Skip to content


Pentest Scheduling in the Portal!

You can now schedule future pentests and a series of pentests in the Portal, enabling you to configure less and pentest more!

Prerequisites for scheduling an internal pentest:

  • NodeZero Host
  • H3-CLI (built into OVA)
  • API key for H3-CLI to communicate with our API. Users can choose an API Key Role of NodeZero Runner, Readonly, or User.
    • Note that the NodeZero Runner role has limited permissions and can only run pentests, not query for data via the API.
  • For detailed instructions on scheduling an External Pentest, Targeted Pentests, and managing Scheduled Pentests, refer to the scheduling page.

Features / Enhancements

  • Added VirtualHost support for Kubernetes modules.
  • Real-Time View (RTV) for External Pentests now includes status updates for injected credential(s) (i.e., Received and Confirmed). See Injecting Credentials - Docs for details.
  • Enabled Real-Time View (RTV) data for External Asset Discovery Operations.
  • Added a new tab on the Asset Group page that displays a table of all operations run for that asset group, allowing users to navigate to the operations summary page or the RTV if the operation is running.
  • Renamed the existing Domains and IPs tabs to "Authorized Domains" and "Authorized IPs."
  • Added a new SSO button for Microsoft/Azure authentication for social sign-in.
  • Refreshed the login screen design with new icons and a larger background image.
  • Data detail updated with:
    • New fields (Resources, Permissions, Cloud Provider, Cloud Service Name).
    • Refined related tabs and added weakness name to the related weakness tab.
  • Host detail updated with:
    • Created a new layout to match other detail pages.
    • Added new fields (Host Names, OS, Subnet, HW, Device, Cloud Provider, Cloud Svc, and Region).
    • Action Log moved to the bottom in a standalone pane.
    • Added new Credentialed Access tab and improved other tabs.

Attack Content

  • Additional Kubernetes content
  • Added ability to spray External Domain names to discover Virtually Hosted Applications. This feature is OFF by default but can be enabled in the Attack Configuration step of Run a Pentest.
  • Note: Only subdomains tied to the user input domains will be used and considered in scope and will increase the length of an operation due to the spraying.
  • Added NodeZero check for the IMDS (IMDSv1 or IMDSv2) and harvest of IAM role credentials if present, allowing users to "inject" an AWS Role. See Documentation for more information.
  • Added ability to refresh AWS keys. If AWS temporary credentials are close to expiring or expired, NodeZero will recapture them. Note: only the AWS Exec SSM module and the AWS Assume Roles module are currently supported.
  • Added exploits for new weaknesses


  • Added additional logging for PetitPotam modules.
  • Fixed username parsing issue caused by malformed passwords with special characters in the shlex() Python module.
  • Resolved an issue where SSH private key modules were silently erroring due to a Type error.
  • Disabled Network Mapper (Nmap) scanning of common printer ports for service scanning.