Was wondering if anyone already had a site configuration sql export? The issue is we are growing with more and more sites and its hard to keep track of the configuration of each site and having to manually click through each one to get the data (Site Name, Site ID, Asset (IP Ranges and/or groups) etc.
Posted by Austin about a year ago
Hey all! Would anyone know of a report that would list out the assets in a specific site or a specific asset only and spit out the number of Critical, High, Medium, Low, etc vulnerabilities exist? We had this capability in our prior scanning tool, however, I am unable to find anything here (template or SQL). Thank you in advance
Posted by DN about a year ago
https://github.com/rapid7/nexpose-client-python has no documentation The ruby client has some documentation but included examples no long work. https://github.com/rapid7/nexpose-client/tree/master/examples Is anyone else about to use either one of these to successfully connect to a site and read site information.
Posted by FNU about a year ago
Has anyone seen Nexpose looking for LDR (Limited Distribution Release) branch versions of components instead of GDR (Global Distribution Release) versions? The MS16-087: Security Update for Windows Print Spooler Components (3170005) vulnerability that was released this month is showing the following when the patch is already installed: Found an applicable package: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentversion\Component Based Servicing\Packages\Package_137_for_KB948465~31bf3856ad364e35~amd64~~18.104.22.16805. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\currentversion\SideBySide\Winners\x86_Microsoft-Windows-P..rAndPrintUI-Printui_31bf3856ad364e35_none_def58f41982f564e - key exists The above CBS component is currently version 6.0.6002.18005, expected version 6.0.6002.23981 or higher Fix for KB3170455 is applicable for this CBS component According to Microsoft, the last portion of the version number will start with a 1 for GDR and 2 for LDR. Source: https://blogs.technet.microsoft.com/mrsnrub/2010/07/14/gdr-ldr-the-next-generation/ Any idea why Nexpose is looking for a LDR version?
Posted by Steve about a year ago
We are wondering if anyone has integrated Sophos Central AV with InsightIDR? We have an RESTful API endpoint on our Sophos instance along with authorization info that could be used in InsightIDR but I haven't seen a way to hit an API endpoint to pull log data into IDR. Any advice?
Posted by Greg Haar about a year ago
Dear All, I'd like to know is it possible to compose attacking vector in such a way that, remote vicitim will not be required initially to interact with you, that is if OS is vulnerable then you'll execute the vulnerability succesfuly without vicitm perception. So far in the blogs, articles that I've read, usually suggest that you create a bait (PDF, Flash Player, etcc) then abet the victim to trigger it, but the real life scenerio may not work like that. Enticing someone to click a link or to download a crafted vulnerable file may sound suspicious and shrewdy end - user may immediately stop interacting. Aside from all that you will use your credibility. Regards
Posted by sblade about a year ago
Hi, i am new to Metasploit, I am using kali 2017.2. I was able to install kali in Vbox and win xp sp1 (64) and xp sp3. my problem is once I want to attack the victim machine, it shows everything, except the open session. 1. I double checked that kali and win xp can communicate each other (using nmap and ping) 2. check open ports in rhost (xp in my case) 3. I am using virtualBox for both kali and xp, putting them in internal network and configure the ips manually, but double check they can communicate as explained in 1. 4. I tried multiple exploits ms067, ms03... also (reverse_tcp, bind_tcp, shell), but no luck I am not really sure what is the problem, tutorials seem so simple, but when I am trying to do so it is kind of impossible to do. Any help!
Posted by Abdu Om about a year ago
During the initialization using nsc.sh console goes in maintenance mode and when i try logging into the web page (localhost:3780) only this message appears: Critical error during initialization: PreparedStatementCallback; bad SQL grammar [SELECT licmod_id, licmod_name FROM nxadmin.lic_modules]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "nxadmin.lic_modules" does not exist Position: 45 I'm currently running nexpose on Kali linux 64 bit (i've installed it on port 54321 not to create conflicts with PostgreSQL)
Posted by Lorenzo De Luca about a year ago
When I attempt to scan over a wireless network, the nexpose scan fails with the error at bottom. Things to note: Pings throughout the network are successful, so even tuned the scan template to discover only using ICMP. Nexpose over the wired network flawless (so don't say Nmap isn't installed correctly) Browsers tried: Chrome, Mozilla and IE Observation: It's almost like it just doesn't want to use WiFi. There should almost be a setting in Nexpose where you can define what interface will be used to scan. Error: Failed (jave.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run (Unknown Source) at com.rapid7.nexpose.scan.Scan.start (Unknown Source) at com.rapid7.nexpose.snca.Scan.run (Unknown Source) at java.lang.Thread.run(Thread.java:745))
Posted by Matthew Crabbe about a year ago
I can't seem to get Nexpose to uninstall. I've tried via the Control Panel, and by running uninstall.exe -c from the command line. Both result in: The installer detected an incomplete installation of Nexpose at C:\Program Files\rapid7\nexpose. Either a previous installation attempt is still running, or it terminated unexpectedly without being cancelled. See the installation guide for instructions on manually removing installation files, or run the installer again. Finishing uninstallation... I tried ending the nexserv.exe and nexlaunch.exe processes first,and rebooting multiple times and nothing seems to work. Are there any instructions I could use for manually uninstalling it? We need to get the latest version installed and it won't run until the existing version is 'fully' uninstalled!
Posted by Charles Kunkel about a year ago
I see that RSA is used for encryption in Nexpose, as detailed in this page: https://nexpose.help.rapid7.com/docs/administration-maintenance#section-what-types-of-encryption-does-the-application-use- From that page: To ensure the security of the application, Nexpose uses the following types of encryption algorithm keys in these areas: Identification/authentication: RSA Credential password storage: RSA Connection to the Web interface: RSA and HTTP over SSL Credential encryption: 3DES encrypted with RSA Security Console to Scan Engine communication: TLSv1.2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for backwards compatibility, and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. So is my installation of Nexpose vulnerable? I would be most concerned about the communication between console and engine.
Posted by Alan Rivaldo about a year ago