Wednesday, January 27, 2010

Up and running with Nexpose

Nexpose is a vulnerability scanner made by the team at rapid7 (company that now owns the metasploit project). Its very similar to the popular Nessus, which i haven't blogged about yet but have used in the past (will blog about Nessus soon). Just to point out some of the features quoted from their website at

  • Unrivaled breadth of vulnerability scanning - scans for more than 11,000 vulnerabilities with nearly 40,000 vulnerability checks based on pre-defined scan templates in networks, operating systems and databases (up to 32 IPs)..
  • Regular vulnerability updates - automatically provides vulnerability updates without user intervention. Delivers immediate Microsoft Patch Tuesday vulnerability updates within 24 hours or less to stay current with the changing threat landscape.
  • Prioritized risk assessment - identifies risk based upon how the vulnerability in one system affects another.
  • Remediation guidance - helps resolve vulnerabilities quickly and easily with the information provided in remediation reports.
  • Accurate scan results - delivers accurate scanning results in less time with an expert system that combines traditional scanning methods with assessment processes modeled after human decision making.
  • Out-of-the box Metasploit integration - works with the Metasploit Framework to provide remote scan control, exploit identification and automated exploitation functionality to NeXpose users.
  • Extensive community support - provides collaboration and knowledge exchange among security professionals via full access to the Rapid7 Community Portal at
  • Simple deployment- easily deploys as a software solution on laptops and desktops.
  • No cost start-up security solution - provides a free entry-level vulnerability management solution.
Nexpose can work both on 32 and 64 bit versions of linux and windows. Installation is simple and straight forward as long as you are very precise in following instructions :). I used tutorial to get things up and running.


[Using NeXpose]

No comments:

Post a Comment