Posts by daines

2 min Nexpose

Site Consolidation with the Nexpose Gem

The introduction of the scan export/import feature opens up the ability to merge sites, at least through the Ruby gem. Imagine a scenario where you had split up your assets into several sites, but now you realize it would be easier to manage them if you just merge them into one. Maybe you have duplicate assets across sites and that wasn't your intent. The script below allows you to merge multiple sites into one. I replays the scans from each site into the new one (in just a fraction of the amou

2 min API

Scan Export/Import Using the nexpose-client Gem

The latest release (5.10.13) introduces a new feature into Nexpose, scan exporting and importing. We're looking to address a need in air-gap environments, where customers can have multiple consoles to address network partitioning. This approach is not without its warts. For example, if you have deleted assets from a site, this process will bring them back to life. This post is going to walk through a pair of Ruby scripts using the nexpose-client gem. The first script will export the site config

1 min Nexpose

Nexpose Gem Version 0.8.0 Released

With the release of Nexpose 5.9.16, we are also releasing a new version of the gem: 0.8.0 We bumped the version from 0.7 to mark several changes. First, there are two methods that would not work against the new release without some code changes to the gem. These cover searching for vulnerabilities and running ad hoc HTML reports. But most significant is the addition of the nokogiri (鋸) gem [] a dependency. We decided to pull

2 min

Using the Gem for Shared Credentials

Here's a walk-through of how to use Shared Credentials, as of version 0.5.1 of the gem. In order to keep verbosity to a minimum, all of the examples assume that the Nexpose module has been included: include Nexpose As with all uses of the gem, in order to interact with a Nexpose console you will need an active, valid connection. The following line can be assumed for all code below: nsc ='', 'nxadmin', 'secret-password') nsc.login List All Current Shared Crede

2 min Nexpose

[ANN] nexpose gem 0.5 Released

The nexpose gem [], a Ruby library for accessing the Nexpose API (and more), has been updated to version 0.5. This version includes a number of small breaking changes from the previous version of the gem (0.2.8), hence the jump in version. Nearly all of the 1.1 and 1.2 versions of the Nexpose API are implemented by the gem. (The missing calls center around multi-tenancy and vAsset discovery, licensed features.) New Features This version of the gem allows for som

2 min Nexpose

Creating Asset Groups from IPs

I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have. What happens when you are in charge of the Nexpose console, but someone else is in charge of actually applying remediation? You may generate a report for them listing the assets they need to remediate, but when they get back to you with results, it may just be a list of the IPs they've completed. If that doesn't happen to map nicely to a Site or Asset Group that alr

2 min Nexpose

Calculating Your Average Scan Time

If you are looking to balance out your scan schedule or add new scans to the mix, it can be helpful to get some direct insight into how much time a new scan is going to take. One way to estimate that is based upon how long your current scans are already taking. To that end, I threw together a script that looks at current scan history and calculates average scan time per asset. To keep some balance, I only look at Full audit scans and their live assets. I then calculate the average number of min

2 min Nexpose

Bridging Asset Groups and Sites Using the Nexpose Gem

Asset Groups are a convenient feature for organizing assets based upon different criteria, including criteria that you could not have known when you configured and first ran your site scans. But many times you would actually like to run scans based off your asset groups. Here are some approaches to bridging that gap using the 0.1.8 version of the Nexpose gem [] to access the API []. Rescanning Assets Since rescanning the

2 min Nexpose

Using Scripts to Analyze Your Security Console

There is a variety of information available about your Sites and Scans that can be used to make decisions. I began thinking about how to analyze the load across Scan Engines or Sites, but quickly realized there are too many ways to break down the data to be able to write a single script. To that end, I'm going to walk through some scripts which use the Nexpose gem [] (version 0.1.7) to access the API [] and collate perform

1 min Nexpose

Making the Nexpose Gem Easier to Use

In an effort to make API access to Nexpose easier, some efforts are underway to make the Nexpose Gem [] easier to use. For those unfamiliar with the gem, it is a Ruby library that allows for easier scripting against a Nexpose security console. Changes to Site Making changes to a site configuration through the gem used to be a little complex. The attributes on the configuration were locked down from editing, and sometimes buried deep in structures that mirrored th

2 min Nexpose

Managing Your Nexpose Scan Engines through the API

Here's a walk-through of a Ruby script that uses the nexpose gem [] to add and configure your Nexpose Scan Engines. This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a group of shared Scan Engines that can be bound to a site so that the load is distributed evenly across the shared engines. The feature can only be managed through the API. You'll need familiarity with Ruby to understand the script. I've inserted explanations as comments (