Rapid7 Nexpose 識别和管理“可被利用的”漏洞。
基于準确的風險資訊,制定更明智的安全決策。
Rapid7 Nexpose 啟用了全景式的漏洞管理,使得網絡安全團隊能夠更快制定更佳的決策。Nexpose 確定您可以:
掃描您的 100% 基礎設施:掃描資料庫,網絡應用程式和所有的網絡裝置,確定您掌握所有漏洞的方方面面。
準确了解您的真實風險形勢:持續發現實體的和虛拟的資産,并內建惡意軟體和濫用風險的資訊,Nexpose助您精确洞察最重大的風險。
迅速準确地區分風險的優先順序:通過掃描發現成千上萬的漏洞;使用 Real Risk,Nexpose 有效地将您的補救措施按優先順序排列,避免浪費您的時間。
校驗漏洞是否已被補救:使用Metasploit內建的資料,您的安全團隊可以校驗補救措施是否成功,減少重複勞動,更有效地降低風險。
基于全部實體資産和虛拟資産的詳細風險報告,Nexpose 提供了情境化的,詳細的,依序排列的補救路線圖,并帶有每個任務的時間預期,進而更有效更高效地降低風險。
Metasploit 幫助驗證漏洞和補救方案,并管理風險評估。
通過開源社群和Rapid7之間的合作, Metasploit® 軟體幫助安全專家和IT專業人士識别安全風險,校驗漏洞補救措施,并管理專家參與的安全評估。它提供了真正的安全風險資訊,有助預防資料洩露。
Metasploit 版本覆寫免費版到專業企業版,都基于Metasploit Framework,它是一個開源軟體開發包,帶有世界最大的保證品質的公開漏洞庫。
注意:在安裝期間需要一個企業的郵箱,來注冊驗證碼。這個郵箱不能是免費的GMAIL,126之類的,必須是企業賬戶,139.com是可以的
安裝條件:
2 GHz處理器
4 GB(32位),8 GB RAM(64位)推薦
80 GB的可用磁盤空間
10 GB的可用磁盤空間掃描引擎
實驗環境 centos-5.5
實驗軟體 NeXposeSetup-Linux32.bin
安裝軟體
-rw-r--r-- 1 root root 306463060 Jun 1 2013 NeXposeSetup-Linux32.bin
chmod +x NeXposeSetup-Linux32.bin
-rwxr-xr-x 1 root root 306463060 Jun 1 2013 NeXposeSetup-Linux32.bin
./NeXposeSetup-Linux32.bin
Do you want to continue?
Yes [y, Enter], No [n] 選擇y
Visit https://localhost:3780 to view more detailed progress updates during startup.
如果。出現這個提示,證明安裝完成
cd /opt/rapid7/nexpose/nsc
./nsc.sh
Checking for available jvms
Validating jre in directory _jvm1.7.0_03
Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
2013-05-28T01:19:51 [INFO]
2013-05-28T01:19:51 [INFO] OS Information
2013-05-28T01:19:51 [INFO] ------------------------------------------------------------
2013-05-28T01:19:51 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-05-28T01:19:51 [INFO] User name: root
2013-05-28T01:19:51 [INFO] Computer name: localhost.localdomain
2013-05-28T01:19:51 [INFO] Operating system: CentOS Linux 5.5
2013-05-28T01:19:51 [INFO] Total memory: 3107636 KBytes
2013-05-28T01:19:51 [INFO] Available memory: 1707436 KBytes
2013-05-28T01:19:51 [INFO] CPU speed: 2200MHz
2013-05-28T01:19:51 [INFO] Number of CPUs: 1
2013-05-28T01:19:51 [INFO] Super user: true
2013-05-28T01:19:51 [INFO] JVM started: Tue May 28 01:19:37 EDT 2013
2013-05-28T01:19:51 [INFO] JVM uptime: 6 seconds
Checking graphics environment...
OK
PATH: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
The Java virtual machine is exiting with code 0
Using jre at _jvm1.7.0_03
Logging to file /opt/rapid7/nexpose/update.log
2013-05-28T01:20:05 [INFO]
2013-05-28T01:20:05 [INFO] OS Information
2013-05-28T01:20:05 [INFO] ------------------------------------------------------------
2013-05-28T01:20:05 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-05-28T01:20:05 [INFO] User name: root
2013-05-28T01:20:05 [INFO] Computer name: localhost.localdomain
2013-05-28T01:20:05 [INFO] Operating system: CentOS Linux 5.5
2013-05-28T01:20:05 [INFO] Total memory: 3107636 KBytes
2013-05-28T01:20:05 [INFO] Available memory: 1705080 KBytes
2013-05-28T01:20:05 [INFO] CPU speed: 2200MHz
2013-05-28T01:20:05 [INFO] Number of CPUs: 1
2013-05-28T01:20:05 [INFO] Super user: true
2013-05-28T01:20:05 [INFO] JVM started: Tue May 28 01:19:56 EDT 2013
2013-05-28T01:20:05 [INFO] JVM uptime: 1 second
2013-05-28T01:20:09 [INFO] Logging initialized. [Name = default] [Level = INFO] [Timezone = America/New_York (Eastern Standard Time, GMT-4:00)]
2013-05-28T01:20:19 [INFO] Product Version: 5.6.6
2013-05-28T01:20:19 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-05-28T01:20:19 [INFO] User name: root
2013-05-28T01:20:19 [INFO] Super user: Yes
2013-05-28T01:20:19 [INFO] Computer name: localhost.localdomain
2013-05-28T01:20:19 [INFO] Host Address: 127.0.0.1
2013-05-28T01:20:19 [INFO] Host FQDN: localhost.localdomain
2013-05-28T01:20:19 [INFO] Operating system: CentOS Linux 5.5
2013-05-28T01:20:19 [INFO] CPU speed: 2200MHz
2013-05-28T01:20:19 [INFO] Number of CPUs: 1
2013-05-28T01:20:19 [INFO] Total memory: 3 GB
2013-05-28T01:20:19 [INFO] Available memory: 1.6 GB
2013-05-28T01:20:19 [INFO] Total disk space: 35.9 GB
2013-05-28T01:20:19 [INFO] Available disk space: 29.8 GB
2013-05-28T01:20:19 [INFO] Disk space used by installation: 1.2 GB
2013-05-28T01:20:19 [INFO] Disk space used by scans: 0 bytes
2013-05-28T01:20:19 [INFO] Disk space used by database: 703.8 MB
2013-05-28T01:20:19 [INFO] Disk space used by reports: 5.1 MB
2013-05-28T01:20:19 [INFO] Disk space used by backups: 0 bytes
2013-05-28T01:20:19 [INFO] JVM name: Java HotSpot(TM) Server VM
2013-05-28T01:20:19 [INFO] JVM vendor: Oracle Corporation
2013-05-28T01:20:19 [INFO] JVM version: 22.1-b02
2013-05-28T01:20:19 [INFO] JVM started: 2013-05-28 05:20 GMT
2013-05-28T01:20:19 [INFO] Running interactively under super-user: root.
2013-05-28T01:20:19 [INFO] Initializing JDBC drivers.
2013-05-28T01:20:20 [WARN] No valid licenses were found. This will prevent site modification and the running of scans.
2013-05-28T01:20:23 [INFO] Configuring web server.
2013-05-28T01:20:29 [INFO] Generating skin: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-skin.js
2013-05-28T01:20:29 [INFO] Generating feature set: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-features.js
2013-05-28T01:23:53 [INFO] Web server subsystem initialized.
2013-05-28T01:23:53 [INFO] Initializing scheduler...
2013-05-28T01:23:53 [INFO] Starting Scheduler
2013-05-28T01:23:53 [INFO] Scheduler subsystem initialized.
2013-05-28T01:23:53 [INFO] Initializing administrative alerters.
2013-05-28T01:23:53 [INFO] Initializing postgresql database manager for //127.0.0.1:5432/nexpose.
2013-05-28T01:23:55 [INFO] Starting up postgresql DB system
2013-05-28T01:23:57 [INFO] PostgreSQL service status: 1.
2013-05-28T01:23:57 [INFO] Determining whether database nexpose exists
2013-05-28T01:23:58 [INFO] PostgreSQL 9.0.13 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-52), 32-bit
2013-05-28T01:23:58 [INFO] Database schema version: 103
2013-05-28T01:23:58 [INFO] Initializing update processor.
2013-05-28T01:23:59 [INFO] Checking for the existence of an update table in staging directory /opt/rapid7/nexpose/updates/pending/updates/updates.
2013-05-28T01:23:59 [INFO] Checking for approved updates.
2013-05-28T01:23:59 [INFO] Processing content update stream.
2013-05-28T01:23:59 [INFO] Processing product update stream.
2013-05-28T01:23:59 [INFO] No approved updates found for processing.
2013-05-28T01:23:59 [INFO] Starting auto-update.
2013-05-28T01:23:59 [INFO] Checking for new updates.
2013-05-28T01:23:59 [INFO] Establishing HTTP connection with updates.rapid7.com via proxy updates.rapid7.com:80.
2013-05-28T01:24:04 [INFO] Checking for new updates for product ID 281474976711146.
2013-05-28T01:24:06 [INFO] Found 0 updates for product ID 281474976711146.
2013-05-28T01:24:06 [INFO] Checking for new updates for product ID 300.
2013-05-28T01:24:08 [INFO] Found 0 updates for product ID 300.
2013-05-28T01:24:08 [INFO] Checking for new updates for product ID 281474976710757.
2013-05-28T01:24:10 [INFO] Found 0 updates for product ID 281474976710757.
2013-05-28T01:24:10 [INFO] No new updates to download.
2013-05-28T01:24:10 [INFO] Checking for updates pending approval.
2013-05-28T01:24:10 [INFO] Approved 0 out of 0 pending updates.
2013-05-28T01:24:10 [INFO] Checking for the existence of an update table in staging directory /opt/rapid7/nexpose/updates/pending/updates/updates.
2013-05-28T01:24:11 [INFO] Checking for approved updates.
2013-05-28T01:24:11 [INFO] Processing content update stream.
2013-05-28T01:24:11 [INFO] Processing product update stream.
2013-05-28T01:24:11 [INFO] No approved updates found for processing.
2013-05-28T01:24:11 [INFO] Auto-update completed successfully.
2013-05-28T01:24:12 [INFO] Checking for the existence of an update table in staging directory /opt/rapid7/nexpose/updates/pending/updates/updates.
2013-05-28T01:24:12 [INFO] Staged 0 updates.
2013-05-28T01:24:12 [INFO] Current DB_VERSION = 103, current DB_REINDEX = 35
2013-05-28T01:24:12 [INFO] Verifying database version...
2013-05-28T01:24:12 [INFO] Installed DB VERSION = 103
2013-05-28T01:24:12 [INFO] Database version 103 is up to date
2013-05-28T01:24:12 [INFO] Database does not require upgrading
2013-05-28T01:24:12 [INFO] Initializing datastore login module.
2013-05-28T01:24:12 [INFO] Synchronizing authentication sources.
2013-05-28T01:24:12 [INFO] Synchronizing XML users with datastore...
2013-05-28T01:24:19 [INFO] Starting up postgresql DB system
2013-05-28T01:24:19 [INFO] PostgreSQL service status: 1.
2013-05-28T01:24:36 [INFO] Initializing extension manager...
2013-05-28T01:24:36 [INFO] Completed initializing the extension manager.
<a href="http://blog.51cto.com/attachment/201306/124344136.png" target="_blank"></a>
輸入使用者名 密碼,使用者名 密碼為自行設定
<a href="http://blog.51cto.com/attachment/201306/131256246.png" target="_blank"></a>
看到這個截圖證明漏洞掃描可以正常工作了。
軟體使用
https://ip:3780 首先要登入成功,安裝期間已經建立過使用者了,輸入使用者名和密碼。
HOME->new static stie =>
General ,name :10.20.10.128
Assets:included assets:10.20.10.128
Scan setup:Full audit
==>Save
回到HOME,site listing =>Scan
本文轉自 mailfile 51CTO部落格,原文連結:http://blog.51cto.com/mailfile/1214734,如需轉載請自行聯系原作者
![Bugku-WEB-web33[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)