Nexpose is a vulnerability scanning tool. It is sold as a virtual machine, private cloud deployment, standalone software, managed service, or appliance. The user can interact with nexpose using the web browser. The editions of nexpose are paid except for the free program that is Nexpose community edition. Nexpose is used to scan the vulnerability of a network. Nexpose finds the active services which are running on the machine-like open ports, services and running applications. Using the services, applications, it tries to find the existing vulnerability on the network; It supports vulnerability management's lifecycle, including verification, impacts analysis, discovery, risk classification, detection, reporting and mitigation. The result of nexpose will be shown in the scan report. With the help of the result, we can prioritize vulnerabilities on the basis of the risk factor. After that, we can find the most effective solution for vulnerability.
Metasploit pro and nexpose integrate with each other to provide validation tools and vulnerability assessments that help us verify vulnerabilities, eliminate false positives, and test remediation measures. There are various ways through which we can use nexpose with Metasploit pro. Metasploit pro provides us a connector that is used to add a Nexpose console. Using this addition, we can directly run a vulnerability scan from the web interface and then we can automatically import the result of the scan into a project. In the other method, we can run scans from nexpose and import the result of the scan into Metasploit pro to perform vulnerability analysis and validation. We will select the method according to our situation.
Features of Nexpose
Nexpose works in mobile, virtual, physical and cloud environments to find assets and scan for vulnerabilities within an organization's environment and then prioritize risk according to the exploitability of those vulnerabilities. It also priorities vulnerability patching and schedule scan by enabling administrators and configure security alerts.
Nexpose has a special feature known as Live monitoring, which collects the available data and then converts that data into action plans. Vulnerabilities that are exploited first are found and prioritized by the advanced exposure analytics feature of nexpose. Because of this, the security managers save from getting bogged down with too many security alerts. The Liveboards feature is used to replace the result of a static dashboard with visual reporting that is constantly updated. Rapid 7 introduces a new feature for nexpose named as remediation workflow feature, which is used to track and manage the security staff of the organization and analyze the progress of addressing those vulnerabilities.
Nexpose and Metasploit seamlessly integrate with each other to validate vulnerabilities by attempting to exploit them just as an attacker.
Nexpose has various editions with different deployment options as follows:
Ultimate: It offers hardware appliances, managed services, virtual appliances, private cloud, or software products. All features have a scan engine and an unlimited number of IP addresses.
Enterprise: It offers hardware appliances, managed services, virtual appliances, private cloud, or software products. Medium to large organizations uses it with the security team. It supports scan engine, users and various number of IPs.
Consultant: It offers a virtual application or software product. It is used in the organization, which gives IT security consulting. We can install it only on one laptop. It can scan upto 1,024 IPs and support one scan engine.
Express: It offers as a private cloud, virtual application or Software product. It can support two scan engines and only one user. It is used only in small organizations. It can scan up to 1,024 IPs.
Community: It offers a virtual appliance or software product. It can support one user and one scan engine. It can scan the IPs up to 32.
All product editions include dynamic asset group, exception management, automatic vulnerability updates, RealContext classification. If we want to exclude vulnerabilities from risk score calculation, exception management will help us by allowing the admin to remove vulnerabilities from the asset listing table or report. Dynamic assets groups are the type of groups that meet certain criteria like when we create a vulnerability exception, group members automatically change after occurring a scan. The high priority risks can be determined by the contextual business intelligence provided by RealContext. The distributed scanning, integrated vulnerability validation, hosted perimeter scanning, mobile discovery and assessment and user role customization are included only in ultimate and enterprise editions.
The setup and configuration of Nexpose are very easy. It gives an intuitive web user interface. The product which is designed by nexpose can be deployed within minutes. Using the exploitable skill level or by the score of vulnerability scoring system, the administrator can View the vulnerabilities. The exploitable level of skill categorizes the vulnerabilities.
Pricing, Licensing and Support
The product Nexpose community is freely available online. The purchase of a subscription option is also available for the consultant edition. Pricing and license have various available deployment formats for express, enterprise and ultimate editions. Due to the various deployment formats, it is complex. Nexpose express sans the IPs upto 128, which costs around $2,000. The range of hardware appliances is around $3,000 to $18,000. The enterprise, ultimate, and express editions have a perpetual license.
Rapid7 provides 24/7 basic support using the phone, web, email, hardware appliances while has warranties for 3 years. Super support provides users bi-annual system maintenance, 90 minutes agreement of service-level, on-site emergency support, dedicated account managers and more. On the basis of environment size or number of IPs, the super support cost will vary. But in large organizations, it costs over $20,000.
Nexpose software provides a free trial, and Nexpose enterprise provides a live demo. The user, administrator guide and Nexpose installation are freely available on the internet. White paper, searchable vulnerability database, research reports, webcasts and many more are freely available online tools. The Rapid7 classroom provides nexpose product training. The customers can participate in that training online or on-site at the location of the customer. The Rapid 7 website has free Webinars.
Next TopicPost Exploitation Concept