Tag Archives: Vulnerability

Nexpose Scanner – Quick Setup

My last blog post was related to setting up Nessus home edition scanner for your lab to do testing. Nessus is properly what I am most familiar with and I like it. I also have some experience using Qualys scanner but it has been couple years since I have used it. However, the scanning technology that I have only heard of but never actually used is Nexpose. So for that reason I figured I give it a try.

Similar to other commercial scanning technologies, there is a community edition of Nexpose that you can download in your home lab for testing from here.

They have a pretty straight forward user/installation guide here, which I followed in my installation. But just in-case, here is the high level overview of how I did my setup.

  • Selected the VMWare Virtual Appliance option of the Community Edition
    • Completed the online forum and received the activation code in the email
    • The download contains 1.02GB of .ova file called NexposeVA.ova
  • I opened that file using VMWare Workstation
    • Please note that by default, it allocates 8GB of memory, 2 processors and 160GB of disk space. So, please modify these settings if you do not have those resources available before you power-on the VM.
  • After the VM completely boots, you will login using the following credentials: login: nexpose password: nexpose (please change this)
    • If you just want to complete the most basic setup and want to get up and running immediately without messing with any of the advance configurations or upgrades, the only configuration you need to do is networking. The virtual appliance is setup in bridge mode by default and should be able to get you an IP automatically. But if you need to give it static IP then you will have to do that manually.
  • At this point you are pretty much done with the setup. You will be able to complete the rest of the setup by accessing your Nexpose instance by typing following in your browser: https://%5BVM-IP-Address%5D:3780
    • The default username for the web interface is: nxadmin and the password is: nxpassword
    • After your first logon, the initlization process will take some time. For me, it was about 5-7 minutes.

Login Page

  • Like I said earlier, this was my first time using Nexpose so I did not know the exact steps to follow after logging in. But my goal was to run couple different scans against all of my lab machines (14 active IPs). So, without reading the user guide and only spending sometime familiarizing myself with the interface, following is the approach I took to setup my scans.
  • Create a “New Static Site
    • To me, this is similar to the Organization in Nessus (SecurityCenter)
    • Assets: here you provide the name of your site, list all of the IPs (assets) that are part of this site. I added my 14 IPs here.
    • Scan Setup: this is where you choose the type of scan. I personally did not like the scan setup option being part of the Site Configuration because each time you need to run a different type of a scan it seems like that you need to go and edit the site.
    • Credentials: In the next tab you can provide credentials. I like how it gives you the option to restrict each credentials to specific IP.
    • Web Application: next there is option for doing authenticated scans against a web application target. I did not explore this since I don’t have a test web application, yet.
    • Organization and Access: these two seem optional: Organization information and the ability to restrict access to this site to selected users.

Site Configuration

  • At this point you are ready to kick of your scan. Simply go back to your home page and find the “Scan Now” option towards the middle of the page. New window will come up and notice there you have the option to change Site; if you have multiple sites. But by default the site that you created in the previous step should be selected and you should see all of you assets (IPs) listed. And if you want to run the scan against all of those assets you kick it off by clicking “Start Now” but if you want to exclude some IPs or run it against only specific IP you can do that on this same screen.

Start New Scan

  • In the next screen you will be able to see the scan progress in real time.

Scan Progress

  • You will be able to see the scan results right after the scan completes. The scan results seen below are from a non-credentialed, exhausted scan against my lab machines.

Scan Results

  • The screenshot below shows the vulnerabilities tab of the web interface. You will notice the two columns that represent malware and exploit present; right before CVSS and Risk columns. This feature is different from Nessus but I like it. I think the commercial version of Nexpose allows you to take this to the next step and actually run an exploit.

Vulnerabilites

  • The last feature that I wanted to explore was reporting. By default, there are several report templates that are available for you to select from:

All Report Templates

  • By simply selecting the template that you want from above you can choose the file format (PDF, XML, Excel), the scope (individual scan, assets like, from filters) and lastly the report frequency.
  • Here is the same report from my lab asset group:

Sample Report

This concludes the basic, quick deployment and walk-through of the commercial Nexpose. By using the virtual appliance option, the deployment is almost effort-less. And even after the deployment, setting up assets and kicking off basic scans from templates is straight forward. I will continue to use it on my lab machines and will share any new things that I discover that are worth sharing with new users!

Tagged , ,

Nessus Scanner – Quick Setup

Unfortunately, after my last CDR post  – for some unrelated reason, I had my main lab system crash and now I have to rebuild most of the different lab machines that I had before. Obviously this is little frustrating because I had everything setup the way I wanted it and now I have to pretty much start from scratch. But to make this rebuilding process little more pleasant and productive, I think I am going to document and share some of the labs that I am going to build. Most of these are going to be pretty simple to setup without much difficulty using VMware Workstation. I am not going to go over setting up VMware Workstation since there are already a ton of YouTube videos on it.

First we are going to select the platform that we are going to use for most of these machines – our choice: Ubuntu 13 Desktop.

The first tool that we are going to install is Nessus vulnerability scanner. In the first CDR project, we used Nessus as one of our reconnaissances tool along with Nmap. However, this tool can be used in just your lab or home network for identifying vulnerabilities in your systems.

We are going to be installing the latest version of Nessus v6 Home – as of this post. For the operating system, we will choose Ubuntu 11.10, 12.04, 12.10, 13.04, 13.10, and 14.04 AMD64 and download the .deb package.

Here are the sequence of commands after you have downloaded the package and opened the appropriate download directory in the terminal.

Nessus_installationWe are pretty much done. The only thing you need to check is if the Nessus service is running. Usually, it starts automatically but you can verify by running: service nessusd status. If the output shows stopped then simply run the following to start it: service nessusd start.

After above, open your browser and type your ip and port 8834. You can find your ip address by running ifconfig in your terminal. My ip address on this machine is: 192.168.244.178.

LocalIP

 

You should get a similar page as above. Follow through the prompt and in couple screens you will have the option to create an initial account for your Nessus scanner. After that you will need to provide Plugin Feed Registration. For home use you can request the activation code by completing the following: http://www.tenable.com/products/nessus-home

After completing all the steps thus far – you are done with installing your Nessus scanner. Now you need to configure you scans. Following are the basic steps to configure a scan:

New Scan > Basic Network Scan > [Complete the General Page with the Name of the Scan and the target IPs]. On the left side you have additional scan options that you can play around with. After you are done with making your selections, simply hit save and your scan will automatically start. The scan duration depends on the number of IPs that you are scanning and if they are credentialed or  non-credentialed.

After your scan completes you will be able to see the scan results and drill down on each host to see the details on the findings.  Later you can also run just reports against previously ran scan.

This is pretty much all you need to do for the basic setup. Feel free to run more scans and try to run credentialed scan as they will provide most comprehensive vulnerability information and its also least intrusive on your target systems.

Until next time!

 

Tagged , ,