2 min
Nexpose
Site Consolidation with the Nexpose Gem
The introduction of the scan export/import feature opens up the ability to merge
sites, at least through the Ruby gem.
Imagine a scenario where you had split up your assets into several sites, but
now you realize it would be easier to manage them if you just merge them into
one. Maybe you have duplicate assets across sites and that wasn't your intent.
The script below allows you to merge multiple sites into one. I replays the
scans from each site into the new one (in just a fraction of the amou
2 min
API
Scan Export/Import Using the nexpose-client Gem
The latest release (5.10.13) introduces a new feature into Nexpose, scan
exporting and importing. We're looking to address a need in air-gap
environments, where customers can have multiple consoles to address network
partitioning. This approach is not without its warts. For example, if you have
deleted assets from a site, this process will bring them back to life.
This post is going to walk through a pair of Ruby scripts using the
nexpose-client gem. The first script will export the site config
1 min
Nexpose
Nexpose Gem Version 0.8.0 Released
With the release of Nexpose 5.9.16, we are also releasing a new version of the
gem: 0.8.0
We bumped the version from 0.7 to mark several changes. First, there are two
methods that would not work against the new release without some code changes to
the gem. These cover searching for vulnerabilities and running ad hoc HTML
reports.
But most significant is the addition of the nokogiri (鋸) gem
[https://rubygems.org/gems/nokogiri]https://rubygems.org/gems/nokogirias a
dependency. We decided to pull
2 min
Using the Gem for Shared Credentials
Here's a walk-through of how to use Shared Credentials, as of version 0.5.1 of
the gem.
In order to keep verbosity to a minimum, all of the examples assume that the
Nexpose module has been included:
include Nexpose
As with all uses of the gem, in order to interact with a Nexpose console you
will need an active, valid connection. The following line can be assumed for all
code below:
nsc = Connection.new('10.2.0.1', 'nxadmin', 'secret-password')
nsc.login
List All Current Shared Crede
2 min
Nexpose
[ANN] nexpose gem 0.5 Released
The nexpose gem [http://rubygems.org/gems/nexpose], a Ruby library for accessing
the Nexpose API (and more), has been updated to version 0.5. This version
includes a number of small breaking changes from the previous version of the gem
(0.2.8), hence the jump in version.
Nearly all of the 1.1 and 1.2 versions of the Nexpose API are implemented by the
gem. (The missing calls center around multi-tenancy and vAsset discovery,
licensed features.)
New Features
This version of the gem allows for som
2 min
Nexpose
Creating Asset Groups from IPs
I put together a script recently to solve a customer problem, but it struck me
that it is a problem many organizations might have.
What happens when you are in charge of the Nexpose console, but someone else is
in charge of actually applying remediation? You may generate a report for them
listing the assets they need to remediate, but when they get back to you with
results, it may just be a list of the IPs they've completed. If that doesn't
happen to map nicely to a Site or Asset Group that alr
2 min
Nexpose
Calculating Your Average Scan Time
If you are looking to balance out your scan schedule or add new scans to the
mix, it can be helpful to get some direct insight into how much time a new scan
is going to take. One way to estimate that is based upon how long your current
scans are already taking.
To that end, I threw together a script that looks at current scan history and
calculates average scan time per asset. To keep some balance, I only look at
Full audit scans and their live assets. I then calculate the average number of
min
2 min
Nexpose
Bridging Asset Groups and Sites Using the Nexpose Gem
Asset Groups are a convenient feature for organizing assets based upon different
criteria, including criteria that you could not have known when you configured
and first ran your site scans. But many times you would actually like to run
scans based off your asset groups. Here are some approaches to bridging that gap
using the 0.1.8 version of the Nexpose gem [http://rubygems.org/gems/nexpose] to
access the API [https://community.rapid7.com/docs/DOC-1896].
Rescanning Assets
Since rescanning the
2 min
Nexpose
Using Scripts to Analyze Your Security Console
There is a variety of information available about your Sites and Scans that can
be used to make decisions. I began thinking about how to analyze the load across
Scan Engines or Sites, but quickly realized there are too many ways to break
down the data to be able to write a single script. To that end, I'm going to
walk through some scripts which use the Nexpose gem
[http://rubygems.org/gems/nexpose] (version 0.1.7) to access the API
[https://community.rapid7.com/docs/DOC-1896] and collate perform
1 min
Nexpose
Making the Nexpose Gem Easier to Use
In an effort to make API access to Nexpose easier, some efforts are underway to
make the Nexpose Gem [http://rubygems.org/gems/nexpose] easier to use. For those
unfamiliar with the gem, it is a Ruby library that allows for easier scripting
against a Nexpose security console.
Changes to Site
Making changes to a site configuration through the gem used to be a little
complex. The attributes on the configuration were locked down from editing, and
sometimes buried deep in structures that mirrored th
2 min
Nexpose
Managing Your Nexpose Scan Engines through the API
Here's a walk-through of a Ruby script that uses the nexpose gem
[http://rubygems.org/gems/nexpose] to add and configure your Nexpose Scan
Engines.
This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a
group of shared Scan Engines that can be bound to a site so that the load is
distributed evenly across the shared engines. The feature can only be managed
through the API.
You'll need familiarity with Ruby to understand the script. I've inserted
explanations as comments (