Nexpose analysis Once the scan is over, we are on the  Asserts  page. In the following screenshot, we can see that we have  one  asset scanned, and the asset is running on  Ubuntu . The skill that we need to hack into this asset is  Novice : As we can see in the preceding screenshot, Nexpose shows us much more information than the Metasploit Community. Nexpose is a much more advanced vulnerability management framework. We can see in the following screenshot, we scanned  one  target which is  METASPLOITABLE , the site is  Global , and it is running on  Ubuntu Linux 8.04 . We discovered no malware,  175  exploits, and  306  vulnerabilities. With Metasploit Community, we only discovered  1  exploitable vulnerability and  8  modules that can be used. But in Nexpose, we discovered 306 vulnerabilities. In this, we discovered many more vulnerabilities and exploits than Metasploit Community. We...

  Nexpose Scan Now the Nexpose have successfully installed. Let's see how we can run it and what the tool does. The Nexpose uses its own database, so the first thing we are going to do is turned off the database of Kali Linux. If we both of the database running on the same port, they will conflict with each other. Now, we are going to stop the  postgresql  service. We should remember that, before we run Nexpose, we turn off our database. The command to stop our database is as follows: Now, we will navigate to the location where we installed Nexpose. Unless we changed the location during the installation process. The Nexpose will be installed in the  opt/raid7/nexpose/  directory. The file that runs the server is stored in the  nsc  directory, and the file that we want to run is called  nsc.sh . To run any executable, we are going to type in ./ and enter the filename which is  nsc.sh . The command is as follows: Running this command for the fi...

Installing Nexpose In this section, we are going to discuss about the tool called as  Nexpose . This tool is made by  Rapid7 . Nexpose is made by the same people that made Metasploit and Metasploit Community. Same as Metasploit Community, it has a web GUI, and it allows us to discover vulnerabilities. It is also used to map these vulnerabilities to existing exploits. The difference between Metasploit Community and Nexpose is Metasploit Community only showed us exploits that can be used within Metasploit, and Nexpose shows us exploits that have been published somewhere other than Rapid7 and Metasploit. It shows us more vulnerabilities, and it works on a large scale. It also helps us to create a report at the end of the scan, and we can share this report with the technical people, or with the managers. It also helps us to create schedule scans. Suppose, for example, we are working on a big infrastructure company and we want to do regular scans every week or every month, then thi...

  MSFC analysis The scan process is over, and it takes nearly two minutes. If we click on  Metasploitable  machine, we are going to see that we have discovered  one  new hots,  33  new services installed on it, and it is also managed to detect  one  vulnerability: Fig: Metasploitable scan Result Now we are going to  Analysis | Hosts , and see that we have our host IP which is  10.0.2.4 , and it has been scanned correctly. It has the  VMware , it has  server , and it is running on Linux  8.04 : Fig: Host Scan If we click on IP  10.0.2.4 , we are able to see the installed service as shown in the following screenshot: Fig: Installed services In the above screenshot,  NAME  shows the name of the service.  PROTO  shows the protocol.  STATE  shows the state of port.  SERVICE INFORMATION  shows the service information. Let's take an example,  dns  is running on port...