Those of you who pay close attention to our release notes saw that last week, (June 17, 2015) with the Nexpose 5.14.3 release, we made good on something I wrote about here in the first part of the year. The Nexpose team is extremely excited to announce the initial availability of our new protocol fingerprinting framework. For the first time end users can extend Nexpose's protocol fingerprinting capabilities!
The coverage toolkit provides Nexpose users with a mechanism for authoring content that at this time includes protocol fingerprinting, unauthenticated (remote) vulnerability coverage. The ambition of the framework is to provide a simple, intuitive framework to describe what you want to send to the target, what you expect to get back, and what that means. Feedback is welcomed and encouraged.
At this point I'm sure you are all popping open bottles of the finest baby duck and toasting to victory. What? Not quite? Because we have not shown you in the slightest how to use it yet. Of course. Okay, I hear you, but there is a method to this madness. This is intentionally a soft launch. If I ran into you at UNITED, you heard about it from me, no doubt, but this blog post is the first written explanation you could have seen. The feature is there, we are shipping some coverage that uses it, but until YOU, the interested Nexpose user starts to take this and make it their own it won't really get off the ground.
So here's what we're doing: we've set up a github repo with guidance and examples for contributors to get feedback on their coverage creation efforts. For the time being this is a private github repo but we are eager to grant access to the coverage-toolkit repo to a select number of customers who are interested in prototyping custom content and getting feedback on their work from Nexpose developers.
How does this relate to Recog? The Coverage Toolkit supplements but does not replace Recog. Recog provides service identification support for protocols that Nexpose (and Metasploit) support. The Coverage Toolkit lets a user add support for new Protocols and override existing protocol implementations.
Every question and contribution we get will help strengthen and expand our offering. Please reach out to me (Ross Barrett) through the Community or on twitter if you would like access to the coverage-toolkit sandbox.
EDIT: A number of people have reached out to tell me that the link to the coverage-toolkit repo is yielding a 404 error message. As mentioned in the original post for the time being this is a private repository and a 404 is how github responds when you try to access a private repo that you don't have access rights to. If you would like access, please contact me here or via twitter.