i am using kali Linux latest version on virtual box. after using this command using exploit/multi/handler command in metasploit window it is showing me exploit(multi/handler). msf > use exploit/multi/handler msf exploit(multi/handler) > I don't know why it is behaving like this, i used to get "handler" before updating packages by using following commands to add virtual guest version. here are the command:- 1.apt-get update 2.apt-get upgrade 3.apt-get dist-upgrade 4.apt-get install build-essential module-assistant 5.m-a prepare Metasploit version Framework :- 4.16.32-dev console :- 4.16.32-dev thx for the help
Posted by chintan 10 months ago
I will admit I am pretty new to Nexpose and Ruby and trying to run a script for creating a dymanic asset group based on a network mapping file. I found a script that looks like it should do it but I am getting an error in Ruby. I feel like I am missing something small here. The input file will be a cvs file that is pretty large (1000's of rows) and is just a breakdown of locations based on CIDR notation and the name of the group that I want it to be in. Example input file (CVS): 10.1.2.0/24 DAG1 10.2.200.0/24 DAG2 10.1.15.0/24 DAG1 10.33.0.0/16 DAG3 10.1.223.0/24 DAG1 10.22.2.0/24 DAG2 Results I would expect is a Dymanic Asset Group with the Name and all the collective CIDR's get added to the site. DAG1 contains 10.1.2.0/24, 10.1.15.0/24, 10.1.223.0/24 DAG2 contains 10.2.200.0/24, 10.22.2.0/24 DAG3 contains 10.33.0.0/16 Script that I have been working with, I addressed other ruby errors but seem to be stuck now. #ruby 2.3.1 require 'nexpose' #4.0.4 require 'csv' require 'highline/import' #1.7.8 require 'netaddr' #1.5.1 include Nexpose include NetAddr #Default value: insert host ip in ' ' @host = '127.0.0.1' #Prompt user for username and password def get_username(prompt = 'username: ') ask(prompt) { |query| query.echo = true } end @user = get_username def get_password(prompt = 'Password: ') ask(prompt) { |query| query.echo = true } end @password = get_password #log in to Nexpose nsc = Connection.new(@host, @user, @password) nsc.login #parse data from csv CSV.foreach("network.csv", headers: true) do |row| ip = CIDR.create(row['subnet']) criterion = Criterion.new(Search::Field::IP_RANGE, Search::Operator::IN, [ip.first, ip.last] ) criteria = Criteria.new(criterion) dag = DynamicAssetGroup.new(row['site_code'], criteria) dag.save(nsc) end nsc.logout exit Here is the result when running the script... user@server:/opt/rapid7/scripts$ sudo ruby 20180122-Rapid7DAGLocationAutomation.rb username: nexpose admin Password: password 20180122-Rapid7DAGLocationAutomation.rb:31:in `block in <main>': uninitialized constant CIDR (NameError) from /usr/lib/ruby/2.3.0/csv.rb:1748:in `each' from /usr/lib/ruby/2.3.0/csv.rb:1131:in `block in foreach' from /usr/lib/ruby/2.3.0/csv.rb:1282:in `open' from /usr/lib/ruby/2.3.0/csv.rb:1130:in `foreach' from 20180122-Rapid7DAGLocationAutomation.rb:30:in `<main>' user@server:/opt/rapid7/scripts$
Posted by Tom Sikma 10 months ago
Does any one know what version of CPE data from NIST Nexpose is using to fingerprint OS'es? Also, have any insight as to why the CPE data is being detected as x86 instead of x64? We seem to be having issues fingerprinting Windows 10 correctly and i believe this is driving some issue with Policy compliance. For Exmaple we are scanning Windows 10 1703 with authenication and running the DISA "U_Windows_10_V1R9_STIG_SCAP_1-1_Benchmark" which has to be manually imported 'hint hint Rapid7, please provide updates faster" The OS is coming back with CPE value of cpe:/o:microsoft:windows_10:-:gold:~~~~x86~. This CPE verison was deprecated on 08/12/2016. However, the OS is actually running x64 and in which case, i believe is causing issues with the compliance check WIN-10-00-000005 "Domain-joined systems must use Windows 10 Enterprise Edition 64-bit version" along with some others. Regards,
Posted by Bob 10 months ago
It can be a bit tricky setting up LDAP authentication with Nexpose, so I’ve created this discussion to cover some known issues / limitations with LDAP configuration and Nexpose and provide a few common configurations and troubleshooting steps. When setting up LDAP authentication with Nexpose, it is important to remember that you need to use the exact DNS hostname in the ‘server name’ field. We are eventually looking at allowing a round robin host name, but this functionality is not in the product yet and I would say this is the source of most of the LDAP cases that are opened with support. If you are unsure of the dns hostname you should be using, you can either locate it via nslookup, or alternatively you can download a free tool called Softerra LDAP Browser to verify it. Configuring Softerra is relatively easy and you basically just need to: 1. create a new profile 2. put in the host name (ie. example.rapid7.com) 3. bind as the currently logged on user 4. hit next then finish Once it is setup, you want to use the dnsHostName value for the Server name field. If for some reason you do not see this value, you can also run a csv export and find it there. Once you have verified you have the correct dns hostname (and are not attempting to use a round robin name for the server name field), here are some common configurations you can use to get LDAP authentication working. ###Typical LDAP Configuration (Global Catalog): Enable authentication source needs to be checked. Name can be whatever Server name needs to be the exact dns hostname for their AD server Server Port – 3269 (or you can choose port 3268 and uncheck SSL) Require secure communications SSl - checked Permitted authentication methods - blank Follow LDAP referrals - unchecked LDAP search base - blank Click AD global catalog ###Alternate LDAP Configuration (Regular AD) Enable authentication source needs to be checked. Name can be whatever Server name needs to be the exact dns hostname for their AD server Server Port – 636 (or you can choose port 389 and uncheck SSL) Require secure communications SSl - checked Permitted authentication methods - blank Follow LDAP referrals - unchecked LDAP search base - blank Click AD Once you have finished setting this up (Under Administration > Console > Administer > Authentication), the last thing you need to do is set up the user profiles. To do this you just need to go to Administration > Users > Create and then select the LDAP authentication source you just created from the drop-down and then enter the username and full name values as they appear in your Active Directory. If you still run into issues one of the most helpful logs is the auth.log since you can actually see the login failure in that log and usually get an LDAP error code.
Posted by Rahul Chaturvedi 10 months ago
Dear support, Just after a new appSpider installation, we launched AppSpider and got this error message : Error Required component is missing or corrupted: Microsoft.Practices.Unity, Version=2.1.505.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 Do you have any suggestion to fix this ? System : Windows Server 2012 R2 standard with SQL Server 2012 Best regards, Serge
Posted by Helpdesk 10 months ago
I wanted to point out a mismatch in the Metasploit database schema module_targets.detail_id & module_details.id where id=1164 The module_details.fullname shows that the exploit if for windows, the module_targets.name is showing that it is for Linux. I'm not sure how many more there are, but this one came up in my research. I will update to the newest release and see if it's updated. Is this normal? Does this type of mismatch affect functionality? Thanks.
Posted by David Evenden 10 months ago
My ASPX webform application has been built with changing session ID after the user sucessfully logs in. I am using a cookie to store this information. Even though this solution is already implemented, when I run the app spider scan with OWASP recommended scan config, I receive a session fixation issue in scan result. Please post your suggestions and remediation for this. Thank you, Revathi
Posted by Revathi Ragupathy 10 months ago
We have several exceptions with upcoming expiration dates that we would like to extend without waiting for them to expire. I am trying to write an API script to take a list of exception IDs in a .csv file and apply a specified new expiration date (format YYYY-MM-DD). CSV example: exception_id | expiration 459 | 2018-02-01 89 | 2018-03-31 I would also be interested in being able to remove the expiration/set to none. Script so far: #initialize connection and login CSV.foreach('expiration_change_file.csv', {:headers => true}) do |exception| #define the exception ID ***this is where I'm stuck*** vuln_exception = Nexpose::VulnException.**SOMETHING()** vuln_exception.id = (exception['exception_id']) # Update expiration date begin vuln_exception.update_expiration_date(nsc, exception['expiration']) rescue print 'Update failed' end end Using the documentation found at http://www.rubydoc.info/gems/nexpose/Nexpose, I have not been able to find what I need. I am Ruby/scripting newbie. Another reason for updating the expiration date vs. waiting until it expires and resubmitting is you lose the original submit date, comments, submitter, etc. Any help would be apprectiated.
Posted by Jaimie Welborn 10 months ago
I'm trying to figure out how to do a regex partial match within a specific field. According to the docs at https://insightops.help.rapid7.com/v1.0/docs/regular-expression-search I should be able to do field=/regex/. I'm trying to look through my firewall logs where the field "source_data" contains the word "malware". So my query is where(source_data=/malware/i). That brings back no results. Not sure whether there really aren't any lines with "malware" in it or whether the query isn't working, I look through my log data and I find a bunch of log lines that have the word "Payload" in the source_data field. So I try where(source_data=/Payload/) and I get no results. What am I doing wrong?
Posted by Ryan Merrell 10 months ago
Been trying to evaluate scans with web spidering option using Nexpose trial version but the audit reports keep saying no web spidering was carried out. Does anyone know how to get web spidering to work?
Posted by Tsay Chong 10 months ago
Dear All, I have 2 question about vulnerability validation. 1. Could I need to validate every Nexpose scan results with Metasploit to confirm the accuracy of results? 2. There have effect to services on assets in vuln. validation process? thank you.
Posted by ekkarach 10 months ago
I have a query that takes quite a while to run, I was wondering if it is because it too complex or just inefficient. Any ideas? Thanks!!! WITH vuln_references AS ( SELECT vulnerability_id, array_to_string(array_agg(reference), ', ') AS references FROM dim_vulnerability JOIN dim_vulnerability_reference USING (vulnerability_id) GROUP BY vulnerability_id ) SELECT DISTINCT da.ip_address, da.host_name, proofAsText(dos.description) AS operating_system, proofAsText(dos.version) AS os_version, dv.nexpose_id AS cve_id, dv.title AS vulnerability_title, proofAsText(dsol.fix) AS vulnerability_solution, dv.severity FROM fact_asset_vulnerability_instance favi JOIN dim_asset da USING (asset_id) JOIN dim_vulnerability dv USING (vulnerability_id) JOIN vuln_references vr USING (vulnerability_id) JOIN dim_operating_system dos USING (operating_system_id) JOIN dim_asset_group_asset daga USING (asset_id) JOIN dim_asset_group dag USING (asset_group_id) JOIN dim_asset_vulnerability_best_solution davbs USING (vulnerability_id) JOIN dim_solution dsol USING (solution_id) WHERE dag.name = 'location-centos' OR dag.name = 'location-rhel' OR dag.name = 'location-ubuntu' AND dv.severity = 'Critical' ORDER BY da.ip_address
Posted by Phil Colvin 10 months ago
I have done the CIS benchmarks testing and the policy results are available but now I need to create reports for them. When I create the report using the built-in template "Policy Rule Breakdown Summary" I click to set the policies but CIS does not show in my choices. I am limited to only a few DISA STIG policies. An earlier report was available and I saw that 26 policies were selected but this is hidden and not able to be changed nor do those selected policies seem to exist outside of the old report. They are the CIS selections that I do not have access to now. Where is this bug reported and fixed?
Posted by Charlie Van Horn 10 months ago
I've installed Metasploit and gotten to the point where I go to access the Web UI, but the page never loads and in the rare case where it has it doesn't reach the point for me to enter my product key. So can I have some assistance with this and figure out how to get it work?
Posted by Isaiah Todman 10 months ago
Good afternoon, After going through the instructions for the integration, I believe the integration is configured correctly, but I am having trouble finding anyone with experience with this integration that can validate whether or not we are missing any components required to make it work. I'm hoping someone can possibly assist. Steps taken: 1. Installed the Ruby installer. 2. Installed the MSYS2 installer 3. Launched Ruby command prompt and installed the GEM 4. Browsed to the config folder and modified the variables in the file nexpose_thycotic.config file 5. From the Ruby bin folder we ran nexpose_thycotic 6. The results indicated the following information (cannot attach pic sorry) Logging enabled at level <info> Logging to Thycotic at https://secretserver URL Processing sites Processing site 1 Getting credentials for IP address Getting credentials for IP address Getting credentials for IP address (this continued for quite a few mor Finished processing 1 Question 1: If you see this output would it be safe to say that the integration was successful? Question 2: Would it also be safe to say that if we scan an asset that was listed in one of the Getting credentials for, Nexpose will automatically perform a credentialed scan provided the Nexpose name and Secret name match? Does anything need to be configured in the NSC to make it work? Thanks, Blind
Posted by Blindf8th 10 months ago
When viewing the risk trend-line, the furthest right (most recent) scan result will show a ~30% up-tick in risk; however, and soon as a new scan is executed, the previous scan then reflects the appropriate risk. Only the most recent scan is shown as wildly inaccurate. What is causing this, and what can i do to fix the issue?
Posted by Connor 10 months ago