PING / SSH Check before performing the scan via Rapid7

kkmahalin · November 15, 2023, 10:58am

Dear Team,

Q1: Would you please let me know is there any way to perform the “Ping & SSH” scan before start performing the scan via Rapid7 to find the device / system vulnerabilities.

Q2:
<<
a. Since, Ping & SSH Scan will be free / won’t cost much.
b. Whereas, if any Host / IP that will go under the Rapid7 security scan will cost.

Also, please confirm me on my above statement, too.

Thanks,
Karthikeyan Mahalingam.

Cyb3r · November 15, 2023, 8:20pm

@kkmahalin

Good question, I’m curious to hear from others as well. I can answer from my own experience that the default scan template, “Full audit without Web Spider” does all of this already. It sends ICMP/ARP “pings” to the host alongside sending TCP/UDP packets to several ports to verify it is live before scanning.

If you build out your site and put in a 192.168.0.1/24 for the assets, that is 254 potential hosts. However, if you select the above scan template (or you can even build your own) it will automatically check if a host is online before scanning. If your scan has a potential of 254 hosts, but only 10 are online and scannable, those 10 would count towards your total asset license usage not the full 254 hosts.

kkmahalin · November 18, 2023, 11:50am

Thanks for this information.

fyki: I’m new to this Rapid7 security scan; in my previous case, I used QualysGuard. Could you kindly expand on this “how-to: perform the Ping / SSH checks via “Full audit without Web Spider”?” please.

Cyb3r · November 18, 2023, 2:17pm

Sure, no problem.

If you log into your InsightVM security console you can navigate to Home and click on “Create Site” or “Scan Now”. From there, as long as your scan template is set to “Full audit without Web Spider”, it will automatically perform the following checks: ICMP, ARP, TCP 22 checks, and much more.

Once you configure your scan with this template, you will not need to do anything. It will probe your assets and only scan if the host is online, thus reducing your license count to only online hosts.

kkmahalin · November 24, 2023, 6:33am

Whether this above “PING/SSH scan template” is the same as “asset discovery” in Rapid7? Are they both performing the same operation? Please, confirm.
PFA: Asset Discovery Image
R7_Asset-Discovery

Cyb3r · November 25, 2023, 11:34pm

Correct, what I described is exactly what is shown in your image. This is what the “full audit without web spider” scan template performs to discover assets before scanning them. It performs all the items in sequence to determine whether a host is online or offline.

Similarly, if you ever wanted to view the configuration of each scan template, you can navigate to Administration > Templates > Click the “” icon next to the scan template to view the different phases.