Writing advanced custom vulnerability checks in Nexpose
Vulnerability scanners are a must have for any company that want to actively protect itself from threats.
They enables recognizing, categorizing and characterizing vulnerabilities, among computers, network infrastructure, software, and hardware systems.
One of the deciding factors when choosing a vulnerability scanner is its vulnerabilities database and the checks applied to verify the existence of these vulnerabilities.
However, as much as vendors like to praise their products on how much they are effective at finding these stuff. One crucial aspect of any product is the level of customization that it provides to the user.
A product who depends only on its own definitions and functions can sometimes be very limited in practicality for some users and companies.
Luckily, the product that we will be looking at today offers such level of customization.
Rapid7’s Nexpose contains a lot of vulnerability checks, and I mean a lot. As the time of this writing, he is sitting at 475460 checks.
But there are times when writing vulnerability checks is necessary such as scanning the network for any usage of default passwords unique to the company or scanning for an old vulnerability that isn’t available in the built-in checks.
So how easy it is to write these checks on Nexpose, one might ask. The answer is quite easy.
The documentation provided by Rapid7 could get us started in no time, and can be very useful in understanding how Nexpose handles its vulnerability checks [Link below].
Writing Vulnerability Checks
This is a tutorial on developing custom vulnerability checks in Nexpose. If you are new to vulnerability development in…
Also another great resource that contain multiple examples to get you started, and to help you understand more about Nexpose custom checks is @BrianWGray github repo [Link below].
You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…
Unfortunately, after writing your first check and starting to get familiar with the subject matter you will encounter the issue that many people (including me) have all met when starting and that is
Where can I find more resource and more examples to write checks that are more complex and advanced?
Well the irony is that even though Rapid7 doesn’t provide us with the necessary documentation to write these advance checks, but Nexpose does.
How you may ask? Let’s take a look.
Nexpose Built-In checks
As we’ve explained before Nexpose comes with a lot of vulnerability checks. In addition, all of those checks available for us to look at.
If you followed the tutorial and built, your first check. You have certainly come across this folder.
Path : “[Installation Folder]\nexpose\plugins\java\1\”
These folders contains majority of the built-in vulnerability checks. Inside of each one of them, you’ll find a structure similar to this.
The file “checks.jar” contains multiples (.vck) files related to the plugin. A simple extract of the jar file with “7z” for example will reveal this.
Looking at these “checks.jar” files should be a great resource for learning and writing more advanced checks.
A big thanks to @BrianWGray and his work on this subject. Here is a link to his github page.
BrianWGray - Overview
Sign up for your own profile on GitHub, the best place to host code, manage projects, and build software alongside 40…
Thanks for reading.
Questions? Comments? Contact me via twitter @nas_bench