Skip to main content
NEXOS CORE drives a Metasploit Framework instance to run authorized security scans against client networks. Pick a target range and a scan profile (or an AI-recommended one), and NEXOS CORE launches the relevant Metasploit auxiliary scanner modules, polls them to completion, and records discovered hosts, open services, and vulnerabilities as findings linked to the client. Scans can run from the Metasploit host directly, or be tunneled through an on-site agent so they originate from inside the client’s own network. Scans live at /security/scans; RPC connection settings at /settings/metasploit.
Only scan networks you are explicitly authorized to test. Record the client’s penetration-test authorization (scope and sign-off) before you run a scan — NEXOS CORE tracks authorization fields, but you are responsible for ensuring authorization is in place.

When to use it

  • Monthly asset inventory and open-port discovery (Basic profile).
  • Recurring vulnerability assessment covering critical CVEs and default creds (Standard profile).
  • Quarterly deep review / compliance reporting (Comprehensive profile).
  • On-demand “Scan Now” of a company’s managed IP ranges from its Security tab.
  • Scanning from inside a segmented/NATed client network — route through an installed agent.

Setup

Configure your Metasploit RPC connection (URL, credentials) under /settings/metasploit; Test verifies it. Everything depends on a reachable, enabled msfrpcd — without it, scans fail immediately with “Metasploit not configured.”

Scan profiles and templates

Three built-in profiles — Basic, Standard, Comprehensive — plus a library of ~50 categorized scan templates (discovery, network, Windows, web, credential, compliance). Each profile expands to a set of modules that run sequentially.

Agent-tunneled scans

Launch a scan “via agent” and NEXOS CORE opens a short-lived, CIDR-scoped SOCKS tunnel through the on-site agent, so the scan originates from inside the client LAN. Targets must be IPv4 addresses or CIDR ranges.

Nexie Red Team wizard

The wizard loads the client’s context — industry, compliance frameworks, asset inventory, agent OS mix, and prior findings — and asks Claude to recommend a tailored scan profile. It recommends; you review and launch.

Good to know

  • Discovered hosts, services, and vulnerabilities become findings and can feed the Sentinel discovered-devices view and the posture dashboard.
  • Agent-routed scans require the SOCKS bind address to be configured correctly for your deployment (msfrpcd typically runs on a separate host).
  • The Red Team wizard requires your tenant’s Claude API key.