Scanning with NeXpose
In the previous recipe, we discussed Nessus as a potential vulnerability scanner. In this recipe, we will cover another important vulnerability scanner NeXpose.
NeXpose is a popular tool by Rapid7 which performs the task of vulnerability scanning and importing results to the Metasploit database. The usage of NeXpose is similar to Nessus which we learned in the previous recipe, but let's have a quick overlook of how to get started with NeXpose. I will leave the task of exploring it deeper as an assignment for you.
Getting ready
To start the NeXpose from the msf console, we will first have to connect the database to Metasploit, and then load the plugin to connect it with the NeXpose server to start the process of target scanning. Let us execute these steps in the command line.
msf > db_connect msf3:8b826ac0@127.0.0.1:7175/msf3 msf > load nexpose msf > nexpose_connect darklord:toor@localhost ok [*] Connecting to NeXpose instance at 127.0.0.1:3780 with username darklord...
How to do it...
Now that we are connected with our server, we can scan our target and generate reports. There are two scan commands supported by NeXpose. One is nexpose_scan and the other is nexpose_discover. The former will scan a range of IP addresses and import the results, whereas the latter will scan only to discover hosts and services running on them. Let us perform a quick scan on our target using NeXpose.
msf > nexpose_discover 192.168.56.102 [*] Scanning 1 addresses with template aggressive-discovery in sets of 32 [*] Completed the scan of 1 addresses
How it works...
Once the scan is complete, we can view its results by using the default database commands of the msf console.
Let us see what scan results have been produced by NeXpose:
msf > hosts -c address,os_name,os_flavor Hosts ===== address os_name os_flavor ------- ------- --------- 192.168.56.102 Microsoft Windows XP msf >
There's more...
After the information has been collected, the final step will be importing the results. Let us see how it is executed.
You can skip this information if you have used Nessus and NeXpose from msfconsole.
When you are using the GUI version of either Nessus or NeXpose, you will have to manually import the scan results to the database. The reason why I am laying stress on importing and storing results is that in our next chapter we will see how we can use the autopwn command to automatically run exploits on hosts present in our database. So, in order to import the scan results, we will use the db_import command as follows: db_import filename
msf > db_import nexposelist.xml [*] Importing 'Nexpose XML (v2)' data [*] Importing host 192.168.56.102 [*] Successfully imported /root/nexposelist.xml