Posts tagged API

2 min Nexpose

Site Consolidation with the Nexpose Gem

The introduction of the scan export/import feature opens up the ability to merge sites, at least through the Ruby gem. Imagine a scenario where you had split up your assets into several sites, but now you realize it would be easier to manage them if you just merge them into one. Maybe you have duplicate assets across sites and that wasn't your intent. The script below allows you to merge multiple sites into one. I replays the scans from each site into the new one (in just a fraction of the amou

2 min API

Scan Export/Import Using the nexpose-client Gem

The latest release (5.10.13) introduces a new feature into Nexpose, scan exporting and importing. We're looking to address a need in air-gap environments, where customers can have multiple consoles to address network partitioning. This approach is not without its warts. For example, if you have deleted assets from a site, this process will bring them back to life. This post is going to walk through a pair of Ruby scripts using the nexpose-client gem. The first script will export the site config

5 min API

Working with reports and exports via the RPC API

The Metasploit RPC API provides a straightforward, programmatic way to accomplish basic tasks with your Metasploit Pro instance. Two of the key capabilities are export generation to backup your data and report generation to summarize and share your findings. The RPC API docs are currently undergoing a major overhaul and are a bit out of date for reports and export generation. This post will provide all the examples and configuration options you need to get running. Setting up a client to make t

1 min Nexpose

Nexpose Gem Version 0.8.0 Released

With the release of Nexpose 5.9.16, we are also releasing a new version of the gem: 0.8.0 We bumped the version from 0.7 to mark several changes. First, there are two methods that would not work against the new release without some code changes to the gem. These cover searching for vulnerabilities and running ad hoc HTML reports. But most significant is the addition of the nokogiri (鋸) gem [https://rubygems.org/gems/nokogiri]https://rubygems.org/gems/nokogirias a dependency. We decided to pull

3 min Metasploit

Weekly Metasploit Update: Talking PJL With Printers

Abusing Printers with PJL This week's release features a half dozen new modules that seek out printers that talk the Print Job Lanaguage (PJL) for use and abuse. Huge thanks to our newest full time Metasploit trouble maker, William Vu [https://twitter.com/wvuuuuuuuuuuuuu]. As a penetration tester, you probably already know that office printers represent tasty targets. Like most hardware with embedded systems, they rarely, if ever, get patches. They don't often have very serious security control

2 min API

SQL Export Report using the API

This morning we published the release of the new SQL Query Export [/2013/12/18/give-me-access-to-my-data] report. Simultaneously the Nexpose Gem [http://rubygems.org/gems/nexpose] has released version 0.6.0 [https://github.com/rapid7/nexpose-client/wiki/Changes-to-the-Nexpose-Gem-in-Version-0.6.0] to support this new report format in all the reporting API calls (you must update to this latest version to run the report). When the SQL Query Export is paired with adhoc-report generation, you are a

5 min Metasploit

Kvasir: Penetration Data Management for Metasploit and Nexpose

Data management is half the battle for penetration testing, especially when you're auditing large networks. As a penetration tester with Cisco's Advanced Services, I've created a new open source tool called Kvasir that integrates with Metasploit Pro, Nexpose, and a bunch of other tools I use regularly to aggregate and manage the data I need. In this blog post, I'd like to give you a quick intro what Kvasir does - and to invite you to use it with Metasploit Pro. Cisco's Advanced Services has bee

2 min Nexpose

[ANN] nexpose gem 0.5 Released

The nexpose gem [http://rubygems.org/gems/nexpose], a Ruby library for accessing the Nexpose API (and more), has been updated to version 0.5. This version includes a number of small breaking changes from the previous version of the gem (0.2.8), hence the jump in version. Nearly all of the 1.1 and 1.2 versions of the Nexpose API are implemented by the gem. (The missing calls center around multi-tenancy and vAsset discovery, licensed features.) New Features This version of the gem allows for som

2 min Nexpose

Creating Asset Groups from IPs

I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have. What happens when you are in charge of the Nexpose console, but someone else is in charge of actually applying remediation? You may generate a report for them listing the assets they need to remediate, but when they get back to you with results, it may just be a list of the IPs they've completed. If that doesn't happen to map nicely to a Site or Asset Group that alr

2 min Nexpose

Calculating Your Average Scan Time

If you are looking to balance out your scan schedule or add new scans to the mix, it can be helpful to get some direct insight into how much time a new scan is going to take. One way to estimate that is based upon how long your current scans are already taking. To that end, I threw together a script that looks at current scan history and calculates average scan time per asset. To keep some balance, I only look at Full audit scans and their live assets. I then calculate the average number of min

2 min Nexpose

Bridging Asset Groups and Sites Using the Nexpose Gem

Asset Groups are a convenient feature for organizing assets based upon different criteria, including criteria that you could not have known when you configured and first ran your site scans. But many times you would actually like to run scans based off your asset groups. Here are some approaches to bridging that gap using the 0.1.8 version of the Nexpose gem [http://rubygems.org/gems/nexpose] to access the API [https://community.rapid7.com/docs/DOC-1896]. Rescanning Assets Since rescanning the

2 min Nexpose

Using Scripts to Analyze Your Security Console

There is a variety of information available about your Sites and Scans that can be used to make decisions. I began thinking about how to analyze the load across Scan Engines or Sites, but quickly realized there are too many ways to break down the data to be able to write a single script. To that end, I'm going to walk through some scripts which use the Nexpose gem [http://rubygems.org/gems/nexpose] (version 0.1.7) to access the API [https://community.rapid7.com/docs/DOC-1896] and collate perform

1 min Nexpose

Making the Nexpose Gem Easier to Use

In an effort to make API access to Nexpose easier, some efforts are underway to make the Nexpose Gem [http://rubygems.org/gems/nexpose] easier to use. For those unfamiliar with the gem, it is a Ruby library that allows for easier scripting against a Nexpose security console. Changes to Site Making changes to a site configuration through the gem used to be a little complex. The attributes on the configuration were locked down from editing, and sometimes buried deep in structures that mirrored th

2 min Nexpose

Multi-tenant User Provisioning

Introduction Performing bulk operations can be time consuming in Nexpose. A good example is user provisioning, which can take a long time. To save time, using the Nexpose APIs is an effective way to save you time and eliminate the error-prone process of doing everything manually. For this blog post, I want to demonstrate how you can manage users using the Nexpose API. I will be using an open source Java API client, which is available on clee-r7/nexpose_java_api · GitHub [https://github.com/clee-

1 min Nexpose

Nexpose Site Creation - Now with More Scheduling

Got Sites?  Well now you can! One of everyone's favorite tasks in Nexpose is creating new sites.  But what if you could do it all with an interactive, menu-driven, standalone java application that leveraged the awesome Nexpose Java API client.  I know what you are thinking, "That would be too cool." Well wait no longer!  We here at Rapid7 have created just such a tool for you to use.  So go ahead, download it and give it a try.  All source code is included so you can easily modify or extend it