Create an Asset Group
1. Navigate to External Assets
To run an external pentest, first create an Asset Group. The Asset Group is used to scope the external pentest.
2. Click Create Asset Group
On External Assets, click + Asset Group to open the asset group configuration.
3. Configure the Asset Group
3.1 Set a Scope for the Asset Group
Name the Asset Group and provide company assets as domains, IP addresses, or a combination of domains and IP Addresses. A maximum of 700 domains can be added to the configuration. IP addresses need to be Public IPs only with a maximum input of 3000 entries and formatted using IP/CIDR notation. Please specify a network segment of /20 or smaller (e.g., /22, /23, /24). Both domains and IP addresses should be comma separated. Click Next.
3.2 Optionally, add your Git and AWS Accounts
Listing Git and AWS accounts allows NodeZero to confirm ownership of these accounts and perform a more thorough enumeration of assets.
- To add a Git Account, select +Add Account, select a Git provider, and add the account name.
- To add an AWS Account, type the 12-digit AWS Account ID in the box listed below.
Once satisfied with the accounts, Click Next.
3.3 Attack Configuration Options
- Add company name(s) that NodeZero will use for Open Source INTelligence (OSINT) gathering tools and techniques to harvest company information.
- Enable brute force on subdomains to authorize NodeZero to search for well-known subdomains that may not surface through OSINT discovery.
Once satisfied with the configuration options, click Create Asset Group.
