In this blog, we’ll discover Nexpose, which is related to scanning a vulnerability network. There are different vulnerability scanners but the part that holds it special is its smooth user interface and robust reporting possibilities it offers, from the most common to the advanced.
Introduction to Nexpose
Nexpose is one of the best vulnerability evaluation tools. It works across physical, virtual, cloud and mobile settings to discover the current services, open ports, and running forms on each device, and it works to identify vulnerabilities that may exist based on the characteristics of the known duties and applications. Though Nexpose reveals the results into scan reports, which supports prioritizing the vulnerabilities based on the risk factor and determining the most efficient solution to be completed.
Which are the Important Nexpose terminologies?
- Assets – A host on a network
- Site – A reasonable group of assets that has a dedicated scan generator
- Scan Template – A template that describes the audit level that Nexpose uses to perform a vulnerability scan.
- Local Scan Engine – Scan Engines are accountable for performing scan jobs on your assets.
How do we install Nexpose Virtual Appliance?
Let’s begin the Nexpose installation over our Virtual Machine. From here we’ve downloaded the Nexpose VM. Firstly, we’ll continue Nexpose in our VMware Workstation and power it ON. As quickly as it boots up, we’ll see our failure login credentials – Username and Password. Furthermore, we have to set a new password according to the conditions.
Afterward, use the ifconfig power in your Nexpose to check our organization’s IP address so that we can log into the Nexpose’s web interface.
Now provided with the IP we need to set the HTTPS and port 3780 is the Nexpose’s default port.
URL : https://<Nexpose_IP>:3780
Though we’ll be welcomed with a notice about a Security Certificate, therefore, to use Nexpose, we’ll have to get over this information. Click on Advanced, resulting in Accept the Risk and Continue.
You will then be redirected to a login page, given the default username and password.
Further, you’ll be asked for an activation Key, providing the license key that you’ve experienced at your email address.
As soon as you’ve logged in and created all the necessary activations, the Nexpose Security Web Console page will begin and we’ll be ready to fulfill any scan.
How do we Run Vulnerability Scans?
In series to begin with a new scan, go to the home page, tick the Create dropdown, and select Site. The Security Console will present the “Site Configuration” screen.
On the General tab, we have to give the title and describe our site. We can also set its attention from Very Low to Very High.
The Assets configuration page contains two sections: Include and Exclude. In the Authentication section, if we require to put any credentials, we can do that here. Basically, we handle a credential-based scan by implementing the method with a username and a password.
Afterward, set up a particular Scan Template, we’ve applied the default Scan Template i.e. full Audit without Web Spider.
So now we have to choose an engine for our scan, although we’re choosing the Local Scan Engine. Now since we’ve created all the necessary knowledge to set up our site for a scan. To start scanning, press the Save and Scan button at the top right corner of our Nexpose console panel.
Once the scan is finished, the result simply means the number of possessed vulnerabilities, the risk score, and the continuation of the scan.
How do we Generate Reports?
Now we can create the new records in the Reports tab by completely giving it a title, choosing the scan along with the template and the arrangement in which we require our reports to be.
If you have any doubts about the Nexpose installation and services don't hesitate to contact us through the below email. Airzero Sec will be your digital partner. Email id: [email protected]
Author - Johnson Augustine
Ethical Hacker and Data Security Researcher
Founder: Airo Global Software Inc
LinkedIn Profile: www.linkedin.com/in/johnsontaugustine/