2023.05
Pentest Scheduling in the Portal!
You can now schedule future pentests and a series of pentests in the Portal, enabling you to configure less and pentest more!
Prerequisites for scheduling an internal pentest:
- NodeZero Host
- H3-CLI (built into OVA)
- API key for H3-CLI to communicate with our API. Users can choose an API Key Role of
NodeZero Runner
,Readonly
, orUser
.- Note that the
NodeZero Runner
role has limited permissions and can only run pentests, not query for data via the API.
- Note that the
- For detailed instructions on scheduling an External Pentest, Targeted Pentests, and managing Scheduled Pentests, refer to the scheduling page.
Features / Enhancements
- Added VirtualHost support for Kubernetes modules.
- Real-Time View (RTV) for External Pentests now includes status updates for injected credential(s) (i.e., Received and Confirmed). See Injecting Credentials - Horizon3.ai Docs for details.
- Enabled Real-Time View (RTV) data for External Asset Discovery Operations.
- Added a new tab on the Asset Group page that displays a table of all operations run for that asset group, allowing users to navigate to the operations summary page or the RTV if the operation is running.
- Renamed the existing Domains and IPs tabs to "Authorized Domains" and "Authorized IPs."
- Added a new SSO button for Microsoft/Azure authentication for social sign-in.
- Refreshed the login screen design with new icons and a larger background image.
- Data detail updated with:
- New fields (Resources, Permissions, Cloud Provider, Cloud Service Name).
- Refined related tabs and added weakness name to the related weakness tab.
- Host detail updated with:
- Created a new layout to match other detail pages.
- Added new fields (
Host Names, OS, Subnet, HW, Device, Cloud Provider, Cloud Svc,
andRegion
). - Action Log moved to the bottom in a standalone pane.
- Added new Credentialed Access tab and improved other tabs.
Attack Content
- Additional Kubernetes content
- Added ability to spray External Domain names to discover Virtually Hosted Applications. This feature is OFF by default but can be enabled in the Attack Configuration step of Run a Pentest.
- Note: Only subdomains tied to the user input domains will be used and considered in scope and will increase the length of an operation due to the spraying.
- Added NodeZero check for the IMDS (IMDSv1 or IMDSv2) and harvest of IAM role credentials if present, allowing users to "inject" an AWS Role. See Documentation for more information.
- Added ability to refresh AWS keys. If AWS temporary credentials are close to expiring or expired, NodeZero will recapture them. Note: only the
AWS Exec SSM
module and theAWS Assume Roles
module are currently supported. - Added exploits for new weaknesses
Bugfixes
- Added additional logging for PetitPotam modules.
- Fixed username parsing issue caused by malformed passwords with special characters in the
shlex()
Python module. - Resolved an issue where SSH private key modules were silently erroring due to a Type error.
- Disabled Network Mapper (Nmap) scanning of common printer ports for service scanning.