NeXpose is Rapid7’s vulnerability scanner that scans networks to identify the devices running on them and performs checks to identify security weaknesses in operating systems and applications. It then analyzes the scan data and processes it for inclusion in various reports.

Rapid7 offers multiple versions of NeXpose, but we’ll use the Community edition because it’s free. If you plan to use NeXpose commercially, see the Rapid7 site (http://www.rapid7.com/vulnerability-scanner.jsp) for information on the various versions and their capabilities and pricing.

Our target for scanning will be a default installation of Windows XP SP2 as configured in Appendix A. We will first perform a basic overt scan of our target and import the ...