Hello,
i tried to install the free NeXpose Applikation on Kali, but the installation fail.
Its seems that the installer cant create a database.
Did someone install NeXpose on Kali and get it to work?
Greetings,
Amerzeroth
Hello,
i tried to install the free NeXpose Applikation on Kali, but the installation fail.
Its seems that the installer cant create a database.
Did someone install NeXpose on Kali and get it to work?
Greetings,
Amerzeroth
I think I tried it once and had the same problem. It would be great if anyone could get it to work.
Hi. I have read that they (Rapid7) will start supporting Debian in their next release^^ https://community.rapid7.com/communi...ian-and-beyond but ATM I have found a guide that might work. Haven't tried yet though. Let us know if you decide to give it a try http://debinfosec.blogspot.kr/2012/0...on-debian.html
Edit* Wait I think we are on squeeze? So before you follow the above let me see if I can figure it out. Ill report back soon.
***Sorry I get stopped at the Request Product Key Stage. I don't have access to any paid E-mail services. Unfortunately my Internet Service provider also prevents me from running my own mail server as well... So I have no way to register
Anyone willing to help me here with a PM? Thanxs***
I believe it will work however, must make sure you don't have postgresql running as it uses the one of the same ports required by nexpose.
So the way I got it to start the install was by issuing the commands:
**Edit StandbyCode:service postgresql stop chmod +x NeXposeSetup-Linux32.bin ./NeXposeSetup-Linux32.bin
I just realized I can get a free email acct with my domain name. Need to give it some time to propagate though. I'll report back asap about my findings.
Last edited by charonsecurity; 2013-03-26 at 17:11.
We're not on Squeeze, we're on Wheezy
Ok I got it installed and working. Though I only did a basic scan (cause its literally 4 in the morning for me and boy am I tired..)
There are a few things that need to be done. We need to install some dependencies that are missing.
As I was installing I kept getting an error of running out of Java VM Memory. So to fix that:Code:apt-get install libstdc++5
cd into this directory,
And we need to edit a file NeXposeEnvironment.envCode:cd /opt/rapid7/nexpose/nsc/
Look for some lines and change them accordingly to match or how you feel will best fit your system; here are the changes I made:Code:pico NeXposeEnvironment.env
Oh also make sure that you DO NOT have (by default anyway) postgresql running as it is using one of the ports that nexus requires.Code:#-Xmx$(max-mem) -Xmx1536m -XX:NewSize=$(min-newsize) -XX:MaxNewSize=$(max-newsize) #-XX:MaxPermSize=160m
--Do this before starting nexus.Code:service postgresql stop
From there it worked for me. Though I need to go through it more thoroughly to make sure all functions work correctly.
I didn't run into any database errors that were reported by Amerzeroth, I was specifically looking for that.
I hope it helps Tomorrow I will play with this some more to see if I missed anything.
Enjoy!
**Edit2
So this morning I did a Full Audit on my server, and all went smooth. Even found a vulnerability that is exploitable through metasploit o.O (just a DoS vuln) so just finished fixing that. I have never used Nexpose until just recently. Seems like a great piece of software for security analysis!
Last edited by charonsecurity; 2013-03-27 at 05:17.
This has been filed as a bug report here
***Until this bug is officially fixed the official word from Kali developers is to stop/start Nexpose and Metasploit as needed. They will both run, just not at the same time because they are both using the same Postgresql port***
***If you are in an Emergency situation where you have to have a work around right now, the following emergency workaround will work, however please consider your installation broken after completing these steps. Please note the following steps are NOT "suggested" as a long term solution by Kali developers.***
Remove the installed metasploit packages and place them on hold:
You must remove all metasploit foldersCode:apt-get remove metasploit && metasploit-framework echo "metasploit"|dpkg --set-selections echo "metasploit-framework"|dpkg --set-selections
Now download neXpose and Metasploit from the rapid7 site and make them executable:Code:updatedb && locate metasploit rm -rf /usr/share/metasploit-framework/ && rm -rf /usr/share/doc/metasploit/ && rm -rf /usr/share/doc/metasploit-framework/
http://www.rapid7.com/products/nexpo...-downloads.jsp
http://www.rapid7.com/products/metasploit/download.jsp
64-Bit Kali Example:
Then simply run the packages one at a time to install:Code:cd /tmp wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run chmod 755 metasploit-latest-linux-x64-installer.run wget http://download2.rapid7.com/download/NeXpose-v4/NeXposeSetup-Linux64.bin chmod 755 NeXposeSetup-Linux64.bin
thenCode:./metasploit-latest-linux-x64-installer.run
After that everything should be working as expected and you can run both neXpose and Metasploit at the same time.Code:./NeXposeSetup-Linux64.bin
Last edited by brav0hax; 2013-03-27 at 16:34.
Hi,
after installation, i get this error,
2013-03-30T22:46:39 [ERROR] Failed to initialize db queue manager
2013-03-30T22:46:39 [INFO] Initializing datastore login module.
2013-03-30T22:46:39 [ERROR] A critical error occured during initialization
2013-03-30T22:46:39 [WARN] Cannot add Nexpose connection pool JMX Bean
2013-03-30T22:46:40 [INFO] Accepting web server logins.
2013-03-30T22:46:40 [INFO] Found a pending maintenance task: NexposeRecovery
2013-03-30T22:46:40 [INFO] Entering maintenance mode, only administrator logins permitted.
2013-03-30T22:46:40 [INFO] Maintenance Task Started
> 2013-03-30T22:46:41 [INFO] [Started: 2013-03-31T02:45:40] [Duration: 0:01:00.865] Security Console started.
2013-03-30T22:46:41 [INFO] Security Console web interface ready. Browse to https://localhost:3780/
anybody know how fix this ?
Skorpinok, did you stop postgresql beforehand? Also, did you make sure you have the dependencies covered, and how much ram are you running with?
Thanxs
Fact, Science and the Pursuit of Knowledge. Working to secure your networks from threats; Outside and Within.
Yes i did stop postgresql before i started nexpose for the first time right after installation, i have total 6GB Ram, 3GB is dedicated to kali, virtual hard drive is 156 GB. what dependencies should be covered?
Here is the detailed list of error:
root@kalinux:~# service postgresql stop
[ ok ] Stopping PostgreSQL 9.1 database server: main.
root@kalinux:~# /opt/rapid7/nexpose/nsc/nsc.sh
Please switch to the NeXpose nsc directory before running the security console.
root@kalinux:~# cd /opt/rapid7/nexpose/nsc/
root@kalinux:/opt/rapid7/nexpose/nsc# /opt/rapid7/nexpose/nsc/nsc.sh
Checking for available jvms
Validating jre in directory _jvm1.7.0_03
Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
2013-03-31T10:49:41 [INFO]
2013-03-31T10:49:41 [INFO] OS Information
2013-03-31T10:49:41 [INFO] ------------------------------------------------------------
2013-03-31T10:49:41 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-03-31T10:49:41 [INFO] User name: root
2013-03-31T10:49:41 [INFO] Computer name: kalinux
2013-03-31T10:49:41 [INFO] Operating system: Debian Linux Kali Linux 1.0
2013-03-31T10:49:41 [INFO] Total memory: 3041460 KBytes
2013-03-31T10:49:41 [INFO] Available memory: 2633100 KBytes
2013-03-31T10:49:41 [INFO] CPU speed: 2179MHz
2013-03-31T10:49:41 [INFO] Number of CPUs: 1
2013-03-31T10:49:41 [INFO] Super user: true
2013-03-31T10:49:41 [INFO] JVM started: Sun Mar 31 10:49:35 EDT 2013
2013-03-31T10:49:41 [INFO] JVM uptime: 3 seconds
Checking graphics environment...
OK
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
The Java virtual machine is exiting with code 0
Using jre at _jvm1.7.0_03
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
Logging to file /opt/rapid7/nexpose/update.log
Checking for available jvms
Validating jre in directory _jvm1.7.0_03
Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
2013-03-31T10:49:43 [INFO]
2013-03-31T10:49:43 [INFO] OS Information
2013-03-31T10:49:43 [INFO] ------------------------------------------------------------
2013-03-31T10:49:43 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-03-31T10:49:43 [INFO] User name: root
2013-03-31T10:49:43 [INFO] Computer name: kalinux
2013-03-31T10:49:43 [INFO] Operating system: Debian Linux Kali Linux 1.0
2013-03-31T10:49:43 [INFO] Total memory: 3041460 KBytes
2013-03-31T10:49:43 [INFO] Available memory: 2616184 KBytes
2013-03-31T10:49:43 [INFO] CPU speed: 2179MHz
2013-03-31T10:49:43 [INFO] Number of CPUs: 1
2013-03-31T10:49:43 [INFO] Super user: true
2013-03-31T10:49:43 [INFO] JVM started: Sun Mar 31 10:49:42 EDT 2013
2013-03-31T10:49:43 [INFO] JVM uptime: 0 seconds
Checking graphics environment...
OK
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
The Java virtual machine is exiting with code 0
Using jre at _jvm1.7.0_03
PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Please use CMSClassUnloadingEnabled in place of CMSPermGenSweepingEnabled in the future
2013-03-31T10:49:45 [INFO] Logging initialized. [Name = default] [Level = INFO] [Timezone = US/Eastern (Eastern Standard Time, GMT-4:00)]
2013-03-31T10:49:47 [INFO] Product Version: 5.5.15
2013-03-31T10:49:47 [INFO] Current directory: /opt/rapid7/nexpose/nsc
2013-03-31T10:49:47 [INFO] User name: root
2013-03-31T10:49:47 [INFO] Super user: Yes
2013-03-31T10:49:47 [INFO] Computer name: kalinux
2013-03-31T10:49:47 [INFO] Host Address: 127.0.1.1
2013-03-31T10:49:47 [INFO] Host FQDN: kalinux
2013-03-31T10:49:47 [INFO] Operating system: Debian Linux Kali Linux 1.0
2013-03-31T10:49:47 [INFO] CPU speed: 2179MHz
2013-03-31T10:49:47 [INFO] Number of CPUs: 1
2013-03-31T10:49:47 [INFO] Total memory: 2.9 GB
2013-03-31T10:49:47 [INFO] Available memory: 2.5 GB
2013-03-31T10:49:47 [INFO] Total disk space: 148.1 GB
2013-03-31T10:49:47 [INFO] Available disk space: 136.6 GB
2013-03-31T10:49:47 [INFO] Disk space used by installation: 584.9 MB
2013-03-31T10:49:47 [INFO] Disk space used by scans: 0 bytes
2013-03-31T10:49:47 [INFO] Disk space used by database: 61.6 MB
2013-03-31T10:49:47 [INFO] Disk space used by reports: 5.1 MB
2013-03-31T10:49:47 [INFO] Disk space used by backups: 0 bytes
2013-03-31T10:49:47 [INFO] JVM name: Java HotSpot(TM) Server VM
2013-03-31T10:49:47 [INFO] JVM vendor: Oracle Corporation
2013-03-31T10:49:47 [INFO] JVM version: 22.1-b02
2013-03-31T10:49:47 [INFO] JVM started: 2013-03-31 14:49 GMT
2013-03-31T10:49:47 [INFO] Running interactively under super-user: root.
2013-03-31T10:49:47 [INFO] Initializing JDBC drivers.
2013-03-31T10:49:48 [WARN] No valid licenses were found. This will prevent site modification and the running of scans.
2013-03-31T10:49:49 [INFO] Configuring web server.
2013-03-31T10:49:51 [INFO] Generating skin: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-skin.js
2013-03-31T10:49:51 [INFO] Generating feature set: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-features.js
2013-03-31T10:49:56 [INFO] Initializing extension manager from dir /opt/rapid7/nexpose/plugins.
2013-03-31T10:49:56 [INFO] Initializing extension manager...
2013-03-31T10:49:57 [INFO] Initialization successful
2013-03-31T10:50:42 [INFO] Web server subsystem initialized.
2013-03-31T10:50:42 [INFO] Initializing scheduler...
2013-03-31T10:50:42 [INFO] Starting Scheduler
2013-03-31T10:50:42 [INFO] Scheduler subsystem initialized.
2013-03-31T10:50:42 [INFO] Initializing administrative alerters.
2013-03-31T10:50:42 [INFO] Initializing postgresql database manager for //127.0.0.1:5432/nexpose.
2013-03-31T10:50:42 [INFO] Starting up postgresql DB system
2013-03-31T10:50:43 [INFO] PostgreSQL service status: 0
2013-03-31T10:50:43 [INFO] PostgreSQL service status: 0
2013-03-31T10:50:44 [INFO] PostgreSQL service status: 1
2013-03-31T10:50:45 [ERROR] Database initialization failed
2013-03-31T10:50:45 [INFO] Initializing update processor.
2013-03-31T10:50:45 [INFO] Security Console is launching in Maintenance Mode. Disabling update processing.
2013-03-31T10:50:45 [INFO] Update processing disabled, skipping approved update check.
2013-03-31T10:50:45 [INFO] Update processing is disabled, skipping pending update check.
2013-03-31T10:50:45 [INFO] Current DB_VERSION = 99, current DB_REINDEX = 35
2013-03-31T10:50:45 [INFO] Verifying database version...
2013-03-31T10:50:45 [WARN] Failed to upgrade db. This may prevent product operation.
2013-03-31T10:50:45 [ERROR] Failed to initialize db queue manager
2013-03-31T10:50:45 [INFO] Initializing datastore login module.
2013-03-31T10:50:45 [ERROR] A critical error occured during initialization
2013-03-31T10:50:45 [WARN] Cannot add Nexpose connection pool JMX Bean
2013-03-31T10:50:47 [INFO] Accepting web server logins.
2013-03-31T10:50:47 [INFO] Found a pending maintenance task: NexposeRecovery
2013-03-31T10:50:47 [INFO] Entering maintenance mode, only administrator logins permitted.
2013-03-31T10:50:47 [INFO] Maintenance Task Started
> 2013-03-31T10:50:48 [INFO] [Started: 2013-03-31T14:49:45] [Duration: 0:01:02.581] Security Console started.
2013-03-31T10:50:48 [INFO] Security Console web interface ready. Browse to https://localhost:3780/
Last edited by skorpinok; 2013-03-31 at 15:11.
In Kali, you have to install "apt-get install libstdc++5". Not sure if that's what your missing if you already installed that. Did you edit the NeXposeEnvironment.env file?
Fact, Science and the Pursuit of Knowledge. Working to secure your networks from threats; Outside and Within.
Hi Gents,
Any updates on this bug. Is Rapid7 moving Postgres to a non-standard port - or are we?
Cheers,
TheGoodGuy