NeXpose
最終更新:ID:cruIrYQZ0g 2012年04月05日(木) 14:11:07履歴
インストール 
BackTrackにはVulnerabirity ScannerとしてNessus、OpenVAS、Saint、mantraしか含まれていないようなので、インストールを行う。
結構大きく、244MBほどあるようだ。
root@bt:~# apt-cache search nexpose nexpose - The NeXpose Community Edition is a free, single-user vulnerability management solution specifically designed for very small organization or individual use. root@bt:~# apt-get install nexpose Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libecryptfs0 libdmraid1.0.0.rc16 libdebconfclient0 ecryptfs-utils cryptsetup rdate bogl-bterm libdebian-installer4 reiserfsprogs dmraid python-pyicu Use 'apt-get autoremove' to remove them. The following extra packages will be installed: libstdc++5 The following NEW packages will be installed: libstdc++5 nexpose 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 244MB of archives. After this operation, 1,184kB of additional disk space will be used. Do you want to continue [Y/n]? y Get:1 http://64.repository.backtrack-linux.org/ revolution/testing libstdc++5 1:3.3.6-20 [308kB] Get:2 http://64.repository.backtrack-linux.org/ revolution/testing nexpose 2.0-bt0 [244MB] Fetched 244MB in 2min 7s (1,924kB/s) Selecting previously deselected package libstdc++5. (Reading database ... 235698 files and directories currently installed.) Unpacking libstdc++5 (from .../libstdc++5_1%3a3.3.6-20_amd64.deb) ... Selecting previously deselected package nexpose. Unpacking nexpose (from .../nexpose_2.0-bt0_amd64.deb) ... Processing triggers for desktop-file-utils ... Processing triggers for python-gmenu ... Rebuilding /usr/share/applications/desktop.en_US.utf8.cache... Processing triggers for python-support ... Setting up libstdc++5 (1:3.3.6-20) ... Setting up nexpose (2.0-bt0) ... Processing triggers for libc-bin ... ldconfig deferred processing now taking place
あれ、おかしいな。起動スクリプトとかがない。。。
一旦アンインストールして、Rapid7からインストーラを持ってこよう。
# wget http://download2.rapid7.com/download/NeXpose-v4/NeXposeSetup-Linux64.bin # chmod +x NeXposeSetup-Linux64.bin # ./NeXposeSetup-Linux64.bin
MetasploitからNeXposeを使用する
まず、NeXposeのプラグインをロードする。バナーが出力されるが、文字コードの関係かどうもWikiに書き込めない。
msf > load nexpose
[*] Nexpose integration has been activated
[*] Successfully loaded plugin: nexpose
msf > help
Nexpose Commands
================
Command Description
------- -----------
nexpose_activity Display any active scan jobs on the Nexpose instance
nexpose_command Execute a console command on the Nexpose instance
nexpose_connect Connect to a running Nexpose instance ( user:pass@host[:port] )
nexpose_disconnect Disconnect from an active Nexpose instance
nexpose_discover Launch a scan but only perform host and minimal service discovery
nexpose_dos Launch a scan that includes checks that can crash services and devices (caution)
nexpose_exhaustive Launch a scan covering all TCP ports and all authorized safe checks
nexpose_report_templates List all available report templates
nexpose_save Save credentials to a Nexpose instance
nexpose_scan Launch a Nexpose scan against a specific IP range and import the results
nexpose_site_devices List all discovered devices within a site
nexpose_site_import Import data from the specified site ID
nexpose_sites List all defined sites
nexpose_sysinfo Display detailed system information about the Nexpose instance
起動
手動で起動してみる。デーモンとして起動したい場合は、nsc.shではなくnscsvc.shを使用する。
root@bt:/opt/rapid7/nexpose/nsc# ./nsc.sh Checking for available jvms Validating jre in directory _jvm1.6.0_25 Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-04-05T00:54:58 [INFO] 2012-04-05T00:54:58 [INFO] OS Information 2012-04-05T00:54:58 [INFO] ------------------------------------------------------------ 2012-04-05T00:54:58 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-04-05T00:54:58 [INFO] User name: root 2012-04-05T00:54:58 [INFO] Computer name: bt 2012-04-05T00:54:58 [INFO] Operating system: Ubuntu Linux 10.04 2012-04-05T00:54:58 [INFO] Total memory: 2048548 KBytes 2012-04-05T00:54:58 [INFO] Available memory: 53216 KBytes 2012-04-05T00:54:58 [INFO] CPU speed: 1799MHz 2012-04-05T00:54:58 [INFO] Number of CPUs: 1 2012-04-05T00:54:58 [INFO] Super user: true 2012-04-05T00:54:58 [INFO] JVM started: Thu Apr 05 00:54:56 EDT 2012 2012-04-05T00:54:58 [INFO] JVM uptime: 1 second Checking graphics environment... OK PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin The Java virtual machine is exiting with code 0 Using jre at _jvm1.6.0_25 PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future Logging to file /opt/rapid7/nexpose/update.log Checking for available jvms Validating jre in directory _jvm1.6.0_25 Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-04-05T00:55:00 [INFO] 2012-04-05T00:55:00 [INFO] OS Information 2012-04-05T00:55:00 [INFO] ------------------------------------------------------------ 2012-04-05T00:55:00 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-04-05T00:55:00 [INFO] User name: root 2012-04-05T00:55:00 [INFO] Computer name: bt 2012-04-05T00:55:00 [INFO] Operating system: Ubuntu Linux 10.04 2012-04-05T00:55:00 [INFO] Total memory: 2048548 KBytes 2012-04-05T00:55:00 [INFO] Available memory: 64324 KBytes 2012-04-05T00:55:00 [INFO] CPU speed: 1799MHz 2012-04-05T00:55:00 [INFO] Number of CPUs: 1 2012-04-05T00:55:00 [INFO] Super user: true 2012-04-05T00:55:00 [INFO] JVM started: Thu Apr 05 00:54:59 EDT 2012 2012-04-05T00:55:00 [INFO] JVM uptime: 0 seconds Checking graphics environment... OK PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin The Java virtual machine is exiting with code 0 Using jre at _jvm1.6.0_25 PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/etc/alternatives/gem-bin:/etc/alternatives/gem-bin Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future 2012-04-05T00:55:02 [INFO] Logging initialized. [Name = default] [Level = INFO] [Timezone = America/New_York (Eastern Standard Time, GMT-4:00)] 2012-04-05T00:55:02 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2012-04-05T00:55:02 [INFO] User name: root 2012-04-05T00:55:02 [INFO] Super user: Yes 2012-04-05T00:55:02 [INFO] Computer name: bt 2012-04-05T00:55:02 [INFO] Host Address: 127.0.1.1 2012-04-05T00:55:02 [INFO] Host FQDN: bt.foo.org 2012-04-05T00:55:02 [INFO] Operating system: Ubuntu Linux 10.04 2012-04-05T00:55:02 [INFO] CPU speed: 1799MHz 2012-04-05T00:55:02 [INFO] Number of CPUs: 1 2012-04-05T00:55:02 [INFO] Total memory: 2 GB 2012-04-05T00:55:02 [INFO] Available memory: 59.3 MB 2012-04-05T00:55:02 [INFO] Total disk space: 28.6 GB 2012-04-05T00:55:02 [INFO] Available disk space:15.7 GB 2012-04-05T00:55:02 [INFO] JVM name: Java HotSpot(TM) 64-Bit Server VM 2012-04-05T00:55:02 [INFO] JVM vendor: Sun Microsystems Inc. 2012-04-05T00:55:02 [INFO] JVM version: 20.0-b11 2012-04-05T00:55:02 [INFO] JVM started: 2012-04-05 04:55 GMT 2012-04-05T00:55:02 [INFO] Running interactively under super-user: root. 2012-04-05T00:55:02 [WARN] Running with insufficient free memory: 2000MB total (59MB free) 2012-04-05T00:55:02 [INFO] Initializing JDBC drivers. 2012-04-05T00:55:03 [WARN] No valid licenses were found. This will prevent site modification and the running of scans. 2012-04-05T00:55:03 [INFO] Configuring web server... 2012-04-05T00:55:05 [INFO] Registering shutdown hook... 2012-04-05T00:55:05 [INFO] Generating skin: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-skin.js 2012-04-05T00:55:05 [INFO] Generating feature set: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-features.js 2012-04-05T00:55:09 [INFO] Web server subsystem initialized. 2012-04-05T00:55:09 [INFO] Initializing scheduler... 2012-04-05T00:55:09 [INFO] Starting Scheduler 2012-04-05T00:55:09 [INFO] Scheduler subsystem initialized. 2012-04-05T00:55:09 [INFO] Initializing administrative alerters. 2012-04-05T00:55:09 [INFO] Initializing postgresql database manager for //127.0.0.1:5432/nexpose. 2012-04-05T00:55:10 [INFO] Starting up postgresql DB system 2012-04-05T00:55:10 [INFO] PostgreSQL service status: 1 2012-04-05T00:55:10 [INFO] Determining whether database nexpose exists 2012-04-05T00:55:11 [INFO] PostgreSQL 9.0.3 on x86_64-unknown-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46), 64-bit 2012-04-05T00:55:11 [INFO] Initializing update processor. 2012-04-05T00:55:11 [INFO] Checking for approved updates. 2012-04-05T00:55:11 [INFO] No approved updates found for processing. 2012-04-05T00:55:11 [INFO] Started auto-update. 2012-04-05T00:55:12 [INFO] Establishing HTTP connection with updates.rapid7.com via proxy updates.rapid7.com:80. 2012-04-05T00:55:20 [INFO] Checking for approved updates. 2012-04-05T00:55:20 [INFO] No approved updates found for processing. 2012-04-05T00:55:21 [INFO] Current DB_VERSION = 84, current DB_REINDEX = 35 2012-04-05T00:55:21 [INFO] Verifying database version... 2012-04-05T00:55:21 [INFO] Installed DB VERSION = 84 2012-04-05T00:55:21 [INFO] Database version 84 is up to date 2012-04-05T00:55:21 [INFO] Database does not require upgrading 2012-04-05T00:55:21 [INFO] Initializing datastore login module. 2012-04-05T00:55:21 [INFO] Synchronizing authentication sources. 2012-04-05T00:55:21 [INFO] Synchronizing XML users with datastore... 2012-04-05T00:55:21 [INFO] Initializing extension manager from dir /opt/rapid7/nexpose/plugins. 2012-04-05T00:55:21 [INFO] Initializing extension manager... 2012-04-05T00:55:21 [INFO] Initialization successful 2012-04-05T00:55:46 [INFO] Compiling vulnerability definitions. This may take several minutes. 2012-04-05T00:56:19 [INFO] Updating vulnerability tags, cross-references and full-text index. This may take several minutes. 2012-04-05T00:56:24 [INFO] [Started: 2012-04-05T04:55:46] [Duration: 0:00:37.742] Imported 0 new and 0 modified vulnerabilities. 2012-04-05T00:56:24 [INFO] Importing vulnerability categories. 2012-04-05T00:56:24 [INFO] Imported 0 new categories, 0 new vulnerabilities. 2012-04-05T00:56:24 [INFO] Compiling vulnerability checks. 2012-04-05T00:57:55 [INFO] Initializing web server caching subsystem. 2012-04-05T00:57:55 [INFO] Starting up postgresql DB system 2012-04-05T00:57:56 [INFO] PostgreSQL service status: 1 2012-04-05T00:57:57 [INFO] Web server caching subsystem initialized. 2012-04-05T00:57:57 [INFO] Initializing risk service 2012-04-05T00:57:58 [INFO] Starting to update risk scores for silo default 2012-04-05T00:57:58 [INFO] Current risk strategy: real_risk 2012-04-05T00:57:58 [INFO] Updating vulnerability risk scores... 2012-04-05T00:58:01 [INFO] Updated risk scores for 0 vulnerabilities in 2 seconds 2012-04-05T00:58:01 [INFO] Finished updating risk scores for silo default 2012-04-05T00:58:02 [INFO] Performing consistency checks on database. 2012-04-05T00:58:02 [INFO] [Silo: default] Performing consistency checks. 2012-04-05T00:58:04 [INFO] [Started: 2012-04-05T04:58:02] [Duration: 0:00:02.209] Database consistency checks completed against all silos. 2012-04-05T00:58:04 [INFO] Performing partitioning checks on silo default. 2012-04-05T00:58:05 [INFO] Starting threads to check and populate risk history data. 2012-04-05T00:58:05 [INFO] Initializing report manager. 2012-04-05T00:58:05 [INFO] Started filling daily history of assets, sites and groups for default silo 2012-04-05T00:58:06 [INFO] Finished filling membership history of default silo in 0 seconds 2012-04-05T00:58:06 [INFO] Finished filling daily history of assets, sites and asset groups for default silo in 0 seconds 2012-04-05T00:58:06 [INFO] Resource "DCE Endpoint Resolution" in group "java/NetworkScanners" was not loaded because it duplicates a loaded resource in group "java/DceRpcScanner". 2012-04-05T00:58:07 [WARN] Not licensed for PCI reporting. 2012-04-05T00:58:08 [INFO] Loading scheduled report jobs... 2012-04-05T00:58:10 [INFO] Initializing Discovery asset service. 2012-04-05T00:58:11 [INFO] Initializing scan template service 2012-04-05T00:58:14 [INFO] Synchronizing scan templates... 2012-04-05T00:58:19 [INFO] Initializing dynamic asset group service. 2012-04-05T00:58:20 [INFO] Initializing dynamic site service. 2012-04-05T00:58:20 [INFO] Loading built-in scan engines. 2012-04-05T00:58:20 [INFO] Refreshing scan engines... 2012-04-05T00:58:20 [INFO] Starting local scan engine... 2012-04-05T00:58:20 [INFO] Initializing JDBC drivers 2012-04-05T00:58:20 [INFO] Initializing administrative alerters 2012-04-05T00:58:20 [INFO] Initializing extension manager from dir /opt/rapid7/nexpose/nse/../plugins 2012-04-05T00:58:20 [INFO] Initializing extension manager... 2012-04-05T00:58:20 [INFO] Initialization successful 2012-04-05T00:58:21 [INFO] Initializing scan manager 2012-04-05T00:58:22 [INFO] PolicyCheckService: Initialized PolicyCheckService with 9 benchmarks, containing 9 policies 2012-04-05T00:58:22 [INFO] PolicyCheckService: Initialized PolicyCheckService with 1735 checks. 2012-04-05T00:58:22 [INFO] Initializing networking support... 2012-04-05T00:58:22 [INFO] Initializing scan engine manager... 2012-04-05T00:58:44 [INFO] Scan Engine initialization completed. 2012-04-05T00:58:45 [WARN] Not licensed for Rapid7 Hosted Scan Engine 2012-04-05T00:58:50 [INFO] Accepting web server logins. 2012-04-05T00:58:50 [INFO] Initializing data warehouse export service. 2012-04-05T00:58:50 [INFO] Loading scheduled data warehouse export jobs... 2012-04-05T00:58:50 [INFO] Enabling resource self protection 2012-04-05T00:59:02 [INFO] [Started: 2012-04-05T04:55:02] [Duration: 0:03:59.990] Security Console started. 2012-04-05T00:59:02 [INFO] Security Console web interface ready. Browse to https://localhost:3780/
Security Console web interface readyと言われたのでコンソール(https://localhost:3780/)に接続してみる。
アカウントとパスワードはインストール時に設定したものを使用する。
最新コメント