Nexpose Scan
Now the Nexpose have successfully installed. Let’s see how we can run it and what the tool does. The Nexpose uses its own database, so the first thing we are going to do is turned off the database of Kali Linux. If we both of the database running on the same port, they will conflict with each other. Now, we are going to stop the postgresql service. We should remember that, before we run Nexpose, we turn off our database. The command to stop our database is as follows:
Now, we will navigate to the location where we installed Nexpose. Unless we changed the location during the installation process. The Nexpose will be installed in the opt/raid7/nexpose/ directory. The file that runs the server is stored in the nsc directory, and the file that we want to run is called nsc.sh.
To run any executable, we are going to type in ./ and enter the filename which is nsc.sh. The command is as follows:
Running this command for the first time might take some time. In the following screenshot, we can see that the tool has loaded successfully. It is telling us that we can navigate to it using the https://localhost:3780 URL:
Now we are going to launch our browser and copy the URL that it just gave us. Then it will ask us to enter the Username and Password that we created when we installed the tool:
After logging successfully, it will ask us to enter the product key as shown in the following screenshot:
We know that it is a Free version and when we downloaded the tool we had to fill out a form. In that form, we had to put our email address. This tool sent the product key to our email, so we will go to our email and get the product key and paste it. After pasting, click on ACTIVATION WITH KEY. In the following screenshot, we can see that the activation is successful and it is just showing us information about the license.
We are going to go on Home from the left menu. After that, we will add a target, and then we will do a test. To do this, the first thing we are going to do is click on Create and click on Site to add a target:
We are going to set the Name to metasploitable:
Now we will go to ASSETS tab and we are going to add the target. The target can be a range. We can add a specific IP in the same way we added it when we were doing the network penetration things with Zenmap. In this example, we are targeting the Metasploitable machine. We are going to add the target of Metasploitable machine, which is 10.0.2.4, and we are going to add this to a group named as test:
Now, in the AUTHENTICATION tab, if the target uses some sort of authentication, nobody can access the target unless they need to authenticate with some sort of services like an FTP service, a Telnet, a web HTTP authentication, or an SQL server. We can pick it from the AUTHENTICATION tab, enter the domain, username, and password. That way the framework will be able to authenticate with that service and test the security of our server. But our server doesn’t use any type of authentication, so we don’t need it. If we are targeting a web application that has a login page, for example, Gmail, then we would not have access to most of the Gmail features unless we log in using a certain username and password. Using this feature, we can log in and then test the security of our target.
The TEMPLATES tab is used to select the scan type. It has various scan type same as Zenmap. We’ve seen in Zenmap we had a quick scan, quick scan plus, and intense scan. It is the same. Each one of the profile is different, and it scans different things. In this section, we are going to use scan type as Full audit enhanced logging without Web Spider:
A Web Spider is a tool that is used to find all the files and directories in our targets. We are going to try Full audit without Web Spider, and it is the default one. We will be scanning for ICMP, TCP and UDP ports. We are leaving it the same.
We are going to leave the ENGINE tab same as well that means it is going to use the local engine, which was installed instead of using the one that is provided by Rapid7. The Alert tab is used to set up custom alerts so that when a vulnerability is found, we get a notification. Now we are going to look at SCHEDULE tab. It is a really cool feature. Now suppose we are working on a company that keeps pushing code, new code every day, or maybe we do a test today, and everything we are working is good. Our web server, our programs, everything is up to date and there are no vulnerabilities in them. Let?s say maybe tomorrow someone discovers a new vulnerability with a program that we are using on our web server, or maybe we pushed a new vulnerable code in our project. We are not secure anymore. This feature allows us to schedule this test so that it runs every hour, every week, or every month depending on how critical it is. So, we are going into Create Schedule and create a schedule. In this schedule, we can set a Start Date, and we can set the Frequency to Every Day.
We create that schedule, and then the scan will run every interval that we specify. We can get it to produce a report for us.
The most important part is that we put our target in the ASSETS tab. Then we select a template from the TEMPLATES tab. We have both of these tabs configured, we are going to click on Save and Scan, which will save this configuration and start a scan for us. In the following screenshot, we can see that our asset discovery is in progress, and after that, we will talk about the results that we got: