2 min
Nexpose
Why that CVSS score? HTTP TRACE vulnerability-your questions answered
Recently we saw that there were some questions on Twitter about the HTTP TRACE
vulnerability check in Nexpose, specifically around the CVSS score. Thank you
@digininja [http://twitter.com/digininja], @tautology0
[http://twitter.com/tautology0], and @raesene [http://twitter.com/raesene] for
raising this issue - we love to hear from our users and appreciate honest
feedback on our solutions. Questions like these cause us to challenge our own
assumptions and reasoning, which is always a healthy pr
2 min
Nexpose
Nexpose API: SiteSaveRequest and IP Addresses vs Host Names
With the release of Nexpose 5.11.1
[https://help.rapid7.com/nexpose/en-us/release-notes/] we made some changes
under the hood that improved scan performance and scan integration performance.
As a result of those changes, the rules applied to using SiteSaveRequest in API
1.1 became stricter, which may have caused issues for some users. In the past
this "worked" for the most part, though there were certainly side effects
observable in the Web interface after the fact. Since these issues were not
a
2 min
Nexpose
Improve your scan performance with Scan Engine pooling
You can improve the speed of your scans for large numbers of assets in a single
site by pooling your Scan Engines. With pooling, the work it takes to scan one
large site is split across multiple engines to maximize pool utilization.
Additionally, engine pooling can assist in cases of fault tolerance. For
example, if one Scan Engine in the pool fails during a scan, it will transfer
the scanning tasks of that asset to another engine within the pool.
Available with the release of Nexpose 5.11, thi
2 min
Nexpose
Site Consolidation with the Nexpose Gem
The introduction of the scan export/import feature opens up the ability to merge
sites, at least through the Ruby gem.
Imagine a scenario where you had split up your assets into several sites, but
now you realize it would be easier to manage them if you just merge them into
one. Maybe you have duplicate assets across sites and that wasn't your intent.
The script below allows you to merge multiple sites into one. I replays the
scans from each site into the new one (in just a fraction of the amou
2 min
API
Scan Export/Import Using the nexpose-client Gem
The latest release (5.10.13) introduces a new feature into Nexpose, scan
exporting and importing. We're looking to address a need in air-gap
environments, where customers can have multiple consoles to address network
partitioning. This approach is not without its warts. For example, if you have
deleted assets from a site, this process will bring them back to life.
This post is going to walk through a pair of Ruby scripts using the
nexpose-client gem. The first script will export the site config
2 min
Nexpose
Software defined security made real
This week were headed for VMworld 2014 in San Fransisco and we're excited to be
talking about how Rapid7 is partnering with industry leaders like Symantec, Palo
Alto Networks, and of course VMware to build out the VMware NSX security
ecosystem [http://www.vmware.com/products/nsx/resources.html]. Together we've
created an integrated system that collaborates together leveraging the NSX
platform [http://www.vmware.com/products/nsx] to automate risk identification
and mitigation for VMware customers
3 min
Nexpose
Microsoft False Positives: "The update is not applicable to your computer"
One of the most common false positive cases we see from a support perspective is
a situation where Nexpose reports a vulnerability because a specific patch is
not installed, but when you try to apply the patch, the system will not let you
install it and says the patch is not applicable.
In many cases, this ends up being caused by another patch that is installed on
the system that prevents the patch you are trying to install from being
installed. Sometimes the patch that is installed and preven
2 min
Metasploit
Federal Friday - 4.25.14 - A Whole Lot of Oops
Happy Friday, Federal friends! I hope all of you enjoyed some nice family time
over the respective holidays last week. After a successful Marathon Monday here
in Boston we're blessed with chirping birds and blooming flowers (finally)!
As you all probably know by now, Verizon released their latest DBIR
[http://www.verizonenterprise.com/DBIR/2014/reports/rp_dbir-2014-executive-summary_en_xg.pdf]
report earlier this week. While this report covered a wide range of topics in
regards to breaches, I
3 min
Nexpose
Using Nexpose to Stop the Bleeding (Scanning for the OpenSSL Heartbleed Vulnerability)
By now you have almost certainly heard about the recently disclosed OpenSSL
Heartbleed vulnerability [/2014/04/08/gaping-ssl-my-heartbleeds]
(CVE-2014-0160). The April 9th update for Nexpose includes both authenticated
and unauthenticated vulnerability checks for Heartbleed.
Scanning your assets with the regular full audit template, or indeed any
template that isn't tuned to exclude many ports or vulnerabilities, will
automatically pick up this vulnerability. But it is also possible to create
2 min
Nexpose
Rapid7 part of VMware NSX Partner ecosystem
We're very excited that VMware is showcasing Rapid7 as an official VMware NSX
Partner
[https://blogs.vmware.com/networkvirtualization/2013/08/vmware-nsx-partner-ecosystem.html]
at VMworld 2013 this week, demonstrating how we provide best-in-class
vulnerability management for virtual networks.
Rapid7 has been a longtime partner with VMware. In 2011, we introduced our
vAsset discovery [/2011/11/01/virtualization-introduces-new-security-gaps]
method that allows Nexpose to have real-time visib
2 min
Nexpose
Bulk Asset Delete Operations via the Asset Filter Page
The latest release of Nexpose allows a user to delete multiple assets at once
via either the site page or the asset group listing page. However, if a user
needs to delete a range of assets which aren't represented by an existing site
or group he can use the Asset Filter page to build a query and then define an
asset group through which the bulk delete operation can be invoked.
Clicking on the Asset Filter button will bring up a new page that allows you to
build an Asset Filter query that can
7 min
Nexpose
Asset Discovery Troubleshooting Guide
This guide is designed to show you how to determine the cause of and solution to
the most common difficulties experienced during asset discovery in Nexpose.
The following common issues will be covered here:
1. None or only a few assets are found to be alive
2. Scan appears to hang or is taking too long after finding live assets
3. Incorrect number of open ports on one or more assets
After reviewing the issue that applies to your scan head down to the end of this
guide for detailed troubles
7 min
Nexpose
Simplifying Security Programs with Nexpose 5.7
We are pleased to announce the next version of Nexpose, version 5.7. This
release focuses on helping to provide context on how well your Security Program
is performing and helping you simplify your vulnerability management processes
to help you save time.
The last release of Nexpose, Nexpose 5.6
[/2013/04/25/simplify-vulnerability-management-with-nexpose-56], introduced the
new Top Remediation
[/2013/05/15/nexpose-56-top-remediation-reports-reports-that-provide-the-biggest-bang-for-your-buck]
2 min
Nexpose
Assessing risk using Security Intelligence
Robert Lemos wrote an interesting article
[http://www.darkreading.com/vulnerability/vulnerability-severity-scores-make-for-b/240157339]
about how CVSS alone does not necessarily give you enough information for
effective remediation prioritization. Adding context about which vulnerabilities
are being exploited easily using known exploits provides a much better way of
determining whether or not a given asset is at risk from a real attack. Quoting
the research completed by Luca Allodi and Fabio Ma
6 min
Nexpose
Guide to HTTP Header Configuration
Guide to HTTP Header Configuration
This guide is designed to show how to setup an authenticated web application
scan using HTTP Headers using Metasploit as the target web application. We will
also go over using the Firebug and Cookie Importer Add-ons in firefox to
manually test HTTP headers.
The first thing we want to do is open Firefox and download the ‘Cookie Importer'
and ‘Firebug' Add-ons.
Now that we have our Add-ons installed we will want to restart our brower and
then start