Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

API  

Working with reports and exports via the RPC API

The Metasploit RPC API provides a straightforward, programmatic way to accomplish basic tasks with your Metasploit Pro instance. Two of the key capabilities are export generation to backup your data and report generation to summarize and share your findings. The RPC API docs are currently…

Nexpose Gem Version 0.8.0 Released

With the release of Nexpose 5.9.16, we are also releasing a new version of the gem: 0.8.0We bumped the version from 0.7 to mark several changes. First, there are two methods that would not work against the new release without…

Weekly Metasploit Update: Talking PJL With Printers

Abusing Printers with PJLThis week's release features a half dozen new modules that seek out printers that talk the Print Job Lanaguage (PJL) for use and abuse. Huge thanks to our newest full time Metasploit trouble maker, William Vu.As a penetration tester, you probably…

SQL Export Report using the API

This morning we published the release of the new SQL Query Export report. Simultaneously the Nexpose Gem has released version 0.6.0 to support this new report format in all the reporting API calls (you must update to this latest version to run the…

Kvasir: Penetration Data Management for Metasploit and Nexpose

Data management is half the battle for penetration testing, especially when you're auditing large networks. As a penetration tester with Cisco's Advanced Services, I've created a new open source tool called Kvasir that integrates with Metasploit Pro, Nexpose, and a bunch of other tools I…

[ANN] nexpose gem 0.5 Released

The nexpose gem, a Ruby library for accessing the Nexpose API (and more), has been updated to version 0.5. This version includes a number of small breaking changes from the previous version of the gem (0.2.8), hence the jump in version. Nearly…

Creating Asset Groups from IPs

I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have. What happens when you are in charge of the Nexpose console, but someone else is in charge of actually applying remediation?…

Calculating Your Average Scan Time

If you are looking to balance out your scan schedule or add new scans to the mix, it can be helpful to get some direct insight into how much time a new scan is going to take. One way to estimate that is based upon…

Bridging Asset Groups and Sites Using the Nexpose Gem

Asset Groups are a convenient feature for organizing assets based upon different criteria, including criteria that you could not have known when you configured and first ran your site scans. But many times you would actually like to run scans based off your asset groups.…

Using Scripts to Analyze Your Security Console

There is a variety of information available about your Sites and Scans that can be used to make decisions. I began thinking about how to analyze the load across Scan Engines or Sites, but quickly realized there are too many ways to break down the…

Making the Nexpose Gem Easier to Use

In an effort to make API access to Nexpose easier, some efforts are underway to make the Nexpose Gem easier to use. For those unfamiliar with the gem, it is a Ruby library that allows for easier scripting against a Nexpose security console. Changes to…

Multi-tenant User Provisioning

Introduction Performing bulk operations can be time consuming in Nexpose. A good example is user provisioning, which can take a long time. To save time, using the Nexpose APIs is an effective way to save you time and eliminate the error-prone process of doing everything…

Nexpose Site Creation - Now with More Scheduling

Got Sites?  Well now you can!One of everyone's favorite tasks in Nexpose is creating new sites.  But what if you could do it all with an interactive, menu-driven, standalone java application that leveraged the awesome Nexpose Java API client.  I know…

How to generate reports through the API

Nexpose provides a number of api methods for report management.  Through the API you can create/update a report configuration, generate a report on the fly, and view the status of the generation requests. A report configuration, in particular, is a configuration for a type…

Nexpose Reporting with the Java API Client

Nexpose reporting just got easier!Now you can manage and generate Nexpose reports though an interactive application that leverages the Nexpose Java API client.Here is a list of the options that are currently supported.List ReportsGenerate ReportsDelete ReportsDelete Report Configurations (and all associated reports)…