I have a Report Template made that shows me the Operating system of the scanned machines, the vulnerabilities, and the solutions to those vulnerabilities. My issue is that the solutions section for each vulnerability shows solutions for every possible operating system. I want it to ONLY show the solution for the operating systems of the machines that the vulnerability was found on. Is this possible?
Posted by Jason Sherman about a year ago
I am looking for a report that will allow me to find the total number of vulns over a period of time and total number of those vulns that have been remediated. The Dashboard card named "New vs. Remediated Vulnerabilities" is similar to what I need. The sql query behind this card should set me on the right path. Can anyone help with this?
Posted by Keith Bruce about a year ago
I've a host on the perimeter and the Nexpose scan is finding vulnerabilities according to the the logs, but the web spidering causes the host to timeout later in the scan and the scan terminates. The host is then incomplete in the scan results, but the vulnerabilities found earlier in the scan are ignored and not reported in Nexpose. In fact the host doesn't show up in Nexpose, just as an incomplete host in the scan results only. Is Nexpose intended to work like this?
Posted by Matt Joyce about a year ago
Hi, when will the signatures of Meltdown and Spectre patching for CentOS be released? It seems to be fine for Windows, RedHat and other, but no trace for CentOS as far as I can tell. As you can imagine it's rather urgent... Thanks Olivier
Posted by Olivier Reuland about a year ago
Several hosts continue to fail this check on port 8080. All are running Server version: Apache/2.4.16 (Unix). They have been configured with the recommended remediation steps. [root@hostname:~] [S1V: 220.127.116.11] [21:38:43] $ grep -i trace /etc/apache2/httpd.conf TraceEnable off Debug logs offer no information other than pass/fail. Are there any further steps to be taken to verify this check?
Posted by Casey Tuohey about a year ago
I have a custom .csv report template in Nexpose that uses the "Vulnerability Age" data field. I am trying to write a SQL query that gives me additional data values to what I can get from the default offered in the .csv reports, but I cannot find a value from the SQL tables on https://nexpose.help.rapid7.com/docs/understanding-the-reporting-data-model-overview-and-query-design that matches what is in the .csv report. Can someone tell me what value or calculation is used to generate the Vulnerability Age in the .csv report?
Posted by Jaimie Welborn about a year ago
Hello, I want to ask about the vulnerability "Partition Mounting Weakness" which is detected on our asset after scan. We do System hardening based on CIS which contain checks for options nodev, nosuid and noexec on /tmp, /var/tmp, /dev/shm partitions. But our problem is that when we scan the same machine using Nexpose we have "unix-partition-mounting-weakness" check which indicate that some issues were discovered like : - /run partition does not have 'nodev' option set. - /home partition does not have 'nosuid' option set. - /var partition does not have 'nosuid', 'noexec', 'nodev' option set. - /APP partition does not have 'nodev' option set. - /var/www partition does not have 'nodev' option set. Could you please tell us how Nexpose check this vulnerabilities and it is based on what ?? Best regards.
Posted by Yasmine about a year ago
So with the proliferation of InsightVM, can customers expect that and some point we will be able to measure our risk score against the average risk score across all industries and specific ones? I think many have challenges at the end of the day confidently explaining the risk score and what it means overall for an organization. The question "well is this a good thing or a bad thing?" simply cannot be answered with numbers in front of us however if it were possible to compare your risk score to the average across specific and across all industry verticals (considering average asset count), I think the risk score would be much easier to digest for the layman.
Posted by Jamal Pecou about a year ago
Hello, Since yesterday I was still able to use my metasploit framework (msfconsole) - but today it's showing the following errors: So I start things with: ~# service postgresql start ~# service metasploit start Failed to start metasploit.service: Unit metasploit.service not found After getting the above, i still continue with msfconsole ~# msfconsole Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 7337? After the above, I tried suggested solutions over the internet such as msfdb reinit, apt-get and so on. My postgresql is listening to 5432 - so I'm not sure why msfconsole is trying to connect to 7337. Appreciate the help. Thank you, Sam
Posted by Sameer Anwar about a year ago
Hello, I'm new to Metasploit - I tried the Metasploit Pro (free trial) and the msfconsole in kali. Just wanted to ask or get clarification on certain exploitation results that metasploit has provided on my test target. For the exploit I just uploaded the vulnerabilities identified by Nessus in Metasploit. After that, I runned the default exploit in Metasploit. Here are a few details of the results: 1*. [+] [2017.12.27-10:28:35] Workspace:MHC 2017 VAPT - JMF Progress:710/2310 (30%) [706/2305] xxx.xx.xx.x:80 - TP-Link SC2020n Authenticated Telnet Injection [*] [2017.12.27-10:28:36]  xxxxx:80 - Exploiting [*] [2017.12.27-10:28:36]  xxxxxx:80 - Trying to login with admin : admin [+] [2017.12.27-10:28:36]  xxxxx:80 - Successful login admin : admin [*] [2017.12.27-10:28:36]  xxxxxx:80 - Telnet Port: 62116 [*] [2017.12.27-10:28:36]  xxxxxx:80 - Trying to establish telnet connection... [-] [2017.12.27-10:28:36]  xxxxxx:80 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (xxxxx:62116). TP-Link SC2020n Authenticated Telnet Injection https://www.rapid7.com/db/modules/exploit/linux/http/tp_link_sc2020n_authenticated_telnet_injection *So for this exploit my concerns are: a. Port 80 is open per nmap scan, but Nessus did not flag it as vulnerable, so why was it exploited by Metasploit? b. I tried to login remotely to the target IP - but was not able to gain access using the credentials used by Metasploit to gain access (admin:admin) - I put it as username: admin and pw admin. Why was I not able to login? c. What could I have done to successfully exploit the target? 2**[+] [2017.12.27-10:10:07] Workspace:MHC 2017 VAPT - JMF Progress:38/2310 (1%) [34/2305] xxxxxxx:21 - Open-FTPD 1.2 Arbitrary File Upload [*] [2017.12.27-10:10:08]  Started reverse TCP handler on 0.0.0.0:1040 [*] [2017.12.27-10:10:09]  xxxx:21 - Server started. [*] [2017.12.27-10:10:10]  xxxxx:21 - Trying to upload ndJDXciFuXF.exe [*] [2017.12.27-10:10:10]  xxxxxx:21 - Connecting to FTP server xxxxxx:21... [*] [2017.12.27-10:10:10]  xxxxxxx:21 - Connected to target FTP server. [*] [2017.12.27-10:10:10]  xxxxxx:21 - Set binary mode [*] [2017.12.27-10:10:10]  xxxxxxxxx:21 - Set active mode "10,111,28,37,4,17" [+] [2017.12.27-10:10:10]  xxxxxxx:21 - Upload successful [*] [2017.12.27-10:10:12]  xxxxxxxxx:21 - Trying to upload AQaAFAtyoj.mof [*] [2017.12.27-10:10:12]  xxxxxx:21 - Connecting to FTP server xxxxxxx:21... [*] [2017.12.27-10:10:12]  xxxxxxxxxx:21 - Connected to target FTP server. [*] [2017.12.27-10:10:12]  xxxxxxxxxx:21 - Set binary mode [*] [2017.12.27-10:10:12]  xxxxxxxx:21 - Set active mode "10,111,28,37,4,17" [+] [2017.12.27-10:10:12]  xxxxxxxx:21 - Upload successful Open-FTPD 1.2 Arbitrary File Upload https://www.rapid7.com/db/modules/exploit/windows/ftp/open_ftpd_wbem **same as the first one, this was not flagged by Nessus. So my concerns here are: a. The upload was successful, but when we checked the server for the said files, it was not there (full search of server). Why was that? Am I looking in wrongly? what could be the reason the file was not there? Will highly appreciate your comments on this or provide me tips or correct me as to how should I interpret the results. Thank you, Sam
Posted by Sameer Anwar about a year ago
Hello, I feel sorry for the Rapid7 employees who have to answer all of the questions about "why isn't this feature available" on this, the site that replaced the community site. When we did a PoC of three different Vulnerability Management Solutions, one of the selling points, one of the things I showed off to management and executives, was how amazing the community site was. It was the reason we chose Rapid7 over Tenable. Tenable had better reporting, but Rapid7 had a community that was active, helpful, included Rapid7 employees and users from novice to expert. It was, in fact, the most active community site I had ever seen. Much of that was due to the interface. You had a large tableau which gave you a bird's eye view of what was popular and important in that moment. Blog posts, community questions, knowledge base updates, SQL queries made available, everything from one screen. It was at your fingertips. The new site, as I have said, expects you to know what you want to find and go to that. It is not designed around a community. This is a Feed.Nothing more. I cannot get an overview of issues others are having without lots of scrolling and clicking. I cannot get Blog updates or even know they are available unless I go to a completely different website. I get the feeling Rapid7 Wants to cultivate and validate data before adding it to the general KB area. That's noble, but it doesn't seem to be happening. I submitted an update to a SQL query and it was never updated. It was a fix that the author of the script said it needed, so it isn't something I did out of the blue. I do not understand why the old community site needed to be replaced at all. If someone, anyone could explain it, I'd be grateful. It was a bustling community of people sharing information in near real-time. This new site may have fifteen people ask the same question because they missed it thirty-five entries down on the topic Feed. I get that this site is a work in progress, but nothing has changed since it was introduced. No new features that I've noticed. Why was this site forced on everyone if it was not complete? Why was the old site, which was fantastic, shutdown? All my old links are broken now. I have about three or four dozen links to various tidbits on the old site that all just redirect to the KB homepage. Where is the collaboration? That's what I'm missing. And it's why I hardly ever use this site any more. It isn't worth it. Instead, I open a ticket and have Rapidy7 look it up for me. My time is valuable and I cannot spend it searching and searching, posting and waiting, worrying that if I miss the email that my question was answered I'll never find my question again. To quote my parents, "I'm not angry; I'm just disappointed." If it were a bake-off between Rapid7 and Tenable today, I'm not sure we'd make the same choice.
Posted by Jasey DePriest about a year ago