Hi. I'm a co-founder here at Rapid7 and I wanted to introduce myself to the larger community of NeXpose users. Since we released NeXpose Community Edition back in December, we've had an overwhelming interest from the security community. Tens of thousands of you have downloaded the product, which is hugely gratifying to our engineering teams. We love making stuff that people use!
One of the most common queries that we get from you is "How can I create my own vulnerability checks?" In response, we're taking our internal training docs for our developers and we've begun to distill them into a series of articles and tutorials on the Rapid7 Community.
To start things off, we've created 3 tutorials on our wiki:
- A short tutorial which shows you how to create and run your first custom vulnerability check in NeXpose. We took a simple check from Nikto (a great tool if you haven't used it) and re-implemented the check in NeXpose so you can see the difference. The vuln check creation process is simple and the tutorial should take you about 15-20 minutes.
- Another tutorial showing how to convert a NASL check to NeXpose (this will be helpful for those of you who are familiar with Nesuss or OpenVAS).
- A detailed reference guide with advanced examples of how to create complex vulnerability checks in NeXpose. There are almost 20 examples here and we are adding more every day.
HD and I are setting up a community project of user-contributed vulnerability checks that can be shared among all NeXpose users. The license for contributed content will be probably be dual GPL and BSD, so you can feel comfortable contributing knowing that this content will always be available for free.
If you have any questions or if you need help creating checks, please join us on irc.freenode.net on #rapid7 or post your question to the nexpose-users mailing list. We'd love to hear your ideas for future tutorials. Let us know on this blog or the mailing list what you'd like us to cover next!