Nexpose 5.6 release notes

Document created by mglinski Employee on Apr 18, 2013Last modified by mglinski Employee on Apr 24, 2013
Version 4Show Document
  • View in full screen mode

Release Announcement
product & content updates

This Rapid7® Nexpose® 5.6 release includes new features and improvements in remediation reporting, configuration assessment, scanning, scan configuration, and user education.


These release notes document what's new in this Nexpose release. Your Nexpose installation will automatically download and install content updates. If you have enabled Nexpose to install product updates, it will do so as well. For information about restarting Nexpose after updating, see the Nexpose release announcement FAQ.

Reporting| product

New remediation report templates

New Top Remediations report templates provide short actionable plans that allow you to make the most impactful decisions to reduce risk in your organization. One of these templates provides a high-level summary, and the other provides additional details about the remediation actions and the affected assets.

Report template search feature

When creating a report, you can now use a search field to help you find a specific template. Just enter a few letters from the template's name, and the template carousel displays all templates with names that include those letters. This convenient feature helps you find templates quickly and generate reports more efficiently.

Configuration assessment | product

CIS benchmark coverage expands to Red Hat Enterprise Linux

Your security coverage now includes the following CIS-certified benchmarks:

  • CIS Benchmark for Red Hat Linux 4 Benchmark v1.0.5, Level I Profile
  • CIS Benchmark for Red Hat Linux 5 Benchmark v2.0.0, Level I Profile
  • CIS Benchmark for Red Hat Linux 5 Benchmark v2.0.0, Level II Profile
  • CIS Benchmark for Red Hat Linux 6 Benchmark v1.1.0, Level I Profile
  • CIS Benchmark for Red Hat Linux 6 Benchmark v1.1.0, Level II Profile

You can also customize these built-in CIS RHEL benchmarks to meet any specific needs.

Scanning | product & content


Improvements to Web scanning accuracy and performance give you better visibility into the security of your Web assets:

  • Results have been improved for vulnerability checks for operating system command injection vulnerabilities.
  • Vulnerability checks have been improved for situations where the Web spider "rewrites" certain URLs after inspecting the directory structures of scan targets.
  • The process for detecting  session expiration for authenticated Web spider instances uses memory more efficiently, resulting in better overall system performance.
  • Spidering Web sites now consumes less memory.


Permission elevation | product

You can now elevate Scan Engine permissions on target assets that authenticate with SSH. Using sudo, su, or a combination of these methods, you can give the Scan Engine better access to these targets for deeper scanning while reducing administrative overhead with credential management.

Scan configuration | product

When configuring authentication for the Web spider, you can specify a logon URL other than the asset that you are scanning.

You can now configure a higher number of simultaneous connection requests in the Parallelism setting in the Discovery Performance area of scan templates. This can speed up scans under favorable network conditions. The maximum value is now 1000.

Web interface & usability| product


A number of improvements make using the Web interface easier:

  • The Vulnerabilities page loads much more quickly, allowing you to assess your security issues more efficiently.
  • The Security Console now restarts automatically after successfully completing data maintenance and backup/restore routines.
  • The processes for editing and saving a site complete as quickly for sites with non-administrative users as for sites with only administrative users.
  • A correction ensures that users without the Manage Site Credentials permission can now save sites that contain shared credentials.
  • A report-scheduling issue related to Firefox has been corrected. Now, reports scheduled for 8 a.m. or 9 a.m. are no longer incorrectly slated to run at midnight; and reports scheduled for 8 p.m. or 9 p.m. are no longer incorrectly slated to run at noon.
  • A correction ensures that report configuration doesn't appear unresponsive when a user attempts to save an improperly configured report. The Security Console displays an error message, pointing out the problem with the configuration.
  • The Asset Group Listing table on the Home page is now located above the Ticket Listing table, giving it better visibility for you as you manage your asset groups.
  • Options on the Administration page are now sorted alphabetically, which makes it easier to perform administrative tasks.
  • The look and feel of the Security Console Web interface incorporates a cleaner, more open, look that maximizes visual space.

User education | product

The administrator's guide now includes capacity planning guidelines to help you predict disk usage and performance in key activities, such as scanning and reporting.

The Web interface now provides context-sensitive Help links for site configuration. Click these links to read brief explanations to help you make selections or take actions. The explanations also include links to specific areas in Help, where you can read more detailed instructions or background information.

Product Update IDs

  • Linux 32 | Update ID: 1498029964
  • Linux 64 | Update ID: 1492287499
  • Windows 32 | Update ID: 1899904189
  • Windows 64 | Update ID: 1529064555

Content update ID

  • Update ID: 2017386909


   Released on April 24, 2013 (see the FAQ).    


md5sum files 


Use the appropriate md5sum file to ensure that the installer was not corrupted during download: