If I did, i would have found Nexpose sooner!!!
In our Ethical Hacking module, we have to scan and exploit a target. In reality, this is a VM with Metasploitable installed on it.
However, because we were attacking it from any given location, the IP address associated to each VM had to be accesible outside our closed Forensic Lab network.
This means Nessus was a no go due to licencing restrictions and coupled with the fact that OpenVas is such a ball ache - i thought id give Nexpose a go.
Its great. The user interface is a hell of a lot better than OpenVas and alot more informative than Nessus.
I love the way it has the icon to show if a vulnerability has a corresponding Metasploit module.
You can even download the XML file of the scan and import it into Metasploit if you are feeling lazy!!!
I did have a few qualms with it though.
Massive RAM usage!!!! Even when idle. Not even the webpage is open and its using 4GB. No wonder the installer advises 8GB!
It was a pain in the arse to find a way to stop it. But i figured it out:
cd /opt/rapid7/nexpose/nsc
./nexposeconsole.rc stopThis will stop the service running and instantly free up 4GB of RAM.
To start it again, you would think that you should just replace "stop" with "start" but nooooo, that would be too simple!!!
Instead use:
cd /opt/rapid7/nexpose/nsc
./nsc.sh startBut you have to keep the terminal window open this way. Even if you append a "&" to the end to run it in the background it doesnt work!
There must be a way but i havent figured it out yet.
No comments:
Post a Comment