Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
This is a place for us to start seriously talking about vendors. Who's great, who's not, what's it cost, how does it relate to their competitors and would we buy it? A place to talk about snakeoil, and brilliant products alike. Marketing fluff is forbidden. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
NeXpose
Posted by: rsnake
Date: May 22, 2008 02:49PM

I got this email today, and I thought I'd forward it off... Any comments?

Quote

Was wondering if you knew much about Rapid7’s NeXpose product and whether its reputable or not. It’s apparently one of very few commercial products out there that scans various platforms & technologies, incl. some webapp and DB stuff (web 2.0 stuff - JavaScript, AJAX, Flash Flex, ActionScript, ASP.NET 2.0 (Atlas) and .NET 3.0). Ive also heard a top guy at Foundstone took a high level job there. Ive searched for some objective reviews of their product but haven’t come across a whole lot.

Options: ReplyQuote
Re: NeXpose
Posted by: rsnake
Date: May 29, 2008 10:30AM

Just an FYI, I ran into a customer who uses NeXpose and claims to really like it. It was finding a lot of host based vulns - I didn't see it used against any actual web applications though. It's got a pretty slick web based GUI that sits on an appliance that you deploy (similar to most of the other network VA players). Looks like it uses AJAX so page load times are fairly low, although refreshing pages can end up having some weird effects. I think that'll all be fixed though. Overall a pretty nice looking VA scanner that found some interesting results. I have no opinion about it's webappsec abilities though, as of yet.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: NeXpose
Posted by: br0kan
Date: February 18, 2009 11:50AM

Interestingly enough I just did an assessment of their product. I actually really liked it. It was pretty simple to install as a desktop solution and I agree the interface was pretty slick, it would work well from a SaaS perspective. From a desktop/server perspective, it was pretty nice, I've lost a lot of faith in Nessus as of lately as I've had some problems with it as of late. I also enjoy OpenVas but I'm always worried it doesn't have the support that Nessus did when it was open.

I'm curious what people think about eEye, especially now that they have a partnership with NTObjective. Has anyone used that solution successfully for PCI section 6 assessment coverage????

Sidenote, I'm going to be aiming NeXpose against a webpage that I pentested for a baseline. I'll see if I can release the results

Options: ReplyQuote
Re: NeXpose
Posted by: thrill
Date: February 18, 2009 05:49PM

I beta tested eEye's Retina 10 years ago before it was public, and back then it really did do a great job at scanning and reporting not only the problems, but how to resolve them. Obviously, it was aimed more at windows platforms, but the impressive part of it back then was it's scripting capabilities which I never used. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Options: ReplyQuote
Re: NeXpose
Posted by: br0kan
Date: February 19, 2009 01:13PM

Yeah I used eEye Retina about 4 years ago but ran into some problems when I tried to put out to an enterprise solution. REM was pretty buggy at the time, but they made some pretty significant changes so that's not really an issue anymore I don't think, but I wanted to get others thoughts on it.

Has anyone used the eEye web app. product?

Options: ReplyQuote
Re: NeXpose
Posted by: nil
Date: February 16, 2010 05:14AM

Hello,
I am new in this forum please guide me
Thanks

Options: ReplyQuote
Re: NeXpose
Posted by: Gareth Heyes
Date: February 16, 2010 07:06AM

@nil

Start here:http://127.0.0.1

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: NeXpose
Posted by: rvdh
Date: February 16, 2010 12:33PM

Gareth Heyes :|

How did you find my homepage at 127.0.0.1!

Options: ReplyQuote
Re: NeXpose
Posted by: Gareth Heyes
Date: February 16, 2010 01:45PM

@rvdh

I fed the keys using the keyboard provided by the manufacturer which upon commencing. lead me to your location of host within a short amount of time.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: NeXpose
Posted by: rvdh
Date: February 16, 2010 09:07PM

The difference between noobs and n00bs:


hxxp://127.0.0.1

&

hxxp://loopback



Edited 1 time(s). Last edit at 02/16/2010 09:07PM by rvdh.

Options: ReplyQuote
Re: NeXpose
Posted by: erwin
Date: August 26, 2010 12:57AM

Hi Guys This is erwin (112.196.130.104).

I am an idiot putting my spam URL in the message body.
=============
(hxxp://sapiencebpo.com) Seo Projects



Edited 1 time(s). Last edit at 08/26/2010 01:36AM by .mario.

Options: ReplyQuote


Sorry, only registered users may post in this forum.