Penetrator Vulnerability Scanner Questions FAQ

Do  you have a question about the Penetrator Vulnerability Scanner?

If your question is not featured please mail us or you can always Live Chat us.

Please see the full list of questions in the right side menu.

The questions covers questions of technical, installation, and sales nature.

If you need help to choose the right Penetrator version you can find help as well.

Find more questions in the right side menu. 

Which Image size to use in Penetrator Reporting?

The image must be Width: 432 pixels, Height: 131 pixels, or any other pair with the same ratio. The font is automatically reduced when the line to display is too long and won't fit the page width.

 

SCADA Question

Starting with the easy part, it is a 1 time scan once the deployment has been completed.

QUESTION: does the AI/ML requires a recurring scan over the same network?

In any case, as you have mentioned, it will be interesting for us to have your consultancy services in order to produce a more consistent report.

 

Thanks for the document provided with the scan profiles outline. However, Profile 10 only mentions SCADA ICS PLC, so I am not sure if this is applicable for our WAN Gateways.

QUESTION: how does this profile apply to IoT networks if it refers only to SCADA?

 

The demanded solution has are many different components. There are mainly different systems to be deployed under one big project/RFQ: public digital signage points, public WiFi hotspot, BLE beacons, environmental sensors, public web portal ...

 

All the systems will require an on-premise management software installed in a virtual machine. So we will have management machines with public and local interfaces. I will try to represent it:

 

-------- ----------------------- ------        ------------       ---------- ------------- ---------- ----------

|        |                       |      |       | -------- |      |          | ---------- |          |          |

|        |  WiFi Controller      |      |       | |        | |      |          | |          ||Layer 2   |          |

|  <------>  Manager    <-------------------------------------------------->Access   ||(WiFi)   <-> Clients |

|        |  Radius Server        |      |       | |        | |      |          | | Points   ||          |          |

|        |                       |      |       | |        | |      |Private IP| ---------- |          |          |

|        |-----------------------|Public|       | |Mobile  | |      |(from     ------------- ---------- ----------

|  LAN   |                       |IP    |       | |3G/4G   | |      |carrier)  | ---------- |          |          |

|   <-----> Sensors Management <-------------------------------------------------->WAN  ||Layer 2  <-> Sensors |

|        |                       |      |       | |        | |      |          | | Gateways ||(WAN) |          |

|        |                       |      |       | |        | |      |          | ---------- |          |          |

|        |-----------------------|      |       | -------- |      ---------- ------------- ---------- ----------

|        |   Web portal          |      |       |  Internet  |                                          |          |

|   <----->                    <-------------------------------------------------------------------------> Clients |

|        |                       |      |       |            |                                          |          |

-------- ----------------------- ------         ------------                                           ----------

 

 

We could target servers (LAN and public sides), but we do not know how to proceed with field elements as Access Points and WAN Gateways, as the will be inside the 3G/4G carriers network.

Also, we can conduct some kind of WiFi pentesting (QUESTION: you have a product for WiFi, isn't it?) but we do not have a clue how to pentest WAN Layer 2.

 

So, let me know how you think we could approach this project. It is not specified that you must pentest "all" the elements in "all" interface, so let us know what it makes sense to propose.

 

Reply:

QUESTION: does the AI/ML requires a recurring scan over the same network?
Answer: It does not necessarily require a recurring scan, but the precision of false positive detection grows as the number of scans grows too.
A more consistent report can be achieved with a human analyses, and we will be apply to provide you with our consultancy service.

QUESTION: how does this profile apply to IoT networks if it refers only to SCADA?
Answer: This profile is especially designed for SCADA systems, distributed systems for monitoring and supervising physical systems, but is also applicable to IOT, where the monitoring system is built in the physical (monitored) system.


QUESTION: you have a product for WiFi, isn't it?
We have a product for pentesting WiFi networks via the WiFi Pen testing module.

 

 

 

 

IoT Scanning

Moving out the central servers, these RFQs include the deployment of IoT infrastructure, an WAN (more specifically WAN) network of sensors.

a) Would the Scada/IoT profile apply for this scenario?

b) Do you have some information about this IoT profile we could include in the quotation?

c) Could it be run against the IP side of the WAN gateway? Or it is only applicable for network servers?

d) Would you recommend any solution for a layer 2 WAN pentest?



a: Yes it is a good choice and the best scan as well
b: yes c: Can you give example of setup so we can check
d: I have to check on this maybe if you have diagram of their setup?

 

OWASP TOP 10 Question

Regarding a generic pentest for servers and central software,           

a) would you recommend the "OWASP Top 10" profile?

b) Does the "Full scan" includes this OWASP profile and also add extra tests?

c) In other words, are there significant differences between OWASP and a full scan?



a: Yes it is good profile or just use the Best Scan it can check for more things
b: Yes same as best scan. The difference is it do 65k ports where best scan do the 2-3000 most popular ports
c: Full scan will scan for more things so it is recommended or best scan

 

Just want to ask is there an options in the Secpoint that you can exclude some services or port?

Yeah
It is very easy
When you do a scan you click advanced setup
and then you just add the port you want to scan example 443, 80
then it ONLY scan 443 and 80

 

What is a format string vulnerability
Most common command in C is printf. Example when loading a value such as int value %d.
How can something that just prints text be exploited.
Example char *string so example printing %x %x %x %x this can be used when reversing C
printf can read whatever it find on the stack memory leak vulnerability. You can leak all sorts of memory from the stack.
It can leak stack addresses which can be used in buffer overflows.
Bugs like heartbeat was leak of memory. If something comes from %n writes amount of charters in a variable. Whatever value on the stack can be used for printf to print.
Using %x to %n can allow for code execution.

 

What is GPU Password Recovery Word Lists , as per below screenshot

It means large wordlists they are also included in Penetrator interface but some prefer to download wordlists as standalone files.

 

Can we setup SecPoint on AWS/Azure or private cloud, if yes then explain how.

If no then what could be the possible reason or challenge. The Penetrator Images are available in VMware Player, VMware ESXi, MS Hyper-V, Linux G4l. You can easy convert to other forms from those Images.

 

What are the System requirements, is it as per the IP Slabs?

The Penetrator is optimized for high performance. So you can run on low spec i5, 4 gb ram and increase specs for higher scanning.

 

Which ports needs to be enabled if doing VAPT remotely, from my office to customers office in other location?

No specific ports required to be open.

If you do Node scanning with the Penetrator some ports can be required to open this will be shown in the interface.

 

Does SecPoint supports IOT devices, like Smart TV's, Smart home appliances, etc.?

Yes, Via best scan profile, full scan profile, SCADA Iot Profiles.

 

While scanning Local IP's, what if system restarted?

Penetrator will restart scans if restarted.

 

While scanning website vulnerabilities, what if system restarted, Will the scanning interrupted?

If Penetrator is restarted it will restart scans, If target system is scanning is restarted Penetrator scan will just continue when the system responds again. If the target takes too long to restart or respond Penetrator scan might time out.

 

While scanning website, what if VM internet gets disconnected, Will the scanning interrupted? 

Scan will timeout you can just rescan then.  If you Pause the VM and you resume it later then it will continue from where it was paused.

 

How to do Node Scanning on the Penetrator?

With Node scanning the IP license is coming from the Main unit only.

So as an example Customer buy a 16 IP Penetrator Virtual Software.
And he install 4 Nodes.
Then it allows him to scan local net from the all the 4 nodes but maximum 16 IPs in total concurrently.
So if he scans
20 IPs on the main unit
20 IPs on each of the 4 Units it will 100 Scans it queue in total.
It will still process 16 at a time.
So they can install all the nodes they want using the main unit license on each node.
 

 

How can I change Penetrator IP Address from console?

From console menu

Menu point 14-15

SecPoint Penetrator Console Menu

 

I want ask does OWASP do harmful attack to the target?

No harmful done in OWASP profile.
Harmful is if only enable DoS and Exploits checks for any profile or use the Aggressive profile which
have those 2 checks enabled by default.
Every other profile have by default disabled DoS and Aggressive checks.
Once the checks are enabled there will also come a red warning.
 

 

How to control the AI on the Penetrator?

If AI processing is off, learning is not performed, because learning is done "during AI processing", as it says in the Info on the right.

If AI processing is on and Learning is off, every new processing is done as if it was the first time

 

 

How to get mail notification when a scan has finished

When doing a new scan in advanced setup you can put in the email address:

and in system smart host relay you can configure outgoing mail sending

Penetrator Emails

How does it compare to free version?

Benefits compared with free version.

1: No or very limited support.
2: No easy update process, in the Penetrator you can just press 1 button to update firmware no reboot even required.
3: Constant new features coming to the Penetrator. It is now 44.1.9 and soon coming v46.

In the free version it can be very limited when new features are coming since there is no paid incentive.
4: New feature request from customer requests being implemented in the Penetrator.
5: You do not know with the free version if it collect data or live up to regulations such as GDPR maybe free tool collect info for people behind it that use it.

 

VMware player v15 does not connect to internet

Ok can you set Bridged mode.
Then after login to the software and click the network menu
Then select DHCP and click OK.
This way it will get on DHCP to get a new IP address.
See if it got online that way?

 

Penetrator License Question

For the full edition vulnerability scanning kit it shows IP license. what is the license for the scanner, or the network to scan?

If use by a consultant, would i be able to scan multiple networks, one at at time, or only the one network. unless i have a higher IP license?

It means only concurrent scans.
So if you have a 1 IP license you can still scan 256 IPs it will just do 1 at a time and queue the rest.
When it finish 1 it will do the next.
If you have a 8 IP license it will do 8 at a time.

You are allowed to change the IP and do all the scans you like.

 

How can I scan a vulnerable web test environment?

You can load up

Damn Vulnerable Web Application

Damn Vulnerable

 

Penetrator Report Languages

Which Report Languages are supported on The Penetrator? Danish Dutch Greek English Spanish Croatian Italian Korean Dutch Norwegian Portuguese Russian Turkish Thai

How many report languages can be set on the Penetrator?

More will keep getting added in new firmware updates

    Danish
    Dutch
    Greek
    English
    Spanish
    Croatian
    Italian
    Korean
    Dutch
    Norwegian
    Portuguese
    Russian
    Turkish
    Thai

 

How to start a new vulnerability scan - How to make a scan?

That is just the entry field. They must press Add (the button with the green )

Penetrator Start Scan

 

 

How can i reduce disk size of Virtual Penetrator?

You can reduce the size if you need by using the console tool

Penetrator Console

 

Penetrator Offline update?

I have a technical questions about "offline update" without directly connecting to Internet,
Is possible? 

Only update via connect to internet, but you dont have to be online to operate the Penetrator
So you can put it on laptop
Go on the Internet 1 time week to update and then just use it for offline mode in other time.

 

How much faster can quick scan be compared to normal scan?

An example group can be like in this screenshot.

This is an example with 5 IPs in each group scan.

Normal group scan took 07:27:48 (7 hours, 27 minutes, 48 seconds)

Quick group scan took 03:56:21 (3 hours, 56 minutes, 21 seconds)

 

Error importing OVF

We get the errors

OVF Package Error following manifest file entry is invalid. SHA256

We have successfully fixed the issue regarding the lower version of ovf 5.5 esxi no longer supports SHA256 hence we downgrade to SHA1 which helped ovf function properly.

Penetrator OVF

 

Penetrator Cant Update

We have an issue with our Secpoint Penetrator virtual machine.

We don’t know when the issue occurred exactly

 I looks like the networking is kind a broken or something.

Within the web interface the right IP address is configured. We can connect to the internal IP address of the Penetrator website, but the machine cannot connect to the internet.

In the console of the VM, the network icon shows a red cross.

What can be wrong?

I can ping the IP from another PC successfully.

Solution:

You can close the ticket.

I found some strange stuff in our corporate firewall that blocked the connections.

Penetrator Resolution

Resolution problem that the resolution makes the browser to small and menu not shown.

It can be caused by the size of the browser window is too narrow. Put it at full screen to solve the issue or login directly to the IP address from a secondary machine

 

Penetrator AI Machine Learning

Do the Penetrator support Advanced AI and Machine Learning?

The Penetratort uses Advanced AI and ML in different areas including:

False positive vulnerability scan system to prevent high percentage of false positives to be found.

System Status where it can predict and prevent based on data future system problems.

 

Can Penetrator work behind a proxy?

On Protector: No proxy support because Protector send mail or make web filtering, and even act as a network bridge which is not possible under a proxy.
On Penetrator: vulnerability assessment can not be done behind a proxy that lets only filter 1 or 2 port.

 

Which tool must I use to put the G4L image on a usb drive?

You download Ghost4Linux and put it on a bootable USB flash drive with

https://sourceforge.net/projects/win32diskimager/

 

Vulnerability "DNS Localhost 127.0.0.1

We would like to understand how do you come to the vulnerability "DNS Localhost 127.0.0.1 Vulnerability" for scanning specific IPs? Example:

Does it mean that our provider has the vulnerability or resolving localhost. to 127.0.0.1? Which DNS resolver reports this ? I checked a few and some of the resolve it and some not.
 
The error doesn't point to the scanned ip  but to the provider, right?
 

Yes it must not resolve to 127.0.0.1 it can be used in some attacks.

here example resolve to IP

host localhost.secpoint.com
localhost.secpoint.com has address 207.182.143.131

 

Penetrator Scanning Profile

Suggestion regarding when and what profile scanning we need to choose

When scanning a Server/Desktop and URL. 
 
Because BEST SCAN has all the scanning either for Server/Desktop or URL. 

Reply:

You need best scan profile for things not specified in the other profiles.
So in the case of Server/Desktop then it best the best scan profile.

 

How can I exclude IP addresses when scanning a C Class?

First, add the cidr. Then add the single IP. It will recognize that the IP is included in the CIDR and will mark it as excluded

Exclude IP vulnerability sscan

 

Can the Penetrator discover the memcached vulnerability?

Yes.

You can simple run a normal scan or specify only to scan TCP & UDP port 11211.

 

My IP Address has been blocked from login on the Penetrator

The IP is banned if:

- there are no valid logins from the same IP AND

- there are at least 5 wrong login attempts from the same IP AND

- the most recent login attempt is less than 5 days ago

So, when this happens it's necessary to wait 5 days to be able to login again. The console (127.0.0.1) is not subject to this check.

 

When i try login for putty to the appliance this show me the attached image

Please press ALT F6 or Please press ALT F7

Penetrator Boot Stuck

 

How to easily see IP address history of vulnerabilities?

You only need to select 1 IP, then it will show you up to the most recent 36 scans. Then you can click on one of the scans and it will give you the status of each vulnerability.

Penetrator Stats

 

How can I access the system console in the Penetrator?

Type console to get the menu.

Penetrator Console

 

G4L boots up I can type but nothing happens

Booting g4l i can type but nothing happens. 

Solution:
1: ok boot g4l
2: press tab at boot menu so you can type parameters

3: Make sure it has: live-getty console=ttyS0,115200n81 run="agetty -L 115200 ttyS0 &"

 

Internet question when scanning

One of the questions I asked was if this program needed the internet or not in order to use it. I'm just starting out with the software, but its looking like the internet is needed to use this program

It is not required to have Internet to run the program.

 

How does the Penetrator store data? 

Does all the vulnerability scan logs are save locally on the Penetrator device? How large it consumes HDD space?

Correct everything is stored locally and you can also export all scan data In Vulnerability Menu > Download Reports
You can see free HDD space in System > System Logs

 

How much data will a scan consume?


What is the process name on the target machine while the scanning is on progress? Some end user may ask about it. Or how much resources it consumes during a scan process.

It is designed to consume minimal amount of resources when doing a scan.
It will only sent necessary data based on services detected.

Vulnerability scan improvements

Domain Names visible on screen and reports The Penetrator allows to enter a domain name instead of an IP address when creating a scan. Starting with this firmware the domain names are visible throughout the whole scan process. This feature has been created for scans, scan templates, on scans created from a template and on the Scan Distribution page. The domain name will also be visible on the reports.

Detection of IP addresses

When a scan is created through a domain name, the corresponding IP address is automatically detected at the moment of the scan. When the scan is created from a template, schedule or repeated from a previous scan, the IP address is now detected immediately before launching the scan, not when the template or schedule are created. This behavior allows to detect the correct target from the corresponding hostname when the target’s IP address is assigned through a DHCP server, and is subject to change over time.

Repeated Scans

Two new features are available on the Repeated scans. It is possible to alter the scan parameters, for example when it’s necessary to alter the scan profile or the port numbers of a previous scan leaving all the other parameters unchanged. The second feature is the possibility to repeat a previous scan on the nodes that were offline on the previous scan. To do this, click on the red button Repeat Scan on the scan row.

 

Operating System Name

Operating System Name

The operating system of the target node is now displayed on the report. The operating system is detected through a set of algorithms, and may not always be 100% accurate. The operating system is shown in a separate chapter of the report.

Operating System Scan

 

Google Authenticator 2FA Penetrator

Penetrator 2FA

The Google Authenticator is an implementation of the Two Factor Authentication (2FA). 2FA is a means of making account logins more secure. In addition to username and password, it requires a Time-based One-time code that can only be generated by the legitimate owner by means of a hardware device.

This feature is available through menu System > 2FA Login Protection   To enable this option, you should first download the Google Authenticator app on your iOS or Android smartphone.   When the app is installed, you should initialize it by scanning the QR code displayed in the 2FA Login Protection page. After that, the Google Authenticator app will start generating numbers.

When the app is installed, you should initialize it by scanning the QR code displayed in the 2FA Login Protection page. After that, the Google Authenticator app will start generating numbers.

     The QR code is unique to your Penetrator, therefore you can only use it to login to your Penetrator unit.

 

      This step is necessary to enable the 2FA, since it cannot be enabled if the code generator is not in your hands or hasn’t been correctly initialized.

To proceed, you need to do the Code Verification: type the

number displayed on your smartphone in the entry field on this page. If you see the green check mark next to the code, it means that the code has been accepted.       If the Code Verification is unsuccessful or hasn’t been performed, the Google Authenticator option remains disabled and a warning message will invite you to complete it. At the end, the Google Authenticator login option can be enabled.        When you want to disable the Google Authentication, you need to do the Code Verification as well. When the option is enabled, the Penetrator login page requires an additional field, the Google Authenticator Code, that can be read on your smartphone. If you omit this code or if the code incorrect, the login is denied.

When this option is enabled, to access the SecPoint® Penetrator you will always need to have your smartphone with you. In case of access problems, you should contact the SecPoint® Support.

 

New User Interface Penetrator

Starting with this firmware, a new User Interface is gradually replacing the previous one. Along with this, most of the existing functions are subject to rewriting, to comply with the new interface and for more robustness. Here are the main features of the new interface:  New layout with different colors: Top banner, tables menu and widgets in different shades of gray  Responsive design, for a better experience on classic and touchscreen devices  A larger window is available for displaying data  New left-side menu, usable on touchscreen devices  New User menu on the top banner

New widget for on-off switches    Collapsible right-side panel with overall status always visible on the page. The available states are OK, Information, Warning, Error. Ø  Flashing icons to emphasize issues     Ø  Data tables with paging, filtering and sorting  Multiple selection and actions on multiple items at once

abs to display multiple pages at once  The new user interface is currently available on the following menu items:-          Vulnerability Scanner > Download Reports-          Cloud Users > User Management-          Scan Distribution

 

 

User has no scans left

I am trying to run a new vulnerability scan with our device but it says "You can't make any more scans."
I'm logged in as admin
under "User Statistics" it says: Total scans left 0
any idea how to fix this?

Solution:

If you see the picture, the user has zero scans left. You can change this restriction in the user management, parameter Scan limit.

 

Penetrator cant sent mails

My Penetrator cant sent mails.

You need to put in your ISP relay server.

This can be done here

System > Smart Host Relay

 

Question about Penetrator Distribution License

A customer has a very interesting question 

1)      Let say I got a Penetrator with a 1 IP license online in a Cloud VM

2)      I got a SFF Penetrator appliance 8 IP in a remote network behind a NAT router

3)      Let say I got the master/slave Penetrator working ( we still got it NOT working)

4)      When I create a scan on the “cloud” penetrator to the slave Penetrator Can I start a scan of 8 devices on remote SFF from the Master 1 IP cloud Penetrator?

Reply:

The license type creates a funnel that defines the way the Penetrator starts scans. In the case of a master-slave architecture, the two funnels do not combine, so that the master and the client Penetrators will launch scans depending on their own license only. In your case, the client Penetrator will receive the command to launch the scan of one or more IPs even if the master is already processing another IP. So, you may create a scan of 9 IPs and let the master process one and the client the remaining 8, that would be launched simultaneously.
If the master-client is not working, please upgrade to the latest firmware on both units and retry. If it shouldn't still work, please open the remote support.

 

Penetrator Performance Impact 

May we know if their is an performance impact to the device if secpoint penetrator is in the process of scanning the vulnerabilities on that device?

It is designed to cause minimal impact and not interrupt with production systems.
So even if you scan a production enviornment during business hours the customers should not see any difference.
Often with poorly written opensource tools if using during production hours can end in target systems to crash.
We have designed our tools to not crash the target system or lower performance.
You can via the more agressive scan profiles still perform DoS and exploits

If their is no impact, what scanning technologies that secpoint do to avoid performance issue during scanning?
It is good written code that takes into account not to crash things.
Only if you choose the agressive profile it will try and crash the target system.
It is also designed to not sent data if it has not detected a service.
So it keeps minimize the data footprint on the network in each scan.

 

50 IPs for Penetrator?

For SecPoint Penetrator number of IP’s, I will be preparing quotation for 50 IPs for 1URack, but in provided pricelist there is no exact number for 50 IPs ?

It goes in format as 8,16,32,64 etc.
So in the case they need the 64 IP 1U rack.

 

What is the difference between Portable Penetrator full edition and Penetrator S9

Portable Penetrator Full Edition and Penetrator S8 is the same.

The only difference is that Portable Penetrator comes in a Light version that is WiFi Pen Testing only.

 

How about the new profile scanning the SCADA?

How it works and what is it main purpose?

SCADA is typically industry or hardware control systems.

It can be Traffic light, Swimming pool system to regulate chlorine in the water, Factory machine, Heating system.

All systems if being hacked or compromised can cause harm.


So if they hack a swimming pool and increase chlorine it can kill or make people sick in there if they don't find out.


Or if it is machine factory where they disable cooling system so it can break.


All industry systems have very poor security because it is not designed to be accessible by hackers only by factory workers or engineers.

So with the SCADA module we can scan large amount of SCADA systems different vendors such as:


SCADA (Supervisory Control and Data Acquisition)

ICS (Industrial Control Systems)

PLC (Programmable Login Controllers)

Niagara / Foxboro / Moxza / Emerson

GE General Electrics / Hitachi

Mitsubishi / Panasonic / Rockwell

Fisher / IEEE / Schneider / Beckhoff

OSIsoft / OMRON / OPC / ABB

Iconic / SNC / Sielco / Telvent

RUGGEDCOM / Danfoss / Modbus

Phoenix / Siemens / Tridium

 

Our scans seems to get stuck after 1 day

The last scan was running 4 days.

We ran a couple of test scans but they stop progressing after 1 day.

Follow up:

We did a scan on a diffrent website hosting.

I checked in our fortigate hardware and the secpoint ip was being blocked several times.

I made an exclusion for it and am running the scan again.

The fortigate was indeed the problem.

Scans are now completing.

 

Schedule options on Penetrator

A new feature in the schedule options allows to plan the launch of a vulnerability scan with more accuracy. Through this option it’s possible to specify the date and time when a scan must be launched and optionally the number of days to wait before the scan should be launched again.

Schedule scans are available through menu Schedule.

 

When you are creating or modifying a schedule, the list of frequencies contains the new option “On Date”, where you can enter the date and time when the scan will first be launched.

If the scan should be repeated, enter the number of days between the first scan and the next one in the entry field on column Repeated. In this example, the scan will be first launched on Friday, August 10th 2018 and repeated every 2 weeks, on Fridays, at the same time: August 24nd, September 7th etc.

 

With option “On Date” it’s also possible to launch a scan later in the same day.

 

Please take into account that a 1-time schedule scan will not be deleted when the scan has been completed, and it will remain in the list of scheduled scans even if won’t be launched again.

In this picture scan “Old schedule” has been performed on January 1st 2018 and will not be repeated. If no more necessary, a schedule can be deleted. If you need to schedule it again in the future, you can edit the schedule and change the start date/time.

 

2FA Recovery Code Penetrator

In order to avoid any valid user to remain locked out of the door of the Penetrator when the code generator is unavailable, a Recovery Code is now available.

This code is displayed on screen in the 2FA page (Menu System > 2FA Login Protection) and is only visible when the 2FA feature is enabled.

This code must be copied and stored in a safe place and only used in case of emergency to disable the 2FA feature.

 

The 2FA feature can be disabled by logging in to the Penetrator’s command line, and opening the Recovery Console. Here, option 16 will ask to type the recovery code and, if the code is valid, will disable the 2FA feature. The recovery code is unique to each Penetrator, therefore it can only be used to unlock the unit where it was generate

 

CVSS Scoring System

When a vulnerability found on a specific target can be referred to a code in the CVE database operated by the Mitre Corporation, the Penetrator will automatically find the corresponding CVSS score for both V2 and V3 versions of CVSS.

The CVSS score will then be displayed on screen and on the reports whenever a CVE code is available.

 

The CVSS score is available on screen in the detail of vulnerabilities: when you click on a snapshot icon , the list of the vulnerabilities for a scan is displayed.

Here, clicking on the name of a vulnerability, the Penetrator shows the page with the details:

The same information is also available on the reports.

 

Please take into account that the reports available on the home page have been created at the end of each scan. Therefore, to get the CVSS score, it’s necessary to generate new report: click on Make New Reports in the floating menu in column Options next to each scan.

The CVSS scores are updated frequently, and the Penetrator keeps its database up to date accordingly. The Penetrator automatically updates the CVSS scores every night between Midnight and 1 AM. This process is necessary and may require some time if it’s not performed frequently.

CVSS Penetrator

 

Just want to clarify how does the Secpoint Penetrator able to detect a malware on the system? 

What is the approach and what engine it uses to detect malwares?

Yes if it comes in via the Network.
The customer still need a malware scanner on the PC to protect from USB disks.

What is the approach and what engine it uses to detect malwares?

Only if they open services/ports.
Penetrator scan over network
If something on hdd you need antivirus to scan locally.
But most antivirus is not effective.

So you need use our Protector UTM Firewall with Intrusion Prevention module to block malware before it even gets to the hdd.

 

Penetrator Report can show CVSS?

Yes after firmware version 43.0.3 or newer.

 

Authenticated scans

There can be a risk with authenticated for any data loss..

The customer must be aware if he use this function and it login to an interface while query for sql injection, command execution, xss etc there is a big risk of data loss.
If using it then he must have backup 100% of everything or testing offline a system.

 

How can I access the serial port on Linux?

Please use putty or simple use:

screen /dev/ttyUSB0 115200

 

Is there a demo online?

Yes please fill out the Free Vulnerability Scan here.

 

Does it impact the network much when scans are run?


No it is specially designed not to impact the network while scanning.
 
The Penetrator has 9 profiles to choose from.
 
From very safe to more aggressive to use on pre production servers.
 

What is the cost?

What is the cost breakdown for IP's?

Please see our Webstore or contact Sales for a local Reseller.

 

Is the software updated regularly?
Several times daily for new database definitions
and for general software new features about every month

 

Do you have a video demo?
Please see our channel on Vimeo
 
 
 
What are software requirements for software ran product
There are 2 ways:
 
if you have VMware ESXi server or Microsoft Hyper-V server you can deploy the virtual Image
 
if you just have a Windows 10 Laptop with 8 gig ram, quad core CPU you can install VMware Workstation and load it up there

 

Where do the scan come from?

How does the software act like it is coming from outside our network?

The most correct setup would be if you use a Cloud Scan of all your public IPs, and then have the software or appliance internally to scan all IPs inside.
 
 
If you are scanning at your site behind the firewall you wont be able to scan your public IPs and get a fully correct picture of the vulnerabilities because you will still be coming from the inside
where if you scan from our server in the cloud.
 
 
Where can I download VMware Player Workstation for Linux?

You can download the latest VMware Player Workstation for Linux and Windows here

https://filehippo.com/download_vmware-workstation-player/

 

What then means the following item: Maximum IP Reporting in interface?

Please explain the Product Matrix Maximum IP Reporting in interface? 

It means the power capacity of the SQL database how many reports it can store per account.

 

How to renew a unit in VIP lounge?

The link becomes automatically on the home page when the license is about to expire.
Otherwise you can go to menu Units - List of all units, then click on the license to renew, then click Renew in the right side.

 

How we can get and install offline signature updates?

You can do it by downloading the updates to a second unit and use that for local update point.
 
On the local Penetrator you can then set the update point for the second unit so it will update locally only.

 

Do the Penetrator work as a Black box?

As I understood the Penetrator working in Black box mode only. Is it right? 

You can submit credentials when performing the scan and run a more white box scan.

As default it can work also as a Black box mode scanning without being provided any information

 

I forgot the Penetrator IP address how can I find it?

Please login to the console and it will show it.

You can also see it in the LCD of an appliance.

Penetrator IP Address

 

Report content review

The content of all the reports has been reviewed and improved, for a better organization of the information and a better readability. The main changes are-        Executive Summary: Completely reorganized; the scan information has been grouped to a table, a new Overall Security Level graph has been added, Online and Offline nodes are shown in smaller lists, bar and pie charts have been renovated.-        Vulnerability bar and pie charts have been moved to chapter Summary of Vulnerabilities -        More readable tables, with alternate colors. In the list of vulnerabilities, a new 4-color gauge shows the risk level of each vulnerability.-        Better tables for the detail of vulnerabilities; the Vulnerability Output is displayed with a monospace font, as in a code listing.

 

Penetrator Report Mail

Using the penetrator send report by email function doesn't work. Is this a bug or configuration issue? 

Please make sure the correct configuration is set in the interface.

 

Forgot IP how to set a new?

Right now , the Customer forget IP/address and cant connect to the Internet  , how can we fix it?

Remark : connected VGA to secpoint accessing   only  

you login with admin user
console
and there you can set IP menu 15

 

Vulnerability Scanning Profiles

When i log in I see what are now available profiles, and when I choose one there is a description that „pops up“ but I cannot select and copy that text, can you please send to me that description for all 10 profiles?

Please click here to see more information about Scanning Profiles.

 

WiFi Penetration Testing?

Does your penetrator appliance also include wifi penetration (the feature in portable penetrator) ?

Yes all features are included in the appliance.

 

Appliance Size

Small factor and 1U , carry all same features except number of ip ... correct ?

yes small form factor is more limited on power
since it is small
1u rack is more powerful real server appliance
 
power means ? speed ?
 
cpu power/ram/ssd speed
 
 
How to change Company name and logo?

I wanted to know if it's possible for me to change the company name and logo in my penetrator appliance software.

You can already change logo name in reports and front logo in the System menu.

 

Penetrator G4L Image

 My g4l says no Ethernet device found. The g4l machine is connected to win 7 machine by a hub which has ftp server and penetrator ISO file. Pls help. Also there is an option to restore from local drive. Can I use that instead?

 

yes try that as well it might be new feature they added.
Then just put ISO on a local usb drive and connect that.

 

 

Hi how much should be the minimum hard disk size for penetrator. It works restoring the penetrator ISO from g4l locally, but it's still at 99.90 percent 

250 gig minimum if you used the samsung image.
Sometimes it is stuck at 99.90 it should be fine since it is just the bios bootsector it cant write fully.
If you reboot it will still boot up fine.

 

Internet connection required for appliance?

Just one more question. I recently bought penetrator appliance. I will power up it today , so does it require any internet connection for any kind of license activation or it can be setup without any internet for first time   ?

When you buy an appliance it is already activated.
You just need internet once in a while to pull latest databases.
Otherwise it is not required.
In System menu you can even set to Offline mode.

 

How can I download 64 Bit Penetrator ISO ?

Please contact our support team [email protected] to get the URL to download the Penetrator ISO.

 

Question about Licensing on the Penetrator

I have a question regarding licensing. I understand that if I buy, for example, a single IP license then there is technically no limit how many IPs I can scan but I can only scan a single IP at a time. Does that mean that if I want to scan more, I have to wait for the previous scan to finish and manually initiate the next scan? Or is there any way to schedule more IPs to be scanned automatically (not concurrently but in succession without user intervention)?

Correct.
Even with 1 IP you can put in 1000 IPs and it will do queue and do 1 at a time.
If you have a 4 IP it will do 4 IPs at a time.
So it is like a car with the horse power you pay for.

Also, is there an average scan duration per IP? Or does it vary a lot depending on the type of host?

It is made intelligent to be as fast as possible.

Example let say you put in a /24 class
and only 30 Ips are online reposnding then the other IPs that are not running will be shown as offline so it wont scan those.
And if you scan an IP without a web server it wont launch web attacks.
But if you scan another IP with Web Server, Ftp Server, Mail server
it launch those checks.

It can be in general anywhere from 10 min per scan to a few hours depending on how much it finds.

You can also do report branding so if you offer it as a service to your customer you can add your company logo in the reports.

 

I need to know the requirements (CPU, RAM, Disk...) for 128 IPs Virtual Penetrator.

For 128 IPs Virtual Penetrator is minimum recommended 4 Gb Ram, I5 CPU 2 or more cores.

 

Can you tell me please if those features listed below are supported by Secpoint Penetrator

- Attack by brute force (FTP, HTTP, MS SQL, MySQL, Oracle, POP3, RDP, SMTP, SNMP, SSH, Telnet, VNC),

Yes in brute force menu.

- Vulnerability detection for web applications (HTTP Response splitting)

Yes

- Vulnerability Scanning and Identification for Infrastructure Platforms (Active Directory, IIS…)

Yes

- Send reports automatically via network share.

It sends via email or interface.

Please share the methodology used for the penetration testing

Please see more about the scanning methodology here:

Click for Penetrator Methodology.

 

Can the Penetrator only scan Public IPs?

The Penetrator Software or Appliance can scan any IP Address it has access to.

So if you deploy it in your internal network you can scan internal IP addresses as well

 

Scanning firewalled targets

If the target IPs are protected by a firewall and only a few ports are open, they might appear offline. How can I force scan it?

You can use any of the currently 9 profiles when scanning and click on the Force Scan Tag.

Then it will force a scan even if the target appears to be offline.

 

Report Sender

The repport that are being mailed have a sender addres nobody@localhost. Can you tell me where to make that adjustment?

I use a Penetrator for security scans:

The rapports that are being mailed have a sender addres nobody@localhost. Can you tell me where to make that adjustment?

It is in System > Scan notification sender

 

How can I boot via the Serial Port?

If you boot a DVD or USB media you need to add parameter:

live-getty console=ttyS0,115200n81 run="agetty -L 115200 ttyS0 &"

Then you need to connect the Console port to USB on your laptop and use Putty to connect example to COM7 with port speed 115200

 

If you need to access the linux it self you need to follow 3 steps:

In lilo.conf add

1:

Append="console=ttyS0, 115200"

Keep existing parameters in the Append line it might already have.

And type lilo -v

 

2:

in /etc/inittab

Uncomment the line

s1:12345:respawn:/sbin/agetty -L ttyS0 115200 vt100

 

3:

In /etc/securetty

uncomment

ttyS0

Reboot

 

G4L

 

 

Scan safety dynamic IP

How to scan if a user has a dynanic IP address, or say they are too small to have a fixed IP?

How do customers handle scanning them multiple times?

On the basis that their Ip may change even during a scan, does the penetrator support dynamic DNS somehow?

 

Most easy is if they put in the entire c class
example 192.168.1.0/24

and one day you have 10 systems active
next day 20
next day 18

Then it will report on all found.
 

It's possible that client computers change their IP, but it's more likely that the dhcp server assigns them the same IP as the day before, depending on the lease time defined on the dhcp server. Whenever possible the hostname should be used instead of the IP address, however it's more frequent that customers want to scan server machines, which are usually configured with static IPs or are always on, rather than clients.

In any case, yes, it's possible that a scanned machine changes its IP address and the day after it cannot be recognized any more.

 

Cloud Scanning Penetrator

Is it possible to deploy SecPoint Penetrator appliance or virtual appliance over the cloud?

Can we do a cloud as a ‘Scan-on-Demand’ model and scan individual customers?

Yes you can do it already with the multiple users Cloud menu option in the software.

You just put it online and start create users on it.


So example you can put it as penetrator.yourdomain.com

And then for each of your customers you create different login in the Cloud menu.

In this case everything run from your appliance and all data is in your country.

If you like the Cloud to run from our server https://penetrator.secpoint.com
We also sell cloud subscription to that.

 

Penetrator Linux Image

Please could you grant me the access to the download link of "Protector RAW Linux ISO Image?

Please create a ticket with your unit ID to to get the download link.

 

Penetrator Scan Distribution

How can Distribution Master / Client Penetrator Mode benefit me?

The benefit with Master / Client Distribution setup is that you can scan multiple locations with central control and update point.

So example you have 5 offices across the country.

You are in the head office and want to scan the networks from the other office locations.

You can then scan the remote locations and get all the data centralized to the main unit.

 

Do the Penetrator Support Multiple User login?

Yes

You can create multiple users on the Penetrator with different access.

How can cloud user benefit me?

So let say they have 3 administrators.

The main manager create 1 account for each.

So example administrator 1 has responsibility for 192.168.1.0/24

another for 10.10.10.0/24 then each can their own permission and own account only with their task.

It can also be you have your own Penetrator as a partner.

And you offer monthly cloud scanning to your customers.

 

What OS scanning does it support?

The Penetrator can scan any system, Workstation, Server, Firewall, network embedded device, Linux, Microsoft, Tablets, Smartphones and or OS Operating System that is accessible to the Penetrator on a public or local IP address.

When it scans an IP address it will determine the services and OS type of checks to launch.

So for example if you scan a Linux OS host and it can be determined to be a Linux OS it wont launch Windows Checks.

For more details about the scanning checks please see Schematics datasheet:

>

 

How can I clear off tickets from previous scans?

You can click goto the ticket in ticket menu.

Then you change the Status as show in screenshot:

There you can mark closed by user.

Or you can simple run a new scan if the vulnerability has been fixed.

If the Penetrator dont detect it again it can close the ticket automatically.

 

Please see Ticket Setup page to enabled automatic closing.

How to share scans between users on the Penetrator?

For me it would be great in future release that a scan-report by default is available for all users and can optional be made private. Or visa-versa.

ATM my colleges all log into the Penetrator under my name. Because if they log in to a own name, they do not see the scan results of the scans made in my space.
I can understand that (some) scans should be private, but most I would like to be available to all users on the Penetrator. 

It can be shared with this button

Share Scans Penetrator

 

Penetrator VM Activation

I have already activated my license in the VM will installing on hardware and activating it screw up my VM activation?

Only 1 ID can run at a time so if you use Linux ISO just power off the virtual.
Or you can get another license for that.
You can mail Sales team [email protected] for a special offer on buying a second license.

 

Penetrator Ticket System

Do the Penetrator Vulnerability Scanner come with a ticket system?

Yes it comes with a full featured ticket system to easily follow up the status.

 

Currently using the 32-bit version. How do I set the time to Eastern US?

Please click System > Date & Time

 

How to find NTP service

I would like to perform a scan which detects if NTP is (udp/123) is exposed.

Yes the Penetrator can detect open UDP ports.

You need to choose the correct profile for it.

You can use the normal or full scan profiles.

 

Do backups include all the scans on the Penetrator?

Yes, the scan results are backed up.

To reduce backup size the PDF reports are not backed up.

However they can easily be restored by clicking the report generation icons on the new unit.

 

Do we have to turn off IDS in the firewalls when Scanning?

To scan a remote computer protected by a firewall with IDS/IPS it's necessary to turn off IDS/IPS to the Penetrators IP address, otherwise the attack may not reach the target machine and potential vulnerabilities may not be discovered.

You can easily whitelist IPs in most IDS/IPS systems.

 

I cant click any icons on the desktop

Please press CTRL ALT BACKSPACE to reset the GUI.

 

Problem sending mails from Penetrator

I tried multiple servers.

1: our webhosting server. With authentication.

2: our relay server. Open relay for our IP.

3: our local Exchange server. Open relay for the pentest server.

All are not working.

The page does tell me that the test message has been sent, however, I haven’t received anything yet.

QUESTION:

Do you see anything in log from penetrator IP?
Can you in terminal

tail -f /var/log/maillog

and see output paste it here

REPLY:

Thanks, that solved the issue. Found that the spamfilter was blocking the test messages. Just received it.

 

Would like to do pen testing on network at least yearly

Be able to run reports etc.

We have devices internal and external.

Yes no problem please mail to [email protected] to get a quote.

 

WAS Solution

I am looking for a solution as an appliance and cloud for vulnerabilities analysis and WAS

Yes

We offer both the Penetrator Appliance that can do vulnerability scanning and analysis.

We also offer the Cloud Penetrator scanning from the Cloud as a WAS Web Application Service.

If you need help to choose the correct solution please do not hesitate to contact us via live chat.

 

VAPT Solution

We are looking for a VAPT solution and considering Secpoint Penetrator


The VAPT will be conducted, on the following equipment: servers,VOIP, network/security devices and VAPT external
The Security Assessment Report/ VAPT report should comprise amongst others:
a. Management Summary with overall severity graph. Yes Penetrator Supports.
b. Detailed results for vulnerabilities discovered, exploited vulnerabilities
and proof of concepts/screenshots. Yes Penetrator Supports.
c. Detailed explanations of the implications of findings, business impacts,
and risks for each of the identified exposures. Yes Penetrator Supports.
d. Remediation recommendations to close the deficiencies identified. Yes Penetrator Supports.
e. Detailed steps (wherever/whenever applicable) to be followed while
mitigating the reported deficiencies. Security issues that pose an
imminent threat to the system are to be reported immediately. Yes Penetrator Supports.
f. Vulnerabilities Report would be delivered in a protected Adobe Acrobat
(PDF) document format. Yes Penetrator Supports.
 
 
For more information please visit https://www.secpoint.com/penetrator.html
Penetrator is available in 3 variants:
A) Hardware Appliance.
B) Virtual Software Edition compatible with VMware ESXi, Player, Workstation, Microsoft Hyper-V, Linux ISO.
C) Cloud Web Scanner version.

 

Are there impact to devices when scanning?


With software you can never give a 100% guarantee but we only use the safe profiles.
 
So there should be no impact.
 

How long does it take to scan and IP? In general?
It is made intelligent so example if you scan a C class 255 IPs typically many of those do not really run anything or have everything blocked incoming, the it can determine this and finish scans fast example in 10-20 mins
 
Then if you have a server with multiple services, web , mail, SQL, AD, then it can take few hours depending what it finds.
 
So it will not launch checks for a service if it did not identify the service first.
 

How can I change reporting language

Yes in System > Report Branding menu.

 

Can I customize reporting in the Penetrator? 

Yes

You can customize several points such as:

Watermark

Logo

Website Link

Customer Name

Language

 

Do the Penetrator check for SSL vulnerabilities?


Yes the Penetrator, Cloud Penetrator and Portable Penetrator has fully loaded many SSL techniques.
It also checks for the more popular vulnerabilities including:

    Heartbleed (CVE-2014-0160)
    CCS (CVE-2014-0224)
    Ticketbleed (CVE-2016-9244)
    Secure Renegotiation (CVE-2009-3555)
    Secure Client-Initiated Renegotiation
    LOGJAM (CVE-2015-4000)
    BEAST (CVE-2011-3389)
    LUCKY13 (CVE-2013-0169)
    RC4 (CVE-2013-2566, CVE-2015-2808)
    CRIME, TLS (CVE-2012-4929)
    BREACH (CVE-2013-3587)
    POODLE, SSL (CVE-2014-3566)
    TLS_FALLBACK_SCSV (RFC 7507)
    SWEET32 (CVE-2016-2183, CVE-2016-6329)
    FREAK (CVE-2015-0204)
    DROWN (CVE-2016-0800, CVE-2016-0703)
 

Penetrator Questions


    Architecture
    - How is the vulnerability management solution delivered?

Cloud version, Software Virtual or hardware 1U RACK

    - Do I have to run an agent on all my networked devices?

No agent needed.

    - Does the product require me to run a database?

No it has SQL database in the software already.

    - Does your product offer SaaS for vulnerability management?

Yes. Cloud Penetrator and user interface available in all versions.

    
    Scalability / Ease of Use
    - Is your vulnerability management solution can scale?

Yes just upgrade license.

    - How does the vulnerability management solution scale to handle my network size?

Yes just upgrade license.

    - What level of support comes with the solution?

24 hour, ticket system,remote login.

    - Does the support include training?

We have product certification at 199$ per person.

    
    Accuracy / Performance
    - How accurate is the vulnerability management solution?

Second Gen Advanced AI for most accurate results with machine learning.

    - Where does the vulnerability management solution get its intelligence about vulnerabilities?

Whitehat and blackhat sources.

    - Can my scan policies automatically include new vulnerability signatures?

Yes

    - How does the vulnerability management solution display vulnerabilities?

In interface and in reporting.

    
    Discovery / Mapping

    - Is discovery / mapping a component of the solution?

Yes

    - Does the solution make it easy to identify all devices on my network?

Yes very easy

    - Can the system discover “rogue” devices?

Yes

    
    Scanning
    - Do I have to manually launch each scan? or is it fully automated?

Fully automatic with schedule option or range scan

    - Does the solution support external and internal scans?

Yes scan public and local ips no limit.

    - Is the solution able to speed up the scanning speed?

Yes depending on scan profile chosen.
Quickscan profile for very fast and firewall profile for slower stealth scan.

    
    Policy Compliance
    - Does the vulnerability management solution integrate policy compliance?

SANS TOP 10, HIPAA and others.

    - Does the solution segregate assets for compliance?

Please specify

    - What policies and controls does the solution support?

Full control you can edit scan advanced option

    
How to scan for soon to expire SSL certs? 

Please use the Normal,Full or Web scanning profile on the Penetrator.

 

How to scan for missing DMARC value for a domain?

You can easily use the Penetrator Normal, Full or web scan profile.

 

How can I scan for missing SPF value?

You can use the Normal or Web profile in the Penetrator.

 

Scanning a Switch

We have a question regarding the scanning with SecPoint Penetrator. our client scan their switch but one of they result is this please see below.

Likely the target switch has ssl vulnerabilities and must be upgraded to the latest version or firewalled off.

SSL Beast Vulnerability Switch

 

Is it possible to see the results of multiple penetrator scans?

At this moment we do scans on regular base. After the scan we repair the vulnerabilities and at the next scan we check for the old vulnerabilities to see if they are gone.

Is there a way to get an overview of the vulnerabilities from multiple scans? I have added an example of the Excel file we work with at this moment/

Try to play around the Statistics pages. There you can have:
- analysis of the difference between the most recent 2 scans on the same target
- analysis of the difference between any scan and the previous one on the same target
- historical trend of vulnerabilities on the same target
- history of a vulnerability on a target (when was found, when was fixed...)
- complete list of vulns on a target, with current state and when has been seen the last time

 

Which Harddrive is the Linux ISO Optimized for?

It is optimized for the Samsung 850 200 gig hdd which is used in the appliances.

You can use another disk no issue just need be bigger than 200 gig.