[nexpose-users] ISsue with Metasploit and Nexpose Community Edition Integration.

Vijay vjisdj at yahoo.com
Fri Jan 29 15:00:29 PST 2010 

I installed nexpose Community Edition on Windows 2003 Server and Metasploit 3.3.3 version on the same machine. 
 
I get list of critical vulnerabilities on one of my internal Machine when I scanned using Nexpose Web gui. I used Metasploit console to scan the same IP and correlate with the existing exploit, using nexpose_Scan -x IP address, and it spits out an error as below. 
 
msf > nexpose_scan -x <IP address>
[*] Scanning 1 addresses with template pentest-audit in sets of 32
[*] Completed the scan of 1 addresses
[*] Launching an automated exploitation session
[-] Error while running command nexpose_scan: undefined local variable or method `minrank' for #<Msf::PlugiNexpose::NexposeCommandDispatcher:0x13561d08>
Call stack:
/msf3/plugins/nexpose.rb:362:in `cmd_nexpose_scan'
/msf3/lib/rex/ui/text/dispatcher_shell.rb:235:in `run_command'
/msf3/lib/rex/ui/text/dispatcher_shell.rb:197:in `block in run_single'
/msf3/lib/rex/ui/text/dispatcher_shell.rb:192:in `each'
/msf3/lib/rex/ui/text/dispatcher_shell.rb:192:in `run_single'
/msf3/lib/msf/ui/console/driver.rb:347:in `run_single'
/msf3/lib/rex/ui/text/shell.rb:144:in `run'
msfconsole:92:in `<main>'
msf > 
msf > 

 
 
 
 
If I scan the IP without -x option and then run the command then I get following . 
Metasploit finds none of the exploit matching the list of vulnerability.
There are only 2 options,  Option 1: Rapid 7 is giving out false positive. Option 2: Metasploit do not have the corrposponding exploit. 
 
Metasploit is upgraded. 
msf > db_autopwn -t -x 
[*] Analysis completed in 6 seconds (0 vulns / 0 refs)
[*] 
[*] ================================================================================
[*]                             Matching Exploit Modules
[*] ================================================================================
[*] ================================================================================
[*] 
[*] 
 
 
 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/nexpose-users/attachments/20100129/6da6ca94/attachment.html>

More information about the nexpose-users mailing list