I would like to create a script that applies an exception to an asset group. I have noted that Ruby does not have this as a "scope" option. ALL_INSTANCES = 'All Instances' ALL_INSTANCES_ON_A_SPECIFIC_ASSET = 'All Instances on a Specific Asset' ALL_INSTANCES_IN_A_SPECIFIC_SITE = 'All Instances in a Specific Site' SPECIFIC_INSTANCE_OF_SPECIFIC_ASSET = 'Specific Instance of Specific Asset' The API guide looks like it might: The type of the exception scope. One of: "Global", "Site", "Asset", "Asset Group", "Instance" Can someone confirm that 1. The API does have this feature and 2. is there plans to add this to Ruby. To be clear I don't want a script that looks for a dynamic asset group and applies an exception to every asset in the group. I want this applied at the asset group level.
Posted by Joseph Chapie 10 months ago
Hi there, I'm looking to produce a report showing all missing Microsoft patches - old and new naming schemes - but sorted oldest to newest, ideally the report would have the following columns: Asset Name, Patch Name, Patch Release Date, Last Scanned. I am not particularity good with SQL to be able to accomplish this, can someone help me out?
Posted by Anton 10 months ago
I'm receiving this error when I try to upgrade nexpose: "Update failed. Try again later or contact Technical Support.1 errors occurred during update. Detail: Update ID 961068857 is missing package or dependency. 0 downloaded. 0 approved. 0 applied. 0 total new." I'm not sure what dependency is it looking for. I am using Ubuntu
Posted by Dustin C 10 months ago
We are attempting to deploy the Insight Agent to be used with InsightVM, we have deployed it to 5 machines and after several days our system still shows 0 machines with agents. Is there something special that has to be done after installing to work with InsightVM??
Posted by Brian Carroll 10 months ago
Hello, I have big problem with metasploit database. I have upgraded my distro and installed packages and I'm running now postgresql 10. As from now, i can see the postgresql service is active. I then run msfdb init and I get this A database appears to be already configured, skipping initialization I run msfconsole but then the connection error shows up: Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? finally if i type db_status i get "postgresql selected, no connection" On the forums it is written that you need to fix the postgresql file.conf, but I don't have this file, although all packages are installed. I will be very grateful if someone will help me.
Posted by Demon13 10 months ago
Hi We have been running the scan on our systems many times and even after we have implemented the recommended settings the vulnerability is showing up. However the exploit count column shows 0 for these vulnerabilities. Base on the online document I understand the Exploit Count indicates the number of exploits associated with the vulnerability. Could you please explain what this means : 1. Does it mean if the count is 0 then we no longer have this exploit in the system ? 2. Can we safely ignore the vulnerablity? Appreciate if you could provide a quick response on the same. Thanks & regards ravinder
Posted by Ravinder 10 months ago
I am using Nexpose community edition trail version. Which API do i need to use to login to Nexpose. I have searched into the API documentation provided in the help icon in the Nexpose security console (Nexpose GUI) but i could not find any API related to login. Can any one please help me here?
Posted by Suhas 10 months ago
I am trying to download a large report using the Nexpose Python API. However I get a memory error when running the script. Any Help would be great! Traceback (most recent call last): File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 61, in <module> generate_report() File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 42, in generate_report download_report(report_client, report_id, report_instance_id) File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 55, in download_report client.download_report(report_id, instance_id) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api\report_api.py", line 357, in download_report (data) = self.download_report_with_http_info(id, instance, **kwargs) # noqa: E501 File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api\report_api.py", line 442, in download_report_with_http_info collection_formats=collection_formats) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 322, in call_api _preload_content, _request_timeout) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 153, in __call_api _request_timeout=_request_timeout) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 343, in request headers=headers) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\rest.py", line 238, in GET query_params=query_params) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\rest.py", line 222, in request r.data = r.data.decode('utf8') MemoryError
Posted by Jonah Stegman 10 months ago
Hello, I have already exported the data using the report..."Database Export". This worked great. Now I need a schema definition for all this. Before you point me in another direction, I have already examined this URL on your own site. This is **NOT** what I need. https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html I need a map of the exported data and descriptions for what the data is. IE: What is this table? "nxp_fp_src with two columns: fpsrc ID and Source" I am trying to map data and I need a spec for this exported data. Thanks!!
Posted by Mark W 11 months ago
I know you can enumerate 'Incomplete Assets' with the Ruby Gem 'CONNECTION::incomplete_assets(scan_id) but I was wondering if there was anything similar for REST calls? I know that you can get scan data using the 'Scan' call but it does not give you the assets or the status of those assets from the scan. Maybe I am missing something but any help would be greatly beneficial. Thank you
Posted by Tony Hamil 11 months ago
This page has step-by-step instructions, but I keep hitting the error mentioned in the title. https://www.rapid7.com/db/modules/post/windows/gather/credentials/razorsql I think I just need to set up a session in the command line, but when I type: msf post(razorsql) > set SESSION 1 that doesn't create an active session. How do I create an active session to capture the output? Thanks!
Posted by Rory McCashin 11 months ago
Beginner question: I identified some false positives in the scan results and checked the Ignore box beside them. When the scan next ran, the same results showed up--with the ignore box still checked for them. 1) What effect does Ignore have? 2) Is there a way to suppress false positives from the scan results? (I did read the User's Guide, but all it says is that you can "Ignore the vulnerability using the Ignore checkbox," which isn't helpful.)
Posted by Brian 11 months ago
I'm working on signatures for pulling information from open redis services and testing the signatures via recog. https://github.com/rapid7/recog/ An open redis service provides a large volume of information for system architecture, os versions, cpu utilization, etc. I'm triggering an INFO command via ``` echo -e '*1\r\n$4\r\nINFO\r\n' | nc 127.0.0.1 6379 | ruby ./bin/recog_match ./xml/redis_info.xml - ``` with the redis_info.xml being the new signature file. My best practice question starts to come in when I look at signatures like operating_system.xml and architecture.xml. both of which have all of the necessary regex to pull information out of the redis service but are specified as database_type="util.os" where redis classifies as a service. ``` Current values are: - service: These fingerprints are intended to match banners or other responses from services. Fingerprint matches in 'service' database do not necessarily have to return 'service.' attributes in the match data. - util.os: These fingerprints are intended to be used to identify or extract OS related information from strings that are not responses to service probes. This may be used in a utility capacity and may provide for data enrichment via an independent call after a service banner match has already be made. ``` Is it generally better practice to duplicate fingerprint entries when they can be re-used or can generic regex like operating system string queries be shared as an external entity referenced in multiple signatures? If the external reference is even viable is it safe to assume that the util.os fingerprints would need to be replicated for service parsing? Or should I expect the util.os fingerprint to be applied without any additional modifications?
Posted by BrianWGray 11 months ago