NeXpose XML - A Rant

Submitted by alla on Thu, 01/05/2012 - 22:34

As promised here I am working on XSLT for Rapid7 NeXpose XML reports.

There is one great big problem though. "NeXpose Simple XML" format (which is the only XML format available, at least in community edition) contains almost no vulnerability information.

That is:

* It does not contain a human readable vulnerability name, only an id, like "FTP-GENERIC-0007"
* It does not contain a description of a vulnerability
* It does not contain severity or risk rating (high/medium/low or anything along those lines)
* It does not contain any information specific to the particular instance of vulnerability. By this I mean something similar to Nessus plugin output - data that shows some evidence of the vulnerability
* It does not contain impact, recommendations, or any human readable text whatsoever

In fact, with regards to vulnerabilities, it only contains an internal test identifier, like "FTP-GENERIC-0007", and references to CVE, BugTraq, OSVDB and so on.

This makes it pretty useless from report generation point of view. At most, the data from it can be used for port scan results.

I wonder what NeXpose though this XML will be used for? I (probably naively) assumed that XML data a tool generates is for interoperability with third-party tools. Like, you can take the data, feed it to another tool and do something useful with it. What kind of use NeXpose XML may be put to, I have no idea.

By the way, I also failed to find any description of the NeXpose XML format. Not that it is unusual :(

Update: I got XML samples for NeXpose full XML format (only available in commercial versions of NeXpose) and for Metasploit from Rapid7. We'll support all three (simple NeXpose XML, full NeXpose XML, Metasploit XML) in MagicTree 1.1, which is coming out real soon now.


+32 (0) 2 215 53 58

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
VAT: BE 0821.897.133.