Skip to content

Start an External Pentest

1. Navigate to Pentests to Run an External Pentest

Once an Asset Group contains the assets authorized for pentesting, you may navigate to the Pentests page to start an external pentest.

Screenshot

2. Click + Run a Pentest

Click + Run a Pentest to open the Pentest Configuration, select Infrastructure Attack Surface, then click External Pentest

Screenshot

Screenshot

Screenshot

3. Configure the External Pentest

3.1 Set a Scope for the External Pentest

Name the External Pentest, select a pentest template, and select an Asset Group with authorized assets.

Getting the IP before starting pentest should be selected if the IP needs to be whitelisted before running the test.

Due to this being an external pentest, an IP from outside the permeter network will be used to attack the network. Some users will need to whitelist this IP prior to starting the test to simulate a breach. NodeZero will email the IP to the email of the user that kicks off the test, where the user will need to add this IP to their Allowlist. After adding the IP,resume the test from the Real-Time View

Screenshot

3.2 Advanced Configuration Options

Select the types of services and vulnerabilities NodeZero will attempt to enumerate and exploit. Expand each category to see the options within that category. When you're done, scroll to the next section.

Screenshot

3.3 Additional Pentest Options

Optionally, set a minimum or maximum amount of time to allow some attacks to have more time, or limit their overall run time.

Screenshot

3.4 Review the External Pentest Configuration

Once satisfied with your pentest selections, scroll to the bottom of the page and check the box to indicate you represent and have the legal authority to conduct Horizon3.ai's External Penetration Testing on the list of authorized assets. Then click Run Pentest.

Screenshot

Getting NodeZero IP

Screenshot

Running the External Pentest

Screenshot

NodeZero can also run pentests from an authenticated perspective. Go to the Real-Time View and Inject Credentials to see the impact an attacker would have by leveraging compromised credentials!

You've started an External Pentest

NodeZero sends an email once the External Pentest completes.