Playing with NeXpose and Metasploit

a href=”http://secanalysis.com/index.php/blog/1-blog/17-a-bit-of-perspective-on-the-acquisition-of-metasploit”>My thoughts on the Rapid7 acquisition of the Metasploit project aside, Rapid7 and HD Moore’s Metasploit team have been quick to produce an interesting integration between Rapid7′s NeXpose vulnerability scanner and the Metasploit exploitation framework. In particular, Metasploit is now capable of leveraging NeXpose’s vulnerability scanning engine to determine vulnerabilities that can be exploited via Metasploit modules. Better yet this can all be done for FREE (as in Beer) with NeXpose Community Edition, Rapid7′s recent free release of their Rapid7 Enterprise vulnerability scanning product. Granted, this capability scanning/exploitation can also be produced with a simple PERL program and the Tenable Nessus free scanning engine as well. Competitively Core Impact has long been able to import Languard, IP360, Nessus, Qualysguard and Retina scan results for automatic exploitation as well.

Personally though, when it comes to free products, I actually already prefer NeXpose Community Edition (CE) to the current version of Nessus. Although I must admit this preference is not grounded in any type of scientific comparison between the two products but rather a bit of lasting disdain for the Nessus product since Tenable closed the open-source project in 2006.? In my humble opinnion the open-source spinoff created in the gNessus project, now known as OpenVas may have kept the spirit of the Nessus project alive but failed to maintain a unified Nessus community, which seems to have resulted in less development and passion in the project itself. As for the Nessus product itself, I have found the free version a bit frustrating. Regardless, NeXpose CE is a viable alternative to any vulnerability scanning engine as long as a user doesn’t need to scan more than 24 IP addresses at a time (product limitation). Regardless, the integrated Metasploit and NeXpose capabilities tore apart the SecAnalysis vulnerability lab in no time at all…

Getting Started

In order to begin working with Metasploit and NeXpose within the SecAnalysis vulnerability lab I first began by reading the Metasploit user’s guide for intructions on how to use the NeXpose plugin. I realize that a lot of folks don’t like to do the upfront reading but as is normally the case, I strongly recommend it.? The Metasploit user guide NeXpose intructions can be found here.

Once I got the instruction reading out of the way I got started. I turned up a few of the virtual machines I had handy. In particular I turned on the following:

  1. A vulnerable Windows 2000 machine with IIS 4.0 running
  2. A vulnerable Windows XP machine
  3. A patched Windows XP machine
  4. A vulnerable Windows 7 machine
  5. A vulnerable Windows 2003 machine
  6. A vulnerable Windows 2008 machine
  7. A FreeBSD machine with FreeNas
In the end, there were 4 sessions produced. The entire scan took a total of about 35 minutes.? All-in-all it was what was to be expected, it’s a quality scanning engine with a quality exploitation framework. Kudos to the folks over at Rapid7/Metasploit

| Hacking Made Easy Way With NeXpose and Metasploit

Comments are closed.