My last blog post was related to setting up Nessus home edition scanner for your lab to do testing. Nessus is properly what I am most familiar with and I like it. I also have some experience using Qualys scanner but it has been couple years since I have used it. However, the scanning technology that I have only heard of but never actually used is Nexpose. So for that reason, I figured I give it a try.
Similar to other commercial scanning technologies, there is a community edition of Nexpose that you can download in your home lab for testing from here.
They have a pretty straightforward user/installation guide here, which I followed in my installation. But just in-case, here is the high-level overview of how I did my setup.
- Selected the VMWare Virtual Appliance option of the Community Edition
- Completed the online forum and received the activation code in the email
- The download contains 1.02GB of .ova file called NexposeVA.ova
- I opened that file using VMWare Workstation
- Please note that by default, it allocates 8GB of memory, 2 processors and 160GB of disk space. So, please modify these settings if you do not have those resources available before you power-on the VM.
- After the VM completely boots, you will login using the following credentials: login: nexpose password: nexpose (please change this)
- If you just want to complete the most basic setup and want to get up and running immediately without messing with any of the advanced configurations or upgrades, the only configuration you need to do is networking. The virtual appliance is set up in bridge mode by default and should be able to get you an IP automatically. But if you need to give it static IP then you will have to do that manually.
- At this point, you are pretty much done with the setup. You will be able to complete the rest of the setup by accessing your Nexpose instance by typing following in your browser: https[:]//[VM-IP-Address]:3780
- The default username for the web interface is: nxadmin and the password is: nxpassword
- After your first login, the initialization process will take some time. For me, it was about 5-7 minutes.