Skip to content

Run an Internal Pentest

NodeZero can assess all of your environments, from the attack surface of your hybrid cloud to your on-premise network infrastructure, helping you continuously find and fix your internal and external attack vectors before criminals exploit them. Follow these steps to run a pentest within your network.

How to Run an Internal Pentest

1. Navigate to Pentests to Run an Internal Pentest

Once you've established a NodeZero Host that meets to requirements, navigate to Pentests to start a pentest.


2. Click + Run a Pentest

Click + Run a Pentest to open the Pentest Configuration and select Internal Pentest


3. Configure the Internal Pentest

3.1 Name the Internal Pentest

Name the Internal Pentest and select a pentest template.

Determine and follow a naming convention to allow you to quickly find a pentest from your pentest list.

An example: [date]|[library]|[NodeZero Src]|[scope]

2021-09-01|NodeZero|East-Coast-Bizops|Full: This indicates that the NodeZero host was placed in the East Coast Bizops network and the scope was the entire enterprise.

3.2 Select a Scope

The pentest scope is the set of IPs and/or subnets (in CIDR notation) within which you want to run the pentest. The larger the scope, the better results you will get. This is not a “vulnerability scanner” that has a narrow focus. NodeZero assesses your environment and uses any data it finds, and the context around it, to identify and exploit your vulnerabilities, misconfigurations, and poor cybersecurity hygiene.

If you are unclear on CIDR notation, here is a reference and a calculator app to assist you:

If your environment uses and the subnet mask is, then you’ll add the following to the Include section:

For properly segmented environments, use comma-separated CIDR notation. For example:,,

If you are running NodeZero in a more complex environment, set the scope to cover as many subnets as possible. You should ask your Network Administrator for a list of CIDR annotated subnets.

The Exclude section stops NodeZero from scanning or exploiting a set of IPs or subnets. The IPs within this section may be discovered by NodeZero via various techniques within the pentest, but NodeZero will not touch them. They may show up in the Out of Scope list within the pentest results. Note that this parameter also requires CIDR notation.

When satisfied with your scope, click Next.


3.3 Add Open-Source Intelligence

Optionally add Domains, Company Names, Weak Password Terms, or Git and AWS Accounts


3.4 Advanced Configuration Options

Select the types of services and vulnerabilities NodeZero will attempt to enumerate and exploit. Click Next


3.5 Additional Pentest Options

Add a minimum or maximum amount of time to allow some attacks to have more time

Then, click Review.


3.6 Review the Internal Pentest Configuration

Once satisfied with your pentest selections, check the box to indicate you've reviewed all advanced configuration settings. Then click Run Pentest, which launches the internal pentest.


4. Deploy NodeZero

While the pentest is provisioning, its companion one-time-use software module, NodeZero, is made ready for deployment on your NodeZero Host.


Copy the Launch Script and paste it into the shell of your NodeZero Host.

This script will validate the Docker installation, download the most up-to-date NodeZero Docker image, and begin the pentest. In the Portal, you will see the status of the pentest transition from Ready to Running.

Click Go to Real-Time View to open the Real-Time View, from where you can Inject Credentials and monitor pentest progress, or click Copy Script and Close to copy the script and return to the Pentest Page.


You've started an Internal Pentest

NodeZero sends an email once the Internal Pentest completes.


NodeZero can also run pentests from an authenticated perspective. Go to the Real-Time View and Inject Credentials to see the impact an attacker would have by leveraging compromised credentials!