[nexpose-users] ISsue with Metasploit and Nexpose Community Edition Integration.
HD Moore
hdm at metasploit.com
Fri Jan 29 20:06:02 PST 2010
Hi!
Replies inline:
On 1/29/2010 5:00 PM, Vijay wrote:
> I get list of critical vulnerabilities on one of my internal Machine
> when I scanned using Nexpose Web gui. I used Metasploit console to scan
> the same IP and correlate with the existing exploit, using nexpose_scan
> -x IP address, and it spits out an error as below.
>
> msf > nexpose_scan -x <IP address>
> [*] Scanning 1 addresses with template pentest-audit in sets of 32
> [*] Completed the scan of 1 addresses
> [*] Launching an automated exploitation session
> [-] Error while running command nexpose_scan: undefined local variable
> or method `minrank' for
> #<Msf::PlugiNexpose::NexposeCommandDispatcher:0x13561d08>
This was fixed shortly after the 3.3.3 release, upgrading the latest SVN
snapshot should solve it.
>
> If I scan the IP without -x option and then run the command then I get
> following .
> Metasploit finds none of the exploit matching the list of vulnerability.
> There are only 2 options, Option 1: Rapid 7 is giving out false
> positive. Option 2: Metasploit do not have the corrposponding exploit.
>
> Metasploit is upgraded.
> msf > db_autopwn -t -x
> [*] Analysis completed in 6 seconds (0 vulns / 0 refs)
Often times the match isn't 1:1 between what NeXpose can scan for and
what Metasploit can exploit. For the first iteration, we only do direct
matching between CVE/BID/OSVDB and other references. If NeXpose can
safely identify one vulnerability within a Microsoft patch, but only
reports that specific vulnerability, and Metasploit has an exploit for a
different bug in the same patch, then the default match method will not
work.
The next step to improving this is to infer compatible exploits based on
dependent or related vulnerabilities. We hope to have the work started
on this in the next couple months.
In the meantime, you can either use the exploit correlation feature
present in the latest version of NeXpose, or use the -p matching mode in
Metasploit to launch all exploits that are possible for the open ports
on that target.
While the existing match is a bit spotty for Windows patch levels, due
to the difference between what can be checked safely without
authentication and what can be exploited reliably, the correlation works
pretty well for other categories of flaws (default passwords, CGI
scripts, etc).
Thanks for the feedback!
-HD
More information about the nexpose-users
mailing list