Skip to content

NodeZero® Host Virtual Machine (OVA/VHD)

The NodeZero Host virtual appliance is a small virtual machine based on a pre-configured Ubuntu 24.04 installation. It’s designed to execute NodeZero pentests and bundles tools that facilitate pentest execution, as well as debug and maintenance.

Downloads

Tip

Always verify the files download come from Horizon3.

VMWare/Virtualbox importable OVA

Download SHA256

Windows Hyper-V importable VHD

Download SHA256

Specifications

The NodeZero host virtual machine comes pre-configured to use these resources:

  • 2 x CPUs
  • 8GB of RAM
  • 128GB of disk (Minimum Required: 40GB)
  • Bridged network adapter

Outbound traffic

If your environment restricts access to external sites through an outbound proxy or similar mechanism, please make sure that it allows connections to the following sites:

Port/Protocol Endpoints Purpose
HTTPS - 443/TCP *.ubuntu.com
*.canonical.com
downloads.horizon3ai.com
github.com (optional for h3-cli updates)		 API access, authentication, storage, updates, and container registry

OVA Setup

After downloading the NodeZero OVA, follow these steps to set it up and configure your environment.

Specifications

The NodeZero host virtual machine comes pre-configured to use these resources:

  • 2 x CPUs
  • 8GB of RAM
  • 128GB of disk (Minimum Required: 40GB)
  • Bridged network adapter

Installation

Installing the virtual machine is as simple as importing the OVA file into your virtualization environment. Below, we provide step-by-step instructions for deploying NodeZero using vSphere, VirtualBox™ or Hyper-V™.

Choose your virtualization environment and follow the view step-by-step instructions:

Deploying NodeZero on VMWare™ vSphere

The vSphere client is one of VMWare’s virtual environment management solutions. You can find more information on the client itself in VMWare’s documentation.

Note

The following steps are for vSphere client version 7.0.3.00500.

After downloading and verifying the most recent NodeZero-####.ova file, follow these steps to import and launch the NodeZero host virtual machine.

  1. Log into your VMware™ vSphere client.
  2. Open the Actions menu and select Deploy OVF Template.
  3. Choose Local File, then click Upload Files and select the downloaded OVA file.
  4. (Optional) Rename the VM and select a deployment location. Click Next.
  5. Select compute resources for the VM. Click Next.
  6. Verify the import settings and ensure the signature is from Horizon3.ai. Click Next.
  7. Choose the storage destination for the VM. Click Next.
  8. Select the network for the VM. Click Next.
  9. Review all selections, then click Finish to start deployment.
  10. Once deployment completes, select the VM from the list and click Power On to launch it.


Deploying NodeZero on VirtualBox™

Oracle's VirtualBox™ is a powerful open-source virtualization solution for running multiple operating systems on a single physical machine. You can find more information in VirtualBox™ documentation.

After downloading and verifying the most recent NodeZero-####.ova file, follow these steps to import and launch the NodeZero host virtual machine.

  1. Open VirtualBox™.
  2. Click on Tools, then Import.
  3. Enter the location of the OVA file. Click Continue.
  4. Click Import, and wait for it to complete.
  5. Make sure the network is set to use a bridged network adapter.
  6. Select the newly imported NodeZero virtual machine from the list on the left.
  7. Click Settings, then Network.
  8. Confirm that Attached to is set to Bridged Adapter.
  9. Confirm that Name is set to the name of the adapter connected to your internal network.
  10. Click OK.
  11. Select the NodeZero virtual machine from the list on the left.
  12. Launch the VM by clicking Start.


Deploying NodeZero on Windows Hyper-V™

Hyper-V™ is Window's native virtualization platform for creating and managing virtual machines on Windows systems. You can find more information in Hyper-V™ documentation.

After downloading and verifying the most recent NodeZero-####.vhd file, follow these steps to import and launch the NodeZero host virtual machine.

  1. Open and enable Hyper-V™.
  2. Ensure both Management Tools and Platform are enabled.
  3. Create a New Virtual Machine in Hyper-V™ Manager by going to Action > New > Virtual Machine....
  4. Enter a name for the virtual machine in the New Virtual Machine Wizard.
  5. Select Generation 1 as the virtual machine type.
  6. To allocate memory, set Startup Memory to at least 8192 MB (8GB).
  7. Dynamic memory can be enabled or disabled based on your environment.
  8. To configure the network, select a production network with a valid IP (DHCP or Static).

Hyper-V™'s default switch will NOT work!

  1. To attach the Virtual Hard Disk (VHD), choose Use an existing virtual hard disk. Then browse to the NodeZero-xxx.vhd file you downloaded.
  2. Review and confirm all configurations, then click Finish.
  3. Start the VM
    • In Hyper-V™ Manager, select the new VM and click Connect.
    • In the VM window, click Start to initialize the NodeZero host.

Accessing your OVA host

VMware™ vSphere

Once the NodeZero host is powered on, you can connect using either the Web Console or Remote Console from the vSphere client interface.

VirtualBox™ / Hyper-V™

After starting the VM, a display window will appear, showing the operating system loading screen.

1. First-Time Login & Password Update

Regardless of the platform, once the OS has fully loaded, you will see a login screen similar to this:

Terminal screen with the prompt, nodezero login.

When launching the NodeZero Host for the first time, SSH password access is disabled until the initial login is completed and the default password is updated.

Initial Login Credentials

Use the following credentials to log in:

  • Username: nodezero
  • Password: nodezero

2. Password Update Process

Upon successful login, you will see the following prompt:

You are required to change your password immediately (administrator enforced)
Changing password for nodezero.

Current password:
  1. Enter the current password (nodezero) and press Enter.
  2. When prompted for the New password:, enter a secure password and press Enter.
  3. Confirm by entering the same password when prompted to Retype new password: and press Enter.

Terminal Initial login and password change

3. Select Region

Once the password has been successfully changed, the region the host needs to connect to will need to be selected.

Terminal Region select: 1 for US, 2 for EU

After providing which region the NodeZero host will connect to, log out and back into the system for the change to take effect. Upon logging in a splash screen will display:

  • eth0

  • list of runner services that are active

  • status of connections to Horizon3.ai endpoints

At this point SSH has been enabled on the host and it may be accessed using an SSH client. Below are screenshots of the login screen when nothing is configured on the host and when the host is fully setup.

Terminal login with no eth0, no runners and no connection, ssh is enabled

Figure 1 - Screenshot of the OVA login when there is no network or runners

Terminal login with eth0 set, 1 runner and connections to horizon3.ai endpoints are successful

Figure 2 - Screenshot of the OVA login when a network is setup and runner is added to the host.

4. SSH Access

To connect over SSH with Linux or MacOS, run the command below, replacing <IP_ADDRESS> with the one shown in the login screen after eth0.

ssh nodezero@<IP_ADDRESS>

If using Windows, a client like PuTTY will be needed to connect. Fill out the Host Name (or IP Address) field with the address shown in the login screen.

Additional Setup Options

The n0 utility helps with configuring the host with a static ip, using a proxy, downloading the latest CLI, and setting timezones as well as running the checkenv script

Running a NodeZero Pentest

  1. Log into the Horizon3 web portal
  2. Create a new pentest providing the relevant setup information.
  3. Copy and paste the curl command from the portal into the shell of a NodeZero host.
  4. The pentest starts executing like the in the screenshot below.

Beginning output when executing pentest curl script

Automating NodeZero

NodeZero supports automating the running of itself through the use of the h3-cli and setting up a runner on the host. This can be done by following the steps for setting up a runner