We created a policy template for Windows 2008R2 as described here (https://nexpose.help.rapid7.com/docs/working-with-policy-manager-results) then I scanned several Windows 2008R2 assets against the policy template. However, when I go to Reports and select a Policy Report and run it against the policy and assets scanned; the report only shows 1 asset. Does anyone know why I am missing the other assets? Or am I going about the reporting wrong with policy manager? thanks, andrew
Posted by Michael Moreno 5 months ago
The installer detected an incomplete installation of Nexpose at C:\Program Files\rapid7\nexpose Either a previous installation attempt is still running , or it terminated unexpectdly without being cancelled. ============================= Can you please help to uninstall on windows 64 bit system ?
Posted by Nagesh 5 months ago
I would like to get the list of hostname aliases (posted below the hardware address when viewing an asset) using SQL. Is this possible? Ultimately, I want to look for duplicate assets by aliases. There are times when I filter by hostname and get two results. One will show the hostname I looked for but with an outdated IP address (showing an old last scanned date). The other will show the correct IP for the asset I looked for but with the wrong hostname. When I click on the 2nd finding (correct IP, wrong hostname), I can see the correct hostname listed in the aliases section.
Posted by Anon 5 months ago
There are "cards" (graphs) on my Nexpose dashboard at exposure-analytics.insight.rapid7.com. Can I create my own cards (graphs)? Say by writing an sql query similar to what I do in Nexpose reports? This is suggested in the documentation, but I can't find details anywhere. Currently I run sql queries in Nexpose reports, export the results to Excel, and create Excel graphs. I'm wondering if I can do something similar directly on exposure-analytics.insight.rapid7.com and have the graphs appear on my dashboard.
Posted by e doberman 5 months ago
I created a site, chose 1 asset, added my credential for the target system using all audit scan template and then ran an audit report when finished. The target of evalution is windows 10, but i'm seeing everything from windows 10, Windows 7, server 2012, 2003, how do i filter out everything except the applicable OS
Posted by Mike Cloud 5 months ago
Nexpose sql query: Are duplicate rows in fact_asset_scan_vulnerability_instance normal? Or an indication of some other problem? I'm also finding records in fact_asset_date for assets that are not in dim_asset, that is, the foreign asset_id key in fact_asset_date is not in dim_asset.
Posted by e doberman 5 months ago
Hi, I see that Nexpose recommend to exclude scanning Load Balancers. Given the nature of common fault tolerant architectures in public cloud environments, load balancers are often deployed with an alias/cname attached for external connectivity. Question 1 What is the best approach to complete external scanning with a hosted scan engine of an AWS environment with: - Elastic Load Balancers - API Endpoints Question 2 I also noted that when using Dynamic Discovery, it will include instances without EIP addresses, but they will not appear in the asset list for the site configuration. Does this mean they wont actually be scanned? Any guidance is greatly appreciated. Thanks
Posted by Ciaran 5 months ago
I'm having problems getting a SQL query to give me one of the categories I need (asset tags). I'm trying to pull high level statistics for a simple monthly metrics report. Any suggestions? here is what I have so far dt.tag_name AS "Asset Category", COUNT(da.asset_id) AS "Asset ID", SUM(fa.vulnerabilities) AS "Total Vulnerabilities", SUM(fa.severe_vulnerabilities) AS "Severe Vulnerabilities", SUM(fa.moderate_vulnerabilities) AS "Moderate Vulnerabilities", SUM(fa.critical_vulnerabilities) AS "Critical Vulnerabilities" FROM dim_asset da JOIN fact_asset fa USING(asset_id) JOIN dim_tag_asset dta USING(asset_id) JOIN dim_tag as dt USING(tag_id) GROUP BY dt.tag_id, dt.tag_name ORDER BY dt.tag_name
Posted by Billy johnson 5 months ago
Hello, I am trying to use Metasploit Community and Framework on Windows to scan my Metasploitable 2 VM on VMware. After installing metasploitable, I tried to scan with Metasploit Community. After adding the IP from Metasploitable (ifconfig) it shows no hosts discovered. I tried Zenmap on Windows and it came up with nothing for the VM. I added -Pn to Nmap and it found the VM host. I tried running Metasploit Community with the custom nmap -PN, and it found the host but no services or anything else. Metasplotiable is using NAT and Host Only. That's my 2 VMware adapters VMnet1 and VMnet8 using NAT and Host-Only. I tried Host-Only but still not working. I'm not sure if this is a problem for Metasploitable or VMware. I played with the Virtual Network Editor but don't know what I'm doing and kept default. Is there a way to set all my VM's to ping to each other? Please reply with help on getting Hosts on Metasploit Community and setting up Metasploitable 2. Thanks
Posted by Mike Held 5 months ago
Can Nexpose retrieve credentials through either a GET cmd or a direct connection to Password Manager Pro in order to conduct a credentialed scan? If this isn't possible...is it possible to import a batch of credentials into Nexpose?
Posted by Renn Amstead 5 months ago
So I was testing some payloads on a targeted windows machine over WAN. So far so good, but then a session opened . The sessions wasn't my targeted machine, it was another IP ADDRESS from Avast. I have no idea how is this possible. If someone can explain me what is this please respond. Thank you, Adrian
Posted by Adrian Furo 6 months ago
Nexpose installed on a Win2008R2 server. The console fails to load when connecting to the web site. It makes it to about 94% before it just stops, and the services shut themselves down. Initially we thought it was due to a space issue, we were very low. But now have 100+ GB free on the drive Nexpose is installed in and the warnings are gone from the logs. I'm not entire sure where to look in the logs for a possible misstep, this seems to be about the point where it all goes south: 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Accepting web server logins. 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Security Console web interface ready. Browse to https://localhost:3780/ 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Initializing data warehouse export service... 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Initializing NSX connection manager... 2018-06-18T16:55:51 [INFO] [Thread: Security Console] [Started: 2018-06-18T16:55:51] [Duration: 0:00:00.009] Completed initializing NSX connection manager. 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Initializing IDP credential provider. 2018-06-18T16:55:51 [INFO] [Thread: Policy Usage Statistics Status] Starting policy usage statistics status task. 2018-06-18T16:55:51 [INFO] [Thread: Security Console] [Started: 2018-06-18T16:55:51] [Duration: 0:00:00.004] Completed initializing IDP credential provider. 2018-06-18T16:55:51 [ERROR] [Thread: Security Console] Error during server initialization. java.lang.NullPointerException: null at com.rapid7.nexpose.nsc.NSC.initSubsystems(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.run(Unknown Source) [nsc.jar:na] at com.rapid7.nexpose.nsc.NSC.main(Unknown Source) [nsc.jar:na] 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Shutting down immediately 2018-06-18T16:55:51 [INFO] [Thread: Security Console] Shutting down Quartz scheduler. Error during initialization, then everything starts shutting itself down. The person assigned to my R7 case keeps point to space as a problem but I have cleaned out more and more and it's not resolving anything (as mentioned, warnings are gone, too)
Posted by Russ Davis 6 months ago
Hello, I'm seeing the message at the bottom of the application that says a new version is available to install. I closed the app like usual but it just re-installs my current version of 22.214.171.124. I've even tried going to the AppSpider download page manually and it's also wanting to just install the old 126.96.36.199. Is there an issue with this release? Is there an issue with the version number maybe? Should the new one be 7.0.61? Just taking a shot in the dark there. Thanks, --Matt
Posted by Matt Johnson 6 months ago
/usr/share/metasploit-framework/lib/msf/core/payload/android.rb:92:in `not_after=': bignum too big to convert into `long' (RangeError) from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:92:in `sign_jar' from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:123:in `generate_jar' from /usr/share/metasploit-framework/lib/msf/core/payload/android.rb:38:in `generate' from /usr/share/metasploit-framework/lib/msf/core/payload.rb:204:in `size' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:158:in `block (2 levels) in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:102:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:102:in `block in recalculate' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:98:in `each_pair' from /usr/share/metasploit-framework/lib/msf/core/payload_set.rb:98:in `recalculate' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:251:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `each' from /usr/share/metasploit-framework/lib/msf/core/modules/loader/base.rb:248:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:119:in `block in load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/loading.rb:117:in `load_modules' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:41:in `block in add_module_path' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `each' from /usr/share/metasploit-framework/lib/msf/core/module_manager/module_paths.rb:40:in `add_module_path' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:50:in `block in init_module_paths' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `each' from /usr/share/metasploit-framework/lib/msf/base/simple/framework/module_paths.rb:49:in `init_module_paths' from /usr/share/metasploit-framework/lib/msf/ui/console/driver.rb:196:in `initialize' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `new' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:62:in `driver' from /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' from /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' from /usr/bin/msfconsole:48:in `<main>'
Posted by Shivam 6 months ago
Hi, I've installed Nexpose community and get the following error when I try a scan. Any clue what the problem is? (java.io.IOException: The Nmap exit value is not zero: 1 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) ) I am on Windows 7 64bit, using the local scan engine. Thank you
Posted by John Erickson 6 months ago