A very good vulnerability scanner.
September 26, 2019

A very good vulnerability scanner.

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Rapid7 Nexpose

I have used Rapid7 Nexpose for performing vulnerability assessment scanning. It is a vulnerability management tool which can perform vulnerability scans and report the vulnerabilities. As a security consultant, I have used this tool to perform scans for our clients.
  • Being a vulnerability scanner tool, its purpose is to scan the systems to find the vulnerabilities. We can define the assets like IP address for the scans and it also allows to either schedule the scan at a preferred time or start the scan immediately. Upon completion of the scan, this tool can result provide the details like host type, OS information, hardware address, along with the vulnerabilities.
  • Rapid7 Nexpose has a list of templates to perform the scan. Once the templates are defined then the scans are performed accordingly.
  • It also contains an option to add credentials/authentication using passwords, usernames, private keys to perform the credential-based scans which I think is a great feature.
  • From my experience of using this tool, sometimes it gives more false positives. A few times I had performed the scan on the same IP address using Qualysguard and Nexpose, but after comparing the scan results I had found that Qualysguard had provided more accurate vulnerability information.
  • It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
  • Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike Qualysguard which just marks the asset as unreachable.
I think Rapid7 Nexpose is a very good vulnerability scanner compared to other vulnerability scanners in the market, although it lacks some accuracy and there is always room for improvement.

Do you think Rapid7 InsightVM delivers good value for the price?


Are you happy with Rapid7 InsightVM's feature set?


Did Rapid7 InsightVM live up to sales and marketing promises?


Did implementation of Rapid7 InsightVM go as expected?

I wasn't involved with the implementation phase

Would you buy Rapid7 InsightVM again?


Being a vulnerability scanning tool, Rapid7 Nexpose is very well suited to perform vulnerability scans and document the scan results. Rapid7 Nexpose is well suited if someone wants to perform the credential/authentication scan for assets like public IP addresses. However, I think it is not appropriate when accurate scan results are required because of the number of false positives it provides.