In this course, you will learn how to deploy the Nexpose tool against a variety of different targets. You will create your own custom templates and tune them to create specific policies that match the target you are assessing.
Organizations, both big and small, suffer from countless vulnerability issues. In this course, Performing Network Vulnerability Scanning with Nexpose, you will learn the foundational knowledge of using the vulnerability scanning tool, Nexpose, to assess the risk and the attack surface of a machine and/or network. First, you will learn how to prepare your toolkit and setup your sample targets to perfect your skills with your tool. Next, you will discover how to setup, configure, and customize your tool so that the deployment of it is in an effective manner and you can accurately assess the attack surface and risk of the target. Finally, you will explore how to tune and customize the Nexpose scanner to assess and evaluate web applications that are running on a web server. When you’re finished with this course, you will have the skills and knowledge of using the Nexpose Vulnerability Assessment tool to assess the weaknesses and evaluate the risk of the targets and networks to the organization's overall risk needed to effectively identify potential attack vectors from an adversary, and take the required steps to mitigate the risk of these methods of attack.
Kevin Cardwell provides consulting services for companies throughout the world and is an adviser to numerous government entities across the globe. He is an instructor, technical editor, and author for computer forensics and hacking courses. He is author of Building Virtual Pentesting Labs for Advanced Penetration Testing, first and second edition.
Course Overview Hi everyone. My name is Kevin Cardwell, and welcome to my course, Vulnerability Analysis with Nexpose. I am a freelance consultant and for more than 25 years I have been conducting vulnerability assessment tests for clients around the world. I have assessed banks, as well as many government institutions. This course will teach you how to use Nexpose to conduct a vulnerability assessment and to take the results of this and identify the risk to a system and/or network and mitigate this risk to an acceptable level. Additionally, you will learn to customize and integrate the scanning tool with the exploit framework Metasploit. In this course, we're going to install Nexpose on Windows and Linux, learn how to integrate Nexpose with the Metasploit tool, customize Nexpose policy templates to get maximum results, and perform web application scanning. By the end of this course, you will know how to use Nexpose to scan a variety of different targets and the process to customize your templates to perform scans based on analysis of the threat environment. Before beginning the course, you should be familiar with networks and IP addresses, as well as virtualization concepts and vulnerability analysis concepts as well. From here you should feel comfortable diving into security courses with courses on ethical hacking and penetration testing. I hope you'll join me on this journey to learn the critical skills for vulnerability assessments with the Vulnerability Analysis with Nexpose course at Pluralsight.
Exploring Scan Policy Templates In this module, we'll explore scan policy and templates. Within the Nexpose tool, the scan policies use templates to direct the scanner on what it needs to do. The templates maintain a set of components that we need to consider when it comes to creating the scan of choice. The first thing we want to consider is our selection. We have to decide which if any of the templates contained within the tool are best for us. Once we have selected this, we next want to consider the sequence in the steps that will be carried out as a result of the scan. These steps are carried out in a defined sequence that explains what is to be checked and what is to be conducted at each level. Each one of these steps in a sequence is compared to a database of results. This allows us to determine if the target does or does not have the vulnerability. These results are what we see when we review the findings of the scan. This is a specific statement that the data returned from the target was a specific match with respect to the data that was contained and used for in the comparison of the database. In this module, we will review the Nexpose scanning templates that are available and set up with specific steps to accomplish a specific result. We will also explore the different configurations and available options that can be chosen for a scan. Following this, we will look at the process of customizing and tuning a scan.