NodeZero Host Information
The NodeZero host serves as the operating platform and starting point for Horizon3.ai's autonomous pentesting solution. We highly recommend using Linux, but customers have successfully employed Windows and MacOS with Docker. Position the NodeZero host within the network segment where you want the pentest to begin. Before starting the operation, ensure that the host is running to download and execute NodeZero, and maintain its operation throughout the process. Once the operation is complete, you may shut down or remove the host from the network.
If you prefer a different distribution, please contact the Horizon3 team for compatibility assessment. Although most distributions should run NodeZero smoothly, we have not yet performed checks or validations for all of them.
Host System Recommendations
Minimum Specifications
- 2 CPU (x86-64, physical or virtual)
- 8GB RAM
- 20 GB free HDD space
Operating System
- Ubuntu Linux 18.x, 20.x, or higher (also Debian)
- Redhat Linux 7.x, 8.x, or higher (also CentOS, Fedora)
Network Access
- Various HTTPS (443/tcp) access to AWS services (SQS, Cognito, S3, ECR, etc)
- See Connectivity Requirements for more information
Docker installed
- Most recent version of Docker
- Minimum required version: 20.10
- See Docker installation instructions here
Connectivity Requirements
The Core
service, which serves as the central intelligence for NodeZero, resides in a single-use architecture within the cloud. The NodeZero host needs access to Core via HTTPS on port 443 to facilitate communication. This connection can be likened to a central nervous system, with the brain sending messages to the hands and receiving feedback to analyze and determine the next appropriate action.
From a service perspective, NodeZero must be able to communicate with Core. We currently use AWS SQS, Cognito, and S3 over HTTPS on port 443.
Regarding assessment perspective, it is crucial not to modify your environment. NodeZero is a unique service and tool, and you should not alter your settings for it as you wouldn't for an attacker. For example, if your firewall is set to block the marketing VLAN from accessing the finance VLAN, leave it as is. NodeZero will verify that this configuration is in place.
If your environment connects to the internet via a proxy, this will affect NodeZero's ability to communicate out. Contact us via portal chat to facilitate compatibility.
Outbound Network Access
Uninterrupted network access is required during the entire operation to the following endpoints:
US-Based Operations:
- HTTPS - 443/tcp
api.horizon3ai.com cognito-identity.us-east-2.amazonaws.com cognito-idp.us-east-2.amazonaws.com downloads.horizon3ai.com sqs.us-east-2.amazonaws.com *.docker.com *.docker.io *.ecr.us-east-2.amazonaws.com *.queue.amazonaws.com *.s3.amazonaws.com *.s3.us-east-2.amazonaws.com
- HTTP - 80/tcp
*.interacth3.io
EU-Based Operations:
- HTTPS - 443/tcp
api.horizon3ai.eu cognito-identity.eu-central-1.amazonaws.com cognito-idp.eu-central-1.amazonaws.com downloads.horizon3ai.com sqs.eu-central-1.amazonaws.com *.docker.com *.docker.io *.ecr.eu-central-1.amazonaws.com *.queue.amazonaws.com *.s3.amazonaws.com *.s3.eu-central-1.amazonaws.com
- HTTP - 80/tcp
*.interacth3.eu
Note: HTTP use
No sensitive information of any kind is transmitted over this channel
Inbound Network Access
The following ports should be opened on the NodeZero host/VM to allow traffic in:
- TCP 21, 23, 25, 53, 80, 88, 110, 135, 139, 143, 389, 443, 445, 587, 1433, 3389, 8080
- UDP 69
This is required on the NodeZero host and does not pertain to perimeter firewalls.