History

Windows XP Alpha

Rapid7 has released an alpha version of NeXpose for the 32-bit version of Windows XP Professional SP3.

Our development work vastly improves scan speeds in response to Microsoft restrictions on accessing raw sockets, which slowed scans considerably on XP and several other Windows operating systems. Speed is only one consideration in this alpha program. Scan accuracy and overall scan performance are equally important considerations.

We encourage you as a valued member of the NeXpose community to try out this release. If you have the time and resources, please consider comparing the speed and accuracy of this alpha version with another recent NeXpose version. Send all observations, suggestions, and questions, to the mailing list. If you are not already a member, sign up here: https://mail.metasploit.com/mailman/listinfo/nexpose-users.

Installation and Activation

  1. Download the installer http://download2.rapid7.com/download/NeXposeWinXP-v4/NeXposeWinXPSetup-Windows32.exe.
  2. Download the md5sum file to ensure that the installer was not corrupted during download http://download2.rapid7.com/download/NeXposeWinXP-v4/NeXposeWinXPSetup-Windows32.exe.md5sum.
  3. Go to the Community registration page, and register to receive the activation code http://www.rapid7.com/vulnerability-scanner.jsp. Even if you have already registered for NeXpose Community Edition and have a running version of NeXpose, you will need to register again to participate in this alpha program.

NOTE: This is a one-off installation. Do not install it as an update to another NeXpose version, and do not install future versions of NeXpose as updates to this alpha version.

Take a look at the following suggestions to help you test this release and gather data that we can use to perfect our support for this popular platform.

Scan Targets

Try varying your scan systems and targets as much as possible for both consoles and engines. Scan from systems with multiple types of interfaces (wired, wireless, or VPN). For targets, the more varied and interesting the target networks or transit routes, the better. Please add any reports to the table here.
Scan Interface Scan Target(s) Result
Wired Ethernet Red Hat Enterprise Linux 5.3, Windows Server 2003 Works as expected

Interface Discovery Tests

Try scanning different interface types (wired, wireless, or VPN) from multiple manufacturers. If you encounter any issues with interface discovery, the following feedback can help us reproduce and address them:

  • Operating System: The operating system used to run the NeXpose Scan Engine. Please include service patch level if applicable.
  • Type: The network interface the NeXpose Scan Engine did not scan through (wired, wireless, or VPN).
  • Name: The name of the interface.
  • MAC: The MAC address associated with the interface.
  • Source IP Address: The source IP address associated with the interface.
  • Source Network Mask: The network mask associated with the source IP address.
  • Gateway IP Address: The gateway IP address associated with the interface.
  • DNS Server IP Address: The DNS server IP address associated with the interface.
  • Alpha Defect: Does the scan result occur on both the current version of NeXpose and the Alpha version? Yes/No?
  • Any additional information about the scan result that might be useful.

You can find most, if not all, of the requested information by looking at the NeXpose logs in {{$NEXPOSE_ROOT/nsc/nsc.log}}.

Multi-interface Selection Validation

Try scanning different protocols (ICMP, TCP, and UDP) using different interface types (wired, wireless, or VPN). If your test system happens to have multiple interfaces up at the same time, Windows will use a few methods to ensure that traffic is routed over the proper interface. If you encounter any issues with multiple interfaces, the following feedback can help us address them:

  • Operating System: The operating system used to run the NeXpose Scan Engine (please include service patch level if applicable).
  • Network Interface Type: The network interface the NeXpose Scan Engine did not scan through (wired, wireless, or VPN).
  • Target IP: The destination IP address(es) of the scan.
    • Target Domain Resolved: If the target IP address was a domain name did the domain name resolve? Yes/No?
  • Protocol: The IP protocol scanned.
  • Proper Route: The proper route was used to transmit the request? Yes/No?
    • Proper Route Source IP address: The source IP address associated with the interface routed through.
    • Proper Route Source Network Mask: The network mask associated with the interface routed through.
  • Host Discovered: Was the host discovered?
  • Interfaces Enabled: Were there multiple interfaces enabled when the scan was run? Yes/No?
  • Alpha Defect: Does the scan result occur on both the current version of NeXpose and the Alpha version? Yes/No?
    • For each interface on the NeXpose host please provide:
      • Type: The network interface the scan engine did not scan through (wired, wireless, or VPN).
      • Name: The name of the interface.
      • MAC: The MAC address associated with the interface.
      • Source IP Address: The source IP address associated with the interface.
      • Source Network Mask: The network mask associated with the source IP address.
      • Gateway IP Address: The gateway IP address associated with the interface.
      • DNS Server IP Address: The DNS server IP address associated with the interface.
  • Any additional information about the scan result that might be useful.

You can find some of the required information from the NeXpose logs in {{$NEXPOSE_ROOT/nsc/nsc.log}}.

Host Discovery

Try running discovery scans on multiple hosts using different interfaces (wired, wireless, or VPN) and protocols (ICMP, TCP, and UDP). If you encounter any issues discovering hosts, the following feedback can help us address them:

  • Operating System: The operating system used to run the NeXpose Scan Engine (please include service patch level if applicable).
  • Network Interface Type: The network interface the NeXpose Scan Engine did not scan through (wired, wireless, or VPN).
  • Target Network: The destination IP address(es) of the scan.
  • Protocol: The IP protocol (ICMP, TCP, or UDP) used to discover host(s) on the target network.
  • Duration (Second(s)): The duration of the scan performed in second(s).
  • Host(s): The number of discoverable host(s) on the target IP/Network.
  • Host(s) Discovered: The number of host(s) discovered. Please include a list of each host IP address.
  • Host(s) Discovered In Error: The number of host(s) discovered in error (the IP address does not have an active host). Please include a list of each host IP address.
  • Host(s) Not Discovered: The number of host(s) not discovered that should have been discovered. Please include a list of each host IP address and provide the following information:
    • Target Host Operating System: The operating system of the target host (please include service patch level if applicable).
    • Target Host Received Data: Did the target host receive connection(s) from the NeXpose Scan Engine?
      • To determine an answer to this question tcpdump or wireshark can be used.
      • Examine log files for services that might have been contacted by the NeXpose Scan Engine.
      • Examine log files for the host firewall service if a firewall service is present.
    • Target Host Firewall Enabled: Did the target host have a firewall enabled?
      • Target Host Firewall Rule(s): If a firewall is enabled on the target host can you provide the firewall rule(s)?
  • Alpha Defect: Does the scan result happen on both the current version of NeXpose and the Alpha version?
  • Any additional information about the scan result that might be useful.

You can find some of the required information from the NeXpose logs in {{$NEXPOSE_ROOT/nsc/nsc.log}}.

Service Discovery

We ask that you try scanning a variety of ports with multiple interfaces (wired, wireless, or VPN), different protocols (TCP, UDP) and different scan options. If you encounter any issues discovering services, the following feedback can help us address them:

  • Operating System: The operating system used to run the NeXpose Scan Engine (please include service patch level if applicable).
  • Network Interface Type: The network interface the NeXpose Scan Engine did not scan through (wired, wireless, or VPN).
  • Target IP: The destination IP address of the scan.
    • Target Domain Resolved: If the target IP address was a domain name did the domain name resolve? Yes/No?
  • Target Host Operating System: The Operating System of the target host (please include service patch level if applicable).
  • Target Host Received Data: Did the target host receive connection(s) from the NeXpose Scan Engine?
    • To determine an answer to this question tcpdump or wireshark can be used.
    • Examine log files for services that might have been contacted by the NeXpose Scan Engine.
    • Examine log files for the host firewall service if a firewall service is present.
  • Target Host Firewall Enabled: Did the target host have a firewall enabled?
    • Target Host Firewall Rule(s): If a firewall is enabled on the target host can you provide the firewall rule(s)?
  • Target netstat Output: Please provide the output from the netstat or equivalent command.
  • Protocol: The IP protocol (TCP or UDP) used to discover service(s) on the target host.
  • Scan Type: The type of scan performed. For example “TCP Full Connect” vs. “TCP SYN Scan” or “UDP RAW Socket” selected vs. “UDP RAW Socket” not selected.
  • Duration (Second(s)): The duration of the scan performed in second(s).
  • Port List: The protocol (TCP or UDP) port(s) scanned.
    • Open Port(s) Discovered: The number of port(s) discovered as open. Please include a list of each port.
    • Open Port(s) Discovered In Error: The number of port(s) discovered as open in error (the port was not open). Please include a list of each port.
    • Open Port(s) Not Discovered: The number of port(s) not discovered as open that should have been discovered as open. Please include a list of each port.
  • Alpha Defect: Does the scan result happen on both the current version of NeXpose and the Alpha version?
  • Any additional information about the scan result that might be useful.

You can find some of the required information from the NeXpose logs in {{$NEXPOSE_ROOT/nsc/nsc.log}}.

Product Interaction with Third-Party Applications

Let us know if you encounter any conflicts between NeXpose and third-party applications, such as Wireshark, nmap, etc. If you do encounter issues, the following feedback can help us address them:

  • Operating System: The operating system used to run the NeXpose Scan Engine (please include service patch level).
  • Product Name: The third party application that experienced or produced an interaction issue with the Nexpose Scan Engine.
  • State of Environment: NeXpose was loaded and operation when the third party application was loaded or NeXpose was loaded but exited before the third party application was loaded.
  • Observed Failure: Please provide an explanation for the interaction issue experienced.
    • Did the observed failure impact the NeXpose Scan Engine?
    • Did the observed failure impact the third party application?
  • Alpha Defect: Does the interaction issue happen on both the current version of NeXpose and the Alpha version?
  • Any additional information about the scan result that might be useful.