Create an Asset Group

1. Navigate to External Assets

To run an external pentest, first create an Asset Group. The Asset Group is used to scope the external pentest.

The External Assets link is in top level navigation of the UI.

2. Click Create Asset Group

On External Assets, click + Asset Group to open the asset group configuration.

Asset Group button comes after the External Assets heading.

3. Configure the Asset Group

3.1 Set a Scope for the Asset Group

Name the Asset Group and provide company assets as domains, IP addresses, or a combination of domains and IP Addresses. A maximum of 700 domains can be added to the configuration. IP addresses need to be Public IPs only with a maximum input of 3000 entries and formatted using IP/CIDR notation. Please specify a network segment of /20 or smaller (e.g., /22, /23, /24). Both domains and IP addresses should be comma separated. Click Next.

Create Asset Group form (1st step): Name And Assets fields.

3.2 Optionally, add your Git and AWS Accounts

Listing Git and AWS accounts allows NodeZero to confirm ownership of these accounts and perform a more thorough enumeration of assets.

To add a Git Account, select +Add Account, select a Git provider, and add the account name.
To add an AWS Account, type the 12-digit AWS Account ID in the box listed below.

Once satisfied with the accounts, Click Next.

Create Asset Group form (2nd step): Git Accounts button and AWS Accounts input field.

3.3 Attack Configuration Options

Add company name(s) that NodeZero will use for Open Source INTelligence (OSINT) gathering tools and techniques to harvest company information.
Enable brute force on subdomains to authorize NodeZero to search for well-known subdomains that may not surface through OSINT discovery.

Once satisfied with the configuration options, click Create Asset Group.

Create Asset Group form (3rd step): Company Names input field and Brute Force checkbox.