Request a Demo Contact Us
Bugcrowd Acquires Informer to Enhance Offerings Across Attack Surface Management and Penetration Testing
Learn More

Nexpose Vulnerability Scanner

The Nexpose vulnerability scanner is an automated penetration testing system that discovers software applications and services and then identifies their security vulnerabilities.

Nexpose vulnerability scanner is an automated penetration testing system. Nexpose can help you identify the open ports, applications, and services on each scanned machine. Nexpose will then seek vulnerabilities based upon the attributes of these discovered and known applications and services. 

Penetration testers generally work through a list of likely attack vectors and then observe and analyze the outcome of this activity.  Vulnerability managers such as Nexpose methodically works through targeted vulnerabilities which might be appealing to hackers. Nexpose works continually to detect vulnerabilities. Each new component added to a system is checked. Also, new exploit data will, in turn, drive Nexpose activity. 

The Nexpose vulnerability scanner is available in both paid and free versions. This is similar to the product led growth strategy used for many software products. Once a user tries the free version, they can validate the user interface, reporting, and other basic functionality they expected. Once they are regularly using the free version, they are very likely to upgrade to the paid version to get additional functionality, expanded licensing, and other capabilities. 

Nexpose scanning exposes exploits, which are then scored or ranked between 1 and 1,000. This detailed scoring stands in sharp contrast to other freemium vulnerability scanners where scoring vulnerability scoring might  be as simple as just low, medium, or high, or perhaps ranked 1 through 10.

The Nexpose vulnerability scanner is quite flexible. Nexpose supports on-premise physical, virtual, mobile and cloud environments. Nexpose has a desirable feature called Live Monitoring. Live Monitoring collects data and creates action plans. Vulnerabilities that are exploited are first prioritized by Nexpose. This keeps security operations teams from getting overloaded with security alerts. There is also a Live boards feature that eliminates static reports. Live boards visual reporting is constantly updated in real time to provide much better visibility and threat awareness. Nexpose also has a very useful feature called Remediation workflow, which  tracks and manages the security team’s operations and monitors the overall progress of the team in addressing the identified vulnerabilities.

Nexpose also has a Policy manager. These are useful to validate compliance with a variety of standards. The Policy manager scan will assess the overall rate of compliance for your assets and then provide the option for exporting the policy scan data into a .CSV or .XLS file. Policy rules can also be bypassed with an override. In order to do this, you can configure overrides for each individual rule. Groups of policy rules cannot be overridden. 

Nexpose Reporting

Your organization may require that many individuals have access to both asset and vulnerability data without logging into the Nexpose security console. Nexpose reports make it easy to distribute key information to stakeholders in standard formats without requiring such a login. Reports can present many ways to present and highlight scanning data. All of this data is delivered to you in a report format. This report will help you to assess risk and then prioritize the vulnerabilities accordingly, so you can take necessary action. It is important to note that report templates are also available for a multiplicity of purposes. You can acquire Nexpose report templates to help assess compliance with PCI, the US Government Configuration Baseline (USGCB), the Federal Desktop Core Configuration (FDCC) policies, and many standards, regulations, and frameworks.

Integrating Nexpose with Metasploit

The Nexpose vulnerability scanner integrates with Rapid7’s Metasploit to then support vulnerability assessment and validation. Nexpose can identify exploits and determine that the system is truly vulnerable. Once validated, this data can help security teams reduce false positives, test remediation measures, and confirm identified vulnerabilities. Metasploit Pro version provides a connector that enables the addition of a Nexpose Console. Now you can initiate a vulnerability scan directly from the web interface and import the results of the scan into a project file. Alternately, you can run scans from Nexpose and then import the scan results reporting into Metasploit Pro for validation and vulnerability analysis. 

Dynamic Discovery

The information technology assets in most organizations change frequently. Usage patterns similarly change. Only two years ago, not many employees were working from home. Today things are very different. 

To make all of this work, Nexpose manages a dynamic asset inventory. Regular scans help keep this up to date so that it provides the most utility to managing and improving your cybersecurity posture. However, a scan is a picture of your cybersecurity posture as a moment in time. Nexpose supports Dynamic discovery. Dynamic discovery allows asset discovery and management in real time. Dynamic discovery connects to an API that manages asset environments and then can receive regular updates about any changes in that environment. 

So long as the discovery connection is active, then assets will be discovered without any specific actions by the security team. 

Nexpose Installation 

Nexpose is installed in several parts including the server, the Nexpose security console, and the scan engines (which do the data gathering). There is quite a bit of flexibility in how you can configure Nexpose. You can actually install the Nexpose security console in any location and then communicate remotely with the scan engines on numerous sites. 

The scan engine and the scan console require these versions of operating systems as of the end of 2021:

  • Red Hat Enterprise Linux Server 6, 7, or 8
  • CentOS 7
  • Oracle Linux 7
  • Ubuntu Linux 16.04 LTS, 18.04 LTS, or 20.04 LTS
  • Microsoft Windows Server 2012 R2, 2016, or 2019
  • Microsoft Windows 8.1
  • SUSE Linux Enterprise Server 12

Also, of high interest, there are Scan Engine versions available for both the Amazon AWS and Microsoft Azure cloud platforms. In this scenario, the operating system must be implemented in a 64-bit version.  The console is then accessed through a Web browser. These are the web browsers that are commonly used:

  • Mozilla Firefox
  • Mozilla Firefox ESR
  • Google Chrome
  • Microsoft Edge


Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.