Good day, Is there a query we can run in Nexpose that can present the data as organized below? The result being that the rows of IP Addresses/Servers can match the column of the applications risk score (i.e. Server1 has risks in both Adobe Reader and Flash). Thanks in advance. D Laden IP Name Operating System Vulnerabilities Risk Java Adobe Reader Adobe Flash Microsoft Wire Shark 192.168.1.1 SERVER1 Server 2008 R2, Enterprise Edition 581 235907 169935 61554 192.168.1.2 SERVER2 Server 2008 R2, Standard Edition 691 209365 71453 128586 6141 192.168.1.3 SERVER3 Server 2012 R2 Standard Edition 384 204333 21536 170173 7161 192.168.1.4 SERVER4 Server 2008 Enterprise Edition 190 204323 111046 87541 192.168.1.5 SERVER5 Server 2012 R2 Standard Edition 612 196834 189088 192.168.1.6 SERVER6 Server 2012 R2 Standard Edition 603 192990 186932 192.168.1.7 SERVER7 Server 2012 R2 Standard Edition 592 189127 182663 192.168.1.8 SERVER8 Server 2012 R2 Standard Edition 622 187238 176151 5852 192.168.1.9 SERVER9 Server 2012 R2 Standard Edition 327 186298 2593 170174 8217 192.168.1.10 SERVER1 Server 2008 R2, Enterprise Edition 563 185495 179753
Posted by Drew Laden about a year ago
Hi, I'm learning to use Metasploit on a publicly accessible over openvpn CTF machine. I cannot get reverse shell using Metasploit, where I’m very confident that should work - people in forum confirm this. I’m running kali VirtualBox VM on Windows 7 host on laptop. I can ping and turned off windows firewall. I also tried to install everything fresh on desktop PC on Windows 10 with fresh kali VM. Did you experience similar problems or do you have any hint for me? My ifconfig: eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.x.x.x netmask 255.255.255.0 ... lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 ... tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 10.y.y.y netmask 255.255.254.0 destination 10.y.y.y ... I know from forum I should user tun0 IP. Only one time I had meterpreter session. It was timed out. But now I can not get new session, despite all parameters are the same. I use tun interface. What could be a problem in your opinion? I tried to exploit multiple times. I did set TARGET and set PAYLOAD and set LHOST again. I reseted target machine multiple times, but no luck – no session. But the same worked - only once. I cannot understand this. Current status: msf exploit(exploit) > exploit [] Started reverse TCP handler on 10.y.y.y:4444 [] Exploit completed, but no session was created. msf exploit(exploit) > show options Module options (exploit): Name Current Setting Required Description ---- --------------- -------- ----------- PATH / yes Path to target webapp Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST targetIP yes The target address RPORT 80 yes The target port (TCP) SRVHOST 10.y.y.y yes Callback host for accepting connections SRVPORT 9000 yes Port to listen for the debugger SSL false no Negotiate SSL/TLS for outgoing connections VHOST no HTTP server virtual host Payload options (php/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 10.y.y.y yes The listen address (an interface may be specified) LPORT 4444 yes The listen port Exploit target: Id Name 0 Automatic There must be something else to setup. E.g. there is a remark for LHOST “an interface may be specified”. Should I make: “setg interface tun0”? Or should I somehow clean up my Metasploit? Thanks
Posted by Roman Graf about a year ago
Using /api/3/asset_groups/{id}/assets you can delete assets from a static asset group but it doesn't work with dynamic groups. Is there a parameter to delete all assets in a dynamic asset group? https://help.rapid7.com/insightvm/en-us/api/index.html#operation/removeAllAssetsFromAssetGroup
Posted by Justin Krueger about a year ago
Currently we are using AD discovery, but it looks like the Automated Trigger features when using DHCP discovery could be very helpful especially with assets that are not always on the network or users are not on the VPN during the configured scan times. My first question is does using DHCP discovery cause any performance issues with the DHCP server or is it not a noticeable difference? My second question is if using DHCP discovery, should I remove my AD discovery connection as well or will having both of these complement each other? Currently AD discovery is causing duplicate assets on some devices if they get placed into a different OU in active directory. Since the asset Identifier displays the OU that the PC is placed in, moving this causes rapid7 to view it as a new device.
Posted by Andrew Vaughan about a year ago
I am trying to conduct a Full Audit (without any credentials) using Nexpose on a system in a VM. However when I try to "Save and Scan" the following error appears: An error was encountered processing your request. Source page: /scan.jsp Error code: 500 Error message: An unexpected error occurred. See the log file for more information or contact support.
Posted by SUH about a year ago
I have Nexpose installed in a Windows 7 VM. I am trying to scan a customized Linux OS (which is also in a VM) through Nexpose. SSH is running in the customized Linux OS. However the discovery scan shows "Discovered Instances of this Service" on port 22. Why is it not able to read it as SSH service? Also when I try to conduct the Full Audit, it gives the following error: "com.jcraft.jsch.JSchException: java.net.ConnectException: Connection refused: connect" when tryinh to test the credentials. Can you please guide? Thank you in advance.
Posted by SUH about a year ago
Has anyone uninstalled the insight agent remotely on a windows machine? I need to do a mass uninstall and I'm trying to it via the command line or a batch script. I don't see any uninstall file to call. Does anyone have any ideas? Thanks, Catie
Posted by Catie Dick about a year ago
We are experiencing issues after scans - for instance several of our UPS's will reboot (random, different ones after each scan), last week one of our ISE server needed to be rebooted (no one could authenticate), today our Exchange Server had to be rebooted (SMTP service stopped), etc. All of these issues were traced back to the exact time frame of the scans. So my question is, does anyone have any suggestions or advice on how to scan our infrastructure devices - maybe a different template or changing some of the options for the scan? Any advice would be greatly appreciated
Posted by David Miller about a year ago
Hi! I was wondering: When I wanted to create an alert, I could just give one e-mail to send the alert to, but I want to send the alert to the owner of the machine of the vulnerability. Is it possible to set this? Like filling in a command or something with a variable? Thanks!
Posted by Matt about a year ago
Hi, I have an excel sheet/ CSV file, which contains a tabular data and a set of records such as assets, sites, IP addresses, data classifications like CAT 1, CAT 2, CAT3, and CAT4. I want to import this bulk file to Nexpose and associate all attributes with the appropriate classifications (CAT1 -> CAT4). Please advise
Posted by Sandra Vladimir about a year ago
We're trying to get Rapid7 to ingest syslog traffic from our ESXi 6.5 hosts. ESXi and all the VMware documentation I'm finding seem to want us to stick with port 514 - we've configured everything appropriately on the ESXi hosts in question and I'm able to get a successful connection (verified with nc at the ESXi console command line) but Rapid7 doesn't seem to be getting data. Where did we go wrong? Is it the port? is the default syslog data config from ESXi in need of tweaking?
Posted by Hank Kuczynski about a year ago
Hi Admin, I am looking for a way in which I can able to get the list of patches installed on asset. For e.g Asset has been identified with some vulnerabilities and later it has been patched. First way is after applying the patches those vulnerabilities will not appear again but this is the tedious way as in this way we have to compare the report before applying of the patches and after. Is there any workaround to run a report directly and we can able to see that these are the patches applied recently. Thank!
Posted by Piyush Singh about a year ago
I have testing the service for some time and in the process I have created some logsets. Now that i have decided to use the service i'am trying to delete the test logsets, but can't find where I do it? I have found out there is api to do it, but seems like overkill: https://insightops.help.rapid7.com/docs/delete-logset
Posted by Eric about a year ago
We are planning to move to new Nexpose console from our old Nexpose console and I have the following questions: 1.Do we need a platform independent back up? 2.If no, should I upgrade my Ubuntu OS and then take a non platform independent backup? 3.Is upgrading OS recommended or will this break the console?
Posted by MJ about a year ago
I purchased a public cert to be used on my Web Server sessions for phishing. Upon attempting to upload the .crt file, I received an error which read: - State cannot transition via "set launchable" - File is not valid or incomplete. Please verify that it is in PEM format, includes both the Certificate and Key in one file, and does not have a password set. "Validation failed: neither PUB key nor PRIV key: nested asn1 error" I don't understand the first error. The second error makes sense, but I don't know how to overcome it. Do I need to convert my .crt file to a different format?
Posted by Dean Turturici about a year ago