Installing Nexpose Vulnerability Scanner on Debian/Ubuntu

29/12/2020
Chưa phân loại
Nexpose is a very potent security scanner developed by Rapid7, the same developers of Metasploit. Nexpose is among the best security scanners, despite it’s low popularity, it is newer than OpenVAS, Nessus and Nikto and has a very friendly graphical interface similar to OpenVAS/Nessus.

Nexpose is a great tool to audit servers and networks looking for security vulnerabilities, it allows to automatize security audits, can be combined with Metasploit and includes a Remediation Report to fix found security vulnerabilities. It requires a minimum of 8GB ram to run.

Downloading Nexpose:

Access Rapid7 trials page here and fill the form and press SUBMIT.

Select the Linux by pressing on 64-Bit and save the bin file.

You will receive an e-mail with the license, save it.

Installing Nexpose:

 

To install Nexpose give the downloaded file execution permissions by running:

chmod +x  Rapid7Setup-Linux64.bin

Then run:

./Rapid7Setup-Linux64.bin

You’ll be asked if the installation should proceed, press ENTER.

Then you’ll be asked if you want to include the Security Console, press ENTER to install it.

Next you’ll be asked for Nexpose’s directory, I recommend to leave the default one but you can change it. If you want the default directory press ENTER.

The following screen will inform about Nexpose’s requirements. You’ll be informed if your device has the minimum requirements. Press ENTER to continue.

Nexpose’s default port is 5432 . If you have Metasploit probably your port is busy. You can assign any port you want. If you want the default one press ENTER.


You’ll be asked for personal information, username and password, answer each question.

Say yes when asked if Nexpose should start after the installation.

Once the installation ends press ENTER to exit the installation process.

Run Nexpose’s server by typing:

systemctl start nexposeconsole.service

Or

service nexposeconsole start

Make sure it runs by typing

service nexposeconsole status

Now let’s open the console, open in your browser https://localhost:3780

Before the SSL certificate error, press Advanced and add an exemption to access the console.

Nexpose may take some minutes to start while updating it’s database,

After loading it will ask for credentials, before logging start Nexpose by running.

sh /opt/rapid7/nexpose/nsc/nsc.sh

Now you can login using the username and password you provided during the installation process.

Then you’ll be asked for the license number you got in your inbox, fill it and press on ACTIVATE WITH KEY and wait until it gets activated.

NOTE: When writing this tutorial I messed up with Nexpose’s credentials. I failed to find a way to reset the password from the command line  for Nexpose’s current version. The only way to fix it was to remove the /opt/rapid7 directory and execute the installer again using a new license key.

Getting started with Nexpose Security Scanner

After logging in into Nexpose, the first step is to add our target/s, in order to do it press on “Create Site”


On the first screen you only need to add descriptive information to identify your target easily.

After filling the informative data click on ASSETS and define your target as shown in the picture.

After defining your target press on TEMPLATES, we’ll carry out a deep scanning but we’ll avoid excessive time by selecting a full audit without Web Spider.

After selecting FULL AUDIT WITHOUT WEB SPIDER click on the light blue button SAVE & SCAN. if a confirmation dialog box prompts confirm the scan.

The scanning process will start and may take long time because we selected a full audit.

After 20 minutes our scan against LinuxHint.com ended

We can download the log or additional data, on COMPLETED ASSETS you’ll see your target’s IP or URL, click on one of them to see the report.

After pressing on our ASSET scroll down to check for the vulnerabilities found.

Nexpose found a problem in LinuxHint’s SSL signature. As a blog without important transactions the problem is irrelevant but it could mean a threat for a website exchanging sensible information.

At the left side of your screen you’ll see icons which will display the main menu as shown in the image

From Assets you can determine your targets and launch scans as explained above, you can try different templates and submit asset groups.

Nexpose’s graphical graphical interface is very intuitive, you just need to remember to execute the nexposeconsole service and /opt/rapid7/nexpose/nsc/nsc.sh before accessing the console.

I hope you found this introductive tutorial to Nexpose productive, Nexpoe is a great security scanner. Keep following LinuxHint for more tips and updates on Linux.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Make a bootable Linux USB using Linux Live USB Creator 2.9

Linux Live USB Creator is a free yet powerful open-source software for creating a portable, bootable and virtualized USB...
28/12/2020

Redmine – Hướng dẫn cài đặt Redmine trên CentOS 7

Redmine là một ứng dụng nguồn mở sử dụng để quản lý dự án và kiểm soát các vấn đề liên...
30/12/2020

Install Rancher OS – The Container Operating System

Rancher OS is a container operating system. It is used to build a very lightweight Docker host that can run on very low...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Reliable IPv4 and IPv6 Subnet Rental Services: The Perfect Solution for Global Businesses
23/12/2024

Tìm Hiểu Về Thuê Proxy US – Lợi Ích và Cách Sử Dụng Hiệu Quả
11/12/2024

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024