Metasploit & Nexpose tutorial Part -I

You will learn more about NeXpose and Metasploit features, their usage, and how you can best utilize these tools in order to perform penetration testing or a security assessment of your organization. Specifically, in this module, you will be able to learn more about NeXpose, the great vulnerability assessment and management software available on the market. In the field of security testing or penetration testing, a vulnerability assessment plays an important role in order to successfully penetrate into any network or system. To achieve this goal or perform the tasks, you need a cutting-edge vulnerability assessment tool in order to assess the security of the target network or, in other words, perform a vulnerability assessment.

NeXpose isn’t the only tool available in the market to perform vulnerability assessment, however, it is one of the best among the industry-leading tools in vulnerability assessment.

Basically, the vulnerability assessment leads to the exploitation phase in the ethical hacking or penetration testing lifecycle and NeXpose gives you an edge and represents how you can exploit the discovered vulnerability.

Industry Comments:

Like any other security product, NeXpose has certain requirements for its installation. You should know in detail how you can get the most out of this tool.

NeXpose Installation Requirements Minimum Hardware

* 2 GHz+ processor

* 8 GB RAM (64 bit)

* 80 GB+ available disk space (10 GB for Community Edition)

* 10 GB+ available disk space for scan engines

* English operating system with English/United States regional settings

* 100 Mbps network interface card+

Operating Systems

64-bit versions of the following platforms are supported:

* Microsoft Windows 7, Windows 8, Server 2008 (R2), Server 2012, Server 2012 (R2)

* Red Hat Enterprise Linux 5.x, 6.x

* Ubuntu Linux 10.04 LTS, 12.04 LTS

* Kali Linux 1.0.x

* Virtualized Machines on VMware ESXi 5.x, VMware vCenter Server 4.x, VMware vCenter Server 5.

NeXpose Editions

NeXpose comes in a couple of different editions with flexibility and capabilities ranging from the individual user to the ultimate level as shown in the below figure.

Details on all of these editions are available on the rapid7 official page on this link.

Our workshops will use the consultant edition in our lab.

Why Use NeXpose?

In the overall penetration testing or ethical hacking lifecycle, “Vulnerability Assessment & Management” is the actual phase where you discover potential vulnerabilities in the targeted network or system. There are many tools available in order to automate this process that enable security professionals or administrators to effectively determine the security posture of their network.

NeXpose helps in different ways to achieve this goal and provides support for performing an in-depth vulnerability assessment. This tool is better than the other vulnerability assessment tools available in the market. The best part is that it provides details on available exploits on exploit-DB and Metasploit Framework for the discovered vulnerabilities and creates files in the same configuration as the Metasploit Modules, which you can use to configure Metasploit for exploitation. NeXpose has great compatibility with the Metasploit Framework, which gives it another edge in the industry and an advantage for security testers.

NeXpose also comes in a standalone virtual box that you can integrate into your virtual servers as a separate deployment. NeXpose scan engine and its security console give another edge for its performance and better reliability. You will further explore this tool’s features in the workshop and a complete walkthrough of its usage.

NeXpose Components

NeXpose architecture is distributed into two main components; a central server, and one or more scanning engines. The central server is called the NSC (NeXpose Security Console) and the scan engine is called NSE (NeXpose Scan Engine). The main purpose of a central server is to run a Web server process in order to provide access to its users and connect with a backend database for information storage and a scan engine to scan assets.

Additional scan engines can be placed similarly within the network to originate scanning under the control of the NSC. This is a distributed architecture with scan engines and servers communicating over a secure connection.

If you have a NeXpose Security Console (NSC), it will perform the following operations:

* It communicates with Scan Engines to start scans, retrieve scan information, and store scan data.

* It provides a Web interface for managing all NeXpose operations.

* It downloads product and content updates from the Rapid7 update server.

* The Security Console Appliance also includes a local Scan Engine.

* If you have a NeXpose Scan Engine (NSE), your appliance performs asset discovery, vulnerability detection, and policy compliance testing. A Security Console controls it.

Vulnerability Assessment & NeXpose

In today’s war of performing vulnerability assessments with the available tools in the industry, one of the biggest challenges for any vulnerability management program is the analysis of scan results. If you want good, verifiable, and actionable results, in order to effectively remediate them, you need some solutions for the discovered vulnerabilities, or else you can be overwhelmed with false positives that can affect the overall vulnerability assessment process or the program.

The above NeXpose architectural model provides a design to solve this problem and has the flexibility for building a simpler vulnerability check model with a higher degree of accuracy. Vulnerability scans with NeXpose generate real risk analysis, credible remediation plans, and easy-to-use data management functions. This is achieved by extensive Vulnerability Detection based on proactive scanning of systems and services; it also covers websites and databases.

To provide more focused and dedicated scans, NeXpose has templates to be used for different multiple predefined scan types and you will get the flexibility to create your own. However, the existing templates cover a wide range of scenarios and include full/normal audit, denial-of-service, penetration testing, and database testing.

Moreover, NeXpose can also help you to identify known vulnerabilities along with the configuration compliance issues for:

* Web sites/services

* Databases

* Network equipment

* Operating systems

* Applications

All this detection happens during the same scan and from the same scan engine, hence it makes it simpler for you to configure and to get all the information you need at one time for any usage.

Vulnerability Reporting and NeXpose

For an ethical hacker or a professional penetration tester, the main challenge is to report what he or she has been doing in the overall vulnerability assessment or exploitation phases or the complete ethical hacking lifecycle execution. This requires some good presentations along with the technical details, as well as a business-related management summary so that an ethical hacker can explain what he or she has been performing while trying to ethically hack the targeted network. To achieve these tasks when you are finished with vulnerability scans or compliance scans, you can now assess the risk and determine what is most important for the targeted network environment. NeXpose includes several reports that help with this, including:

* Prioritized Remediation Report

* Top 10 Vulnerability Report

* Audit Report

These reports conclusively cover all available patches and all known vulnerabilities in the targeted network environment and provide a prioritized list of which remediations will have the most impact on risk in the environment.

NeXpose also offers the flexibility to report on the assets and vulnerabilities that are important in the targeted network environment by means of rich asset and vulnerability filtering. Such reports can be automated from the UI or API so that as soon as a scan completes, remediation owners get the accurate and detailed information they need to do their jobs and stakeholders can get accurate information on how risk is changing over time. Report generation is another major factor to make this tool the best among the best because it will not disappoint you if accuracy in report generation is of more importance than simply dumping the report content.

In summary, NeXpose provides a detailed and in-depth vulnerability assessment and management along with a step ahead assistance in the exploitation phase of penetration testing or ethical hacking. It is recommended to have detailed hands-on skills if you want to stand out from others in the penetration testing field.

We hope this has been informative for you and thank you for completing the module. In the next module, a Metasploit in-depth study will be covered, and later we will explore how to work with NeXpose and Metasploit together to perform an extensive security assessment.


Cyber Security Analyst & researcher

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store