Nmap Service Detection for Nexpose and InsightVM Scan Engines
As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to existing detection methods to improve the discovery of previously unsupported protocols and services.
You can enable this Nmap capability on the Service Discovery tab of your scan template configuration within the product.
Note: This setting is not yet enabled by default.
How can it be enabled?
You can enable this Nmap capability on the Service Discovery tab of your scan template configuration within the Nexpose product.
What can be expected with this change?
With this feature, the Scan Engine will now make use of additional probes within Nmap to detect unsupported protocols and services. This will enable the Scan Engine to use the matches provided from nmap, giving the scan engine 804 new matches when enabled.
These matches coming from Nmap will provide the Scan Engine with new services detected and assist in detecting currently supported services.
In addition to discovering new services and protocols, it will also aid the Scan Engine in detecting services and protocols. This means where the Scan Engine failed to detect, it can now use the results that Nmap has found to uplift any <unknown>
found.
Before Enabling Nmap service detection:
After Enabling Nmap in service detection:
As you can see in the image above, the Scan Engine used the results from Nmap to detect the HTTP protocol and Apache HTTPD running, which allowed vulnerability checks to trigger. To learn more about Nmap service detection, please refer to these Nmap documents. If there are any issues with the feature, please reach out to support for assistance.
What can I do to tweak the performance of my Scan Engine?
There are a few tweaks that can be made that affect the performance of this feature. First is increasing the “Maximum scan processes simultaneously used on each asset.” This can be found on the General tab of your scan template configuration.
Second is adjusting the number of “Simultaneous connection requests.” This can be found on the Discovery Performance tab of your scan template configuration.
Note: Leaving both the Minimum and Maximum to 0 will allow Nmap to self tune (Nmap – Timing and Performance).