework:
Having completed a full vulnerability scan with NeXpose, you need to
import the results into Metasploit. But before you do, you must create
a new database from msfconsole by issuing db_connect. After creating
that database you’ll import the NeXpose XML using the db_import command.
--------------------
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > db_import /tmp/report.xml
[*] Importing 'NeXpose Simple XML' data
[*] Importing host 192.168.1.195
[*] Successfully imported /tmp/report.xml
msf > db_hosts -c address,svcs,vulns
---------------------------
identify the devices running on them and performs checks to identify
security weaknesses in operating systems and applications.
We will first perform a basic overt scan of our
target and import the vulnerability scan results into Metasploit. We
will close out this section by showing you how to run a NeXpose
vulnerability scan directly from msfconsole rather than using the
web-based GUI.
Configuration:
After installing NeXpose Community, open a web browser and navigate to
https://<youripaddress>:3780
On the NeXpose main page, you will notice a number of tabs at the top
of the interface like Assets tab,Reports tab,Vulnerabilities tab,
Administration tab.
The New Site Wizard :
Prior to running a vulnerability scan with NeXpose, you need to
configure a site. This sites will then be scanned by
NeXpose, and different scan types can be defined for a particular site.
To create a site, click the New Site button on the NeXpose home page,
enter a name for your site and a brief description, and then
click Next.
In the devices step, you have quite a bit of granularity
in defining your targets. You can add a single IP address, address
ranges, hostnames, and more. Click Next when you have finished adding
and excluding devices.
At the scan setup step, you can choose from several different scan templates,
such as Discovery Scan and Penetration test; select the scanning
engine you want to use. click Next to continue.
Add credentials for the site you want to scan, if you have them.
On the Credentials tab, click the New Login button, type a username
and password for the IP address you want to scan, and then click Test
Login to verify your credentials then save them.
The New Report Wizard :
Click New Report, Enter a friendly name, and then in the Report format
field, select NeXpose Simple XML Export so that you will be able to
import the scan results into Metasploit.
Click Next when you are ready to proceed.
In the subsequent window, add the devices you want to be included in
the report by clicking Select Sites to add your scanned target range,
Then click Save.
In the Select Devices dialog, select the targets to include in your
report and then click Save.
Back in the Report Configuration wizard, click Save to accept the
remaining defaults for the report.
Importing Your Report into the Metasploit Framework:
Having completed a full vulnerability scan with NeXpose, you need to
import the results into Metasploit. But before you do, you must create
a new database from msfconsole by issuing db_connect. After creating
that database you’ll import the NeXpose XML using the db_import command.
--------------------
msf > db_connect postgres:toor@127.0.0.1/msf3
msf > db_import /tmp/report.xml
[*] Importing 'NeXpose Simple XML' data
[*] Importing host 192.168.1.195
[*] Successfully imported /tmp/report.xml
msf > db_hosts -c address,svcs,vulns
---------------------------
No comments:
Post a Comment