Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation. It is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser. There is a free "community edition" for scanning up to 32 IPs, as well as Express ($3,000 per user per year), Express Pro ($7,000 per user per year) and Enterprise (starts at $25,000 per user per year) editions.
For downloads and more information,
visit the Nexpose homepage.
While no single tool can be a "silver-bullet" in protecting networks from an internal or external perspective; Nexpose does a very thorough job.
I use the Professional Edition at work and the Community Edition at home.
Aside from some of the "Canned-Scanning" methods, the community-edition that I use for Home-based events is equally as good as the Professional.
As with any Security Vulnerability Assessment Tool, the reports are only a start to validating and finding what is really going on in the network space you are testing.
Report Card:
Discovery - A
Fingerprinting - B(-)
False Positives - B
Compliance - A(+) [PCI Very Strong]
Reporting - C
Logging - B(+)
Overall a solid tool to have in the kit; but not a one-stop shop to have 100% reliance on for every situation.
Your comment
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).
While no single tool can be a "silver-bullet" in protecting networks from an internal or external perspective; Nexpose does a very thorough job.
I use the Professional Edition at work and the Community Edition at home.
Aside from some of the "Canned-Scanning" methods, the community-edition that I use for Home-based events is equally as good as the Professional.
As with any Security Vulnerability Assessment Tool, the reports are only a start to validating and finding what is really going on in the network space you are testing.
Report Card:
Discovery - A Fingerprinting - B(-) False Positives - B Compliance - A(+) [PCI Very Strong] Reporting - C Logging - B(+)
Overall a solid tool to have in the kit; but not a one-stop shop to have 100% reliance on for every situation.