Nexpose Command-Line Operations

The Nexpose Security Console, which runs in Windows and Linux environments, includes a standard ASCII terminal interface. It is similar to the DOS command prompt available with Windows.

If you are a Nexpose administrator, you can use this interface to perform a number of operations in Nexpose . You can perform many of these same operations more easily using the Web interface. Using the command line, however, is more helpful when you are performing real-time diagnostics, because it provides an immediate view of Nexpose processes "behind the scene."

The command line interface is accessible when the Nexpose Security Console is running. How you access it depends whether the host computer is local or remote. If you are accessing the command line interface on a remote host computer, the method also depends on what operating system your local computer is running on and what operating system the Nexpose Security Console is running on.


Local (Windows)

When Nexpose is running, the command line window automatically appears on your desktop. All you need to do is navigate to that window, using your Windows task bar. A cursor blinks at the beginning of the bottom line in the window. You can type commands immediately.

Local (Linux)

Start a console screen session if one is not already in progress.

Remote (Windows to Windows)

Use the Windows Remote Desktop program to navigate to, and log into, the remote computer desktop. Then, navigate to the command line window as you would on a local computer.

Remote (Windows to Linux)

Use a Linux environment emulation program for Windows, such as Cygwin, to navigate to, and log into, the remote computer.

Remote (Linux to Linux)

Log onto the remote Nexpose Security Console using SSH. Then, start a console screen session.

Remote (Linux to Windows)

Use a Windows environment emulation program for Linux, such as X ( to navigate to, and log into, the remote computer desktop. Then, navigate to the command line window as you would on a local computer running Windows.

If you are running Windows as a service, you can access Nexpose Security Console diagnostic functions on separate Web-based interface. To access this interface on your browser, type the URL computer that is hosting the console, followed by the path /admin/global/diag_console.html.


If you are running the Nexpose Security Console on an appliance, you can perform all operations using the appliance's LCD or via the console Web interface. For more information on using the appliance LCD, see the document titled NSC Appliance Setup Guide.

A list of available commands follows. Text in square brackets indicates optional parameters, as explained in the action descriptions.


Activate Nexpose with a product key provided by Rapid7.

database diagnostics
Check the database for inconsistencies like multiple entries for a device.

[show] diag[nostics]
Display diagnostic information about the Nexpose Security Console.

Stop the NeXpose Security Console gracefully.

Start the garbage collector, a Java application that frees up drive space no longer used to store data objects.

get property [name]
View the value assigned to a parameter associated with the Nexpose scan engine. Example: get property os.version. The console would return: os.version=5.1. If you type get property without a parameter name, the console will list all properties and associated values. You can view and set certain properties, such as the IP socket number, which Nexpose uses for communication between the NeXpose Security Console and the Nexpose Scan Engine. Other properties are for system use only; you may view them but not set them.

heap dump
"Dump," or list, all the data and memory addresses "piled up" by the Java garbage collector.

Display all available console commands.

log rotate
Compress and save the current log. After you run this command, Nexpose automatically creates a new log.

ping host-address [tcp-port]
Ping the specified host using an ICMP ECHO request, ICP ACK packet, and TCP SYN packet. The default TCP port is 80.

Stop the Nexpose Security Console.

Stop the Nexpose Security Console and then start it again.

[show] scan configs
Show all defined scan configurations.

[show] schedule
Display the currently scheduled scan jobs.

server diagnostics
Display diagnostic information that may be useful for debugging or simply monitoring Nexpose .

show activations

Show pending rule activations for running scans.

show licenses
Display information about all the Nexpose licenses currently in use. Multiple Nexpose licenses may operate at once.

show locked accounts
List all user accounts locked out by the console. Nexpose can lock out a user who attempts too many logons with an incorrect password.

show mem
List statistics about operating system and application memory use.

[show] threads
Display a list of active threads that Nexpose is currently using. This command can be useful for debugging the Nexpose system.

traceroute host-address
Determine the IP route between your local host and the host name or address that you specify in the command. When you execute this command, the console displays a scrolling list of IP addresses of all "stops," or devices, on the given route.

unlock account [name]
Reset the number of failed logon attempts for a locked-out user, allowing that user to attempt to log on again.

update now
Check for updates manually and immediately, instead of waiting for auto-update retrieve the next update.

update engines
Send pending updates to all defined scan engines.

[ver] version
Display the current software version and license numbers of the Nexpose Security Console and local Nexpose Scan Engine and the date of last successful auto-update.

Nexpose Command-Line Operations