It will take nearly two to three minutes to scan the entire system. You can see that scan results will get displayed often containing the number of hosts, the number of services, and vulnerabilities detected. You can navigate to the Vulnerabilities tab to get the details on vulnerabilities that were discovered during the scan. On the Credentials tab, you can get information on all the interesting credentials that the scan could find. The Captured Data tab will show the data from the target computer. Notes tab will display information on HTTPS requests for some of the methods used by us. The Files tab shows the information on files shared by the target computer while the Module tab shows modules used to expose vulnerabilities.
Installing Nexpose
Nexpose is another tool created by Rapid7 and it also helps to show vulnerabilities same as Metasploit. Unlike Metasploit, Nexpose can show vulnerabilities on a much larger scale, even exploits published somewhere other than Metasploit. At the end of the scan, it allows the user to share the scan report with others and even create scheduled scans. Therefore, it is a useful tool for organizations and companies with massive infrastructure.
Nexpose does not come pre-installed with Kali. You can download it using this link -
https://www.rapid7.com/products/nexpose/download/
Users also need to put their company name and email address for downloading it. Once installation is finished, you can run it.
Nexpose Scanning
Nexpose uses its own database. To run Nexpose, make sure that you turn off the database of Kali Linux. Here is the command to execute it -
root@kali:~# service postgresql stop
After we have logged in successfully and put the Activation Key, Nexpose is ready to scan. Navigate to Home from the left menu and add a Target by clicking on Create. In the Authentication tab, enter the domain, user name and password. After that, you can select the scan type from the Templates tab. You can also choose from various scans while the default one is the Full audit without Web Spider.
Nexpose Analysis
After the scan is over, we can analyze the scan results. Nexpose shows detailed information on the targeted asset along with details on the malware, exploits, and vulnerabilities.
We can further explore details on Vulnerabilities on the page using the graphical representation on Skill Level and CVSS Score.
Nexpose scan gives different template options to save the scan reports. Audit Report offers detailed information for computer programmers whereas Executive Report is ideal for top-level experts in an organization who may lack technical skills. To generate the report, simply click Save & Run the Report.