The Web Local


NeXpose Community Edition


The NeXpose Community Edition is a free vulnerability scanner, a single-user version of Rapid7s' NeXpose Enterprise solution. Powered by the same scan engine the NeXpose Community Edition provides users with:


  • Vulnerability scanning for up to 32 IPs
  • Regular vulnerability updates
  • Accurate scan results
  • Prioritized risk assessment
  • Remediation guidance
  • Metasploit integration
  • Community support at
  • Simple deployment
  • No cost start-up security solution


It is available from here




NeXpose is currently supported on the following OS:


  • MS Windows Server 2003 SP2 / Server 2003 R2
  • Red Hat Enterprise Linux 5

  • Ubuntu 8.04 LTS

  • SUSE Linux Enterprise Server 10


Additional support is available for other flavours of OS, the above are the recommended platforms that it should be utilised on.


Note: - I currently use Fedora Core, this review utilised this platform


Install Pre-requisites:


yum install compat-libstdc++-33

yum install screen


Disable Selinux:


vi /etc/selinux/config


[root@fc12 selinux]# cat config

# disabled - SELinux is fully disabled.





shutdown -r now


Change attributes:


chmod a+x NeXposeSetup-Linux32.bin






Note: - A default installation installs to the /opt/rapid7/nexpose directory


  • Input licence key
  • Change default username of nxadmin to something more secure
  • Apply a strong password


On first use, the following command /opt/rapid7/nexpose/nsc/ initialises and starts the application.  This changes some install directory file permissions, installs a postgres Database and adds a postgres user.  The application then connects to and installs updates from rapid7 server, installs and starts Nexpose web server.


Creating a NeXpose Service Daemon


Alter the /opt/rapid7/nexpose/nsc/nexposeconsole.rc file if any other directory than the default has been selected to install NeXpose to i.e. 





cp /opt/rapid7/nexpose/nsc/nexposeconsole.rc /etc/init.d/nexposed (daemon_name)

chmod +x /etc/init.d/nexposed (make it executable)

chkconfig --add nexposed (add to startup in run levels 3-5)




Ensure the service is started and access the console via the following URL:




The rest is being worked on :-)


IT Security News:



Pen Testing Framework: