Currently the infrastructure admin sends us a a note or a request for scheduling scans but they are expecting to schedule scans on their own which I am trying to build a UI/API for them to just schedule a scan without directly logging into Nexpose. Can I use any API or Nexpose supports only a few? Looking for a automated approach rather than a manual one
Posted by MJ 7 months ago
Hello, i need an sql query which will produce the total amount of assets scanned, total amount assets scanned which were successfully authenticated, which were unsuccessfully authenticated, and which were not attempted to authenticate due to lack of authentication parameters. I saw separate queries that will provide me that data but i need it all in one report is it possible? Thanks.
Posted by Maxim Vovk 7 months ago
On a number of machines Windows 10 and Windows 7 scan results are showing "Partial Credential Success". I created an inbound rule to the firewall for RPC Endpoint mapper, also created firewall rules for WMI, and enabled the registry key for AllowRemoteRPC. This resolved the issue for 2/5 test machines. When comparing Wireshark logs of a working machine and a machine which is showing the credential failure with these changes in place. Both machines send a bind request for ISystemActivator and request a remote instance + receive a response. On the working device it then binds to IRemUnknown2 and does a bunch of queries via IWbemServices on the machine which is not working it instead binfs to IOXIDResolver and does a Complex Ping then moves on to another part of the Nexpose Scan skipping the additional queries. I've been at this for a couple of days, is there documentation somewhere I am missing with a list of services which must be running for this to function properly? I believe I am past this being a firewall issue as I don't see anything that appears to be getting blocked in wireshark but I could be wrong. Any assistance in location documentation for proper configuration on machines to be scanned would be greatly appreciated.
Posted by Shane Burke 7 months ago
Hi Mark, Do we still need a scan engine setup in one of the host on network if we already have agent installed on all the hosts (assets) that we want to scan? if answer is no , then how does communication between a agent and console needs to be established. I understand the distributed scan engine, scans assets over the network while this engine is paired with console through which we run the scan and get the vulnerability information. How is agent in this case if different from engine?
Posted by RamaKrishna 7 months ago
Is it possible to create a report that excludes vulnerabilities posted after a certain date? Ex. patching occurs on a Monday, new vulnerability comes out on a Tuesday, report is ran on a Wednesday showing that devices are non-compliant.
Posted by Hunter Brindley 7 months ago
Good day, Is there a query we can run in Nexpose that can present the data as organized below? The result being that the rows of IP Addresses/Servers can match the column of the applications risk score (i.e. Server1 has risks in both Adobe Reader and Flash). Thanks in advance. D Laden IP Name Operating System Vulnerabilities Risk Java Adobe Reader Adobe Flash Microsoft Wire Shark 192.168.1.1 SERVER1 Server 2008 R2, Enterprise Edition 581 235907 169935 61554 192.168.1.2 SERVER2 Server 2008 R2, Standard Edition 691 209365 71453 128586 6141 192.168.1.3 SERVER3 Server 2012 R2 Standard Edition 384 204333 21536 170173 7161 192.168.1.4 SERVER4 Server 2008 Enterprise Edition 190 204323 111046 87541 192.168.1.5 SERVER5 Server 2012 R2 Standard Edition 612 196834 189088 192.168.1.6 SERVER6 Server 2012 R2 Standard Edition 603 192990 186932 192.168.1.7 SERVER7 Server 2012 R2 Standard Edition 592 189127 182663 192.168.1.8 SERVER8 Server 2012 R2 Standard Edition 622 187238 176151 5852 192.168.1.9 SERVER9 Server 2012 R2 Standard Edition 327 186298 2593 170174 8217 192.168.1.10 SERVER1 Server 2008 R2, Enterprise Edition 563 185495 179753
Posted by Drew Laden 7 months ago
Hi, I'm learning to use Metasploit on a publicly accessible over openvpn CTF machine. I cannot get reverse shell using Metasploit, where I’m very confident that should work - people in forum confirm this. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me? My ifconfig: eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.x.x.x netmask 255.255.255.0 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ... tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y ... I know from forum I should user tun0 IP. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same. I use tun interface. What could be a problem in your opinion? I tried to exploit multiple times. I did set TARGET and set PAYLOAD and set LHOST again. I reseted target machine multiple times, but no luck – no session. But the same worked - only once. I cannot understand this. Current status: msf exploit(exploit) > exploit [] Started reverse TCP handler on 10.y.y.y:4444 [] Exploit completed, but no session was created. msf exploit(exploit) > show options Module options (exploit): Name Current Setting Required Description ---- --------------- -------- ----------- PATH / yes Path to target webapp Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST targetIP yes The target address RPORT 80 yes The target port (TCP) SRVHOST 10.y.y.y yes Callback host for accepting connections SRVPORT 9000 yes Port to listen for the debugger SSL false no Negotiate SSL/TLS for outgoing connections VHOST no HTTP server virtual host Payload options (php/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 10.y.y.y yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name 0 Automatic There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit? Thanks
Posted by Roman Graf 7 months ago
Using /api/3/asset_groups/{id}/assets you can delete assets from a static asset group but it doesn't work with dynamic groups. Is there a parameter to delete all assets in a dynamic asset group? https://help.rapid7.com/insightvm/en-us/api/index.html#operation/removeAllAssetsFromAssetGroup
Posted by Justin Krueger 7 months ago
Currently we are using AD discovery, but it looks like the Automated Trigger features when using DHCP discovery could be very helpful especially with assets that are not always on the network or users are not on the VPN during the configured scan times. My first question is does using DHCP discovery cause any performance issues with the DHCP server or is it not a noticeable difference? My second question is if using DHCP discovery, should I remove my AD discovery connection as well or will having both of these complement each other? Currently AD discovery is causing duplicate assets on some devices if they get placed into a different OU in active directory. Since the asset Identifier displays the OU that the PC is placed in, moving this causes rapid7 to view it as a new device.
Posted by Andrew Vaughan 7 months ago
I am trying to conduct a Full Audit (without any credentials) using Nexpose on a system in a VM. However when I try to "Save and Scan" the following error appears: An error was encountered processing your request. Source page: /scan.jsp Error code: 500 Error message: An unexpected error occurred. See the log file for more information or contact support.
Posted by SUH 7 months ago
I have Nexpose installed in a Windows 7 VM. I am trying to scan a customized Linux OS (which is also in a VM) through Nexpose. SSH is running in the customized Linux OS. However the discovery scan shows "Discovered Instances of this Service" on port 22. Why is it not able to read it as SSH service? Also when I try to conduct the Full Audit, it gives the following error: "com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused: connect" when tryinh to test the credentials. Can you please guide? Thank you in advance.
Posted by SUH 7 months ago
Has anyone uninstalled the insight agent remotely on a windows machine? I need to do a mass uninstall and I'm trying to it via the command line or a batch script. I don't see any uninstall file to call. Does anyone have any ideas? Thanks, Catie
Posted by Catie Dick 7 months ago