Is Rapid7 Nexpose Any Good? Why Does It Fail To Function As Advertized?

After a search for Microsoft's MSBA, I discovered it is not officially available for Window 10, or 11. The google search recommended several 3rd party apps to run vulnerability scans of a network. I chose Rapid 7 Nexpose. 

I installed Rapid 7's Nexpose thinking it would help me lock down my network. I have no doubts about the applications ability to find vulnerabilities, but it has to function normally first. 
I first downloaded the 30 day trial and then ran the installation. It errored out and I had to manually delete the app and reinstall it to complete the installation successfully. But hey at least it worked & the installation seemed to be good.
I logged into the application and created the assets to scan. I ran the scans and it did discover many issues to resolve. So far so good.
I did not have time to further populate the assets with credentials and other settings to help return better results, so I closed the app and went about my business. I later wanted to continue configuring the app and run new scans, but could no longer login to the app. 
I have no clue why it would fail authenticating my user credentials, but it currently does fail.  

I will reboot and try again, but so far my impression of this vulnerability scanner is not so good right now. I wish I could at least get the list of vulnerabilities from the first scan, but I wouldn't know how to manually retrieve this information from its "database".


 https://www.rapid7.com/products/nexpose/

I did some online research & discovered my account was locked out. Apparently I entered my password incorrectly 4 times in a row & locked the account. In this case a Global Administrator must login and unlock the user account. The problem is, I never created any global administrator, I thought the account I created during setup was a super user or global admin.
I tried re-installing the app to see if it would fix the problem... I was then left with a setting up database (paraphrasing) at 24% for over an hour. I stopped the service (forced stop) and uninstalled the app. I am now re-installing the app and will see what happens.

I tried to re-install the app 3 more times which failed & always with the following errors below. Personally I am fed up with trying to make this crappy app install. If you cant even get it installed, what's the point? It of course started with being locked out and not having a global admin account... How does that happen anyway? I created one account, I was not prompted to add an account as a global admin... if fact the words Global Administrator were never shown to me & there was no mention that the username and password created was NOT a global administrator. None of this makes sense to me. So my conclusion is, this app is not worth the trouble to deploy and use, It simply does not meet basic requirements for what I'd call "operating normally", or functioning as it should. Rapid7's Nexpose seems like a real POS.

Im going to try OpenVAS, its open source so likely includes a free version.



Exception:

java.io.NotSerializableException: com.rapid7.nexpose.install4j.InstallerLogger
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1184)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1548)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1432)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1178)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:348)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.sendObject(HelperCommunication.java:506)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionWrapper(HelperCommunication.java:376)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.access$200(HelperCommunication.java:33)
at com.install4j.runtime.installer.helper.comm.HelperCommunication$1.run(HelperCommunication.java:99)

OpenVAS was not free and not what I expected, so I went with ManageEngine_Vulnerability_Manager_Plus.
It installed very easily and was up & running very quickly. It is a much more simple to configure and use than Nexpose. I am experienced with such apps so I did setup & run Nexpose, but it did fail to install initially and had a much more complicated interface and no real robust information. The opposite is true of Vulnerability manager, it is user friendly.