I have been running "Web App Test" in "Metasploit Pro 4.14.2 - Update 2018061801" using a trial license running on Ubuntu 16.04 (in a VM). Most websites work exactly as expected but for some URLs (I am afraid I don't want to publically list my URL here, but it is a normal website running on Google App Engine) [*] [2018.06.27-15:49:59] Running Web App Test 1... [*] [2018.06.27-15:49:59] Processing target information... [+] [2018.06.27-15:50:00] Workspace:https://example.com Progress:1/1 (100%) Validating target URLs... [*] [2018.06.27-15:50:00] Validating 2 targets. [-] [2018.06.27-15:50:00] Invalid response from https://example.com:443/: CODE 0 [-] [2018.06.27-15:50:00] Invalid response from https://192.0.2.1:443/: CODE 0 [*] [2018.06.27-15:50:00] Validated 0 URLs. [*] [2018.06.27-15:50:00] Crawling URLs... [+] [2018.06.27-15:50:00] Workspace:https://example.com Progress:1/1 (100%) Completed. Where can I look to get more details on what is happening?
Posted by Barnaby Shearer about a year ago
I have the integration between ADFS 3.0 and our On-Prem Nexpose console setup and working; however, I cannot seem to find the right syntax to keep the user from hitting the 'idpinitiatedsignon' page (where you select what site you are trying to sign into). With one of my other applications, I was able to put the 'Relaying Party' ID encoded within the IDP call behind 'LogintoRP' with no issues. However, trying to do this with Nexpose's Relay State, it does not seem to be working. Here is a quick 'sanitized' syntax of what I am doing: https://adfs.domain/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=https://rapid7.com/nsc/console/<string> I have been reading that I may have to use the 'RelayState' parameter but I am not exactly sure what the values would be. Does anyone have any experience or guidance using ADFS 3.0 in this manner? Thank you
Posted by Tony Hamil about a year ago
Armitage is not woking with me but msfconsole is working good , when i lunch armitage and press connect it dose not ask me to connect with RPC like it was asking before!, and stuck in logging in and (connection time out or host refuse) , ( I'm using the default host and port). I'm using kali linux
Posted by Abdelfattah Mohamed about a year ago
We created a policy template for Windows 2008R2 as described here (https://nexpose.help.rapid7.com/docs/working-with-policy-manager-results) then I scanned several Windows 2008R2 assets against the policy template. However, when I go to Reports and select a Policy Report and run it against the policy and assets scanned; the report only shows 1 asset. Does anyone know why I am missing the other assets? Or am I going about the reporting wrong with policy manager? thanks, andrew
Posted by Michael Moreno about a year ago
The installer detected an incomplete installation of Nexpose at C:\Program Files\rapid7\nexpose Either a previous installation attempt is still running , or it terminated unexpectdly without being cancelled. ============================= Can you please help to uninstall on windows 64 bit system ?
Posted by Nagesh about a year ago
I would like to get the list of hostname aliases (posted below the hardware address when viewing an asset) using SQL. Is this possible? Ultimately, I want to look for duplicate assets by aliases. There are times when I filter by hostname and get two results. One will show the hostname I looked for but with an outdated IP address (showing an old last scanned date). The other will show the correct IP for the asset I looked for but with the wrong hostname. When I click on the 2nd finding (correct IP, wrong hostname), I can see the correct hostname listed in the aliases section.
Posted by Anon about a year ago
There are "cards" (graphs) on my Nexpose dashboard at exposure-analytics.insight.rapid7.com. Can I create my own cards (graphs)? Say by writing an sql query similar to what I do in Nexpose reports? This is suggested in the documentation, but I can't find details anywhere. Currently I run sql queries in Nexpose reports, export the results to Excel, and create Excel graphs. I'm wondering if I can do something similar directly on exposure-analytics.insight.rapid7.com and have the graphs appear on my dashboard.
Posted by e doberman about a year ago
I created a site, chose 1 asset, added my credential for the target system using all audit scan template and then ran an audit report when finished. The target of evalution is windows 10, but i'm seeing everything from windows 10, Windows 7, server 2012, 2003, how do i filter out everything except the applicable OS
Posted by Mike Cloud about a year ago
Nexpose sql query: Are duplicate rows in fact_asset_scan_vulnerability_instance normal? Or an indication of some other problem? I'm also finding records in fact_asset_date for assets that are not in dim_asset, that is, the foreign asset_id key in fact_asset_date is not in dim_asset.
Posted by e doberman about a year ago
Hi, I see that Nexpose recommend to exclude scanning Load Balancers. Given the nature of common fault tolerant architectures in public cloud environments, load balancers are often deployed with an alias/cname attached for external connectivity. Question 1 What is the best approach to complete external scanning with a hosted scan engine of an AWS environment with: - Elastic Load Balancers - API Endpoints Question 2 I also noted that when using Dynamic Discovery, it will include instances without EIP addresses, but they will not appear in the asset list for the site configuration. Does this mean they wont actually be scanned? Any guidance is greatly appreciated. Thanks
Posted by Ciaran about a year ago
I'm having problems getting a SQL query to give me one of the categories I need (asset tags). I'm trying to pull high level statistics for a simple monthly metrics report. Any suggestions? here is what I have so far dt.tag_name AS "Asset Category", COUNT(da.asset_id) AS "Asset ID", SUM(fa.vulnerabilities) AS "Total Vulnerabilities", SUM(fa.severe_vulnerabilities) AS "Severe Vulnerabilities", SUM(fa.moderate_vulnerabilities) AS "Moderate Vulnerabilities", SUM(fa.critical_vulnerabilities) AS "Critical Vulnerabilities" FROM dim_asset da JOIN fact_asset fa USING(asset_id) JOIN dim_tag_asset dta USING(asset_id) JOIN dim_tag as dt USING(tag_id) GROUP BY dt.tag_id, dt.tag_name ORDER BY dt.tag_name
Posted by Billy johnson about a year ago
Hello, I am trying to use Metasploit Community and Framework on Windows to scan my Metasploitable 2 VM on VMware. After installing metasploitable, I tried to scan with Metasploit Community. After adding the IP from Metasploitable (ifconfig) it shows no hosts discovered. I tried Zenmap on Windows and it came up with nothing for the VM. I added -Pn to Nmap and it found the VM host. I tried running Metasploit Community with the custom nmap -PN, and it found the host but no services or anything else. Metasplotiable is using NAT and Host Only. That's my 2 VMware adapters VMnet1 and VMnet8 using NAT and Host-Only. I tried Host-Only but still not working. I'm not sure if this is a problem for Metasploitable or VMware. I played with the Virtual Network Editor but don't know what I'm doing and kept default. Is there a way to set all my VM's to ping to each other? Please reply with help on getting Hosts on Metasploit Community and setting up Metasploitable 2. Thanks
Posted by Mike Held about a year ago
Can Nexpose retrieve credentials through either a GET cmd or a direct connection to Password Manager Pro in order to conduct a credentialed scan? If this isn't possible...is it possible to import a batch of credentials into Nexpose?
Posted by Renn Amstead about a year ago
So I was testing some payloads on a targeted windows machine over WAN. So far so good, but then a session opened . The sessions wasn't my targeted machine, it was another IP ADDRESS from Avast. I have no idea how is this possible. If someone can explain me what is this please respond. Thank you, Adrian
Posted by Adrian Furo about a year ago