I was creating a spreadsheet to use the algorithm identified on the below page so I can better estimate the scan time for my sites and readjust their schedules. I noticed, however, that something is wrong in the KB article. The algorithm states: 105 (number live assets) X 65535 (number of ports to be scanned) X 1 (maximum retries) / 200 (minimum packets per second) / 60 seconds = 1146.86 minutes to scan However, the math actually returns 573.43, which would've been the result if you multiple by 200 packets per second, divided by 2. So is the stated algorithm correct with an incorrect answer, or is the answer correct with an incorrect algorithm? https://kb.help.rapid7.com/docs/measuring-scan-performance-and-time
Posted by David Howell 2 years ago
after lots of difficulties i able to install nexpose into my kali machine, and was able to login with username and password and was able to create site only. later i went for a break and came back to login into web console i.e. 127.0.0.1:3780 its says username and password is invalid. on the background scrip running saying password change detected. go and check /opt/rapid7/nexpose/nsc/logs/collecter.logs i am the only one who has the credential to access the os and later who nexpose how can be changed itself.?? is this nexpose vulnerable? some one hacked it? or what ?
Posted by Himanshu Dua 2 years ago
Hi, when i try to add Office 365 as data source, i've got an error. After i click begin button, i am redirect to Office 365 athorization page. When i click the confirm button, i redirect to a rapid7 webpage that says: "Whoops! An error has occured". I found nothing relevant on collector's log.. What culd be the problem?
Posted by Luca 2 years ago
I've gotten NT AUTHORITY\SYSTEM on a system by migrating into lsass.exe but when I run the command "getprivs", as a result I get a "Operation Timed Out" even when UAC is disabled I don't understand why ? Any information will be greatly appreciated
Posted by Spectre 2 years ago
I am trying to set up Endpoint monitoring in Scan Mode for one of our new sites. The collector sees a number of clients, but all of them are returning an error of "NO_DATA" I can't seem to find any resources on how to troubleshoot this issue.
Posted by Trey.Bushart 2 years ago
Is everyone aware that Nexpose will not detect the Apache Struts 2 vulnerability that bit Equifax? We've got a vulnerable machine stood up and no discovery, even with a credentialed scan. They say its a "bug". Pretty big bug I would say.
Posted by Fred Smith 2 years ago
I'm trialling InsightIDR; have set up various Data Collection sources; one being O365. Tenant ID all in and it initially worked; however it now keeps stating "Failed to fetch events from office365". I can stop/start and the status goes Green however then turns swiftly back to failed. And the latest entry in the 'raw log' stays the same from this point forward. Have tried editing and resubmitting the user creds. No joy. I tried this the past few days on a Linux box; this morning I've deployed a Windows box and the same issue occurs. Thanks
Posted by Neil M 2 years ago
I get this error with a simple scan for one subnet: Running this engine on a windows 10 Ent. Failed (java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) ) I am open to any suggestions. Thanks, Joshua
Posted by Joshua 2 years ago
Lots of questions on this: Does anyone do this? If so, did you see a major impact to implementing this? Do you know of a way to determine how many hosts currently would be able to use this (like a report that shows that the service is disabled)? What specific service(s) are enabled?
Posted by Trevor Steen 2 years ago
What firewall rules are required to allow Nexpose to access the Cloud for the Dashboards to work? Our firewall is blocking a lot of communications from the scanner to the cloud. For example the connection eu.exposure-analytics.insight.rapid7.com (184.108.40.206) is blocked in the firewall. But also EXT-eu.exposure-analytics.insight.rapid7.com (220.127.116.11) is blocked. As this is using cloud services, it's possible that these addresses could change. Why is proxy awareness not available? This way we could just put in the url and even if the ip changes, this would not be a problem.
Posted by Russell 2 years ago