- Print
- DarkLight
The platform is composed of several modules(external, cloud, internal) which contain collections of sentries. A sentry holds information about the company being scanned and can be used to initiate a vulnerability scan, view exploits & cves, export reports, and much more.
As shown in the image above clicking on the "Sentries" tab in the left side menu brings you to the sentries page.
By default you are brought to the external scanning module which is responsible for scanning a companies external network often called attack surface analysis. The external network is defined as anything connected to the internet such as your companies domains. This module takes a black box approach and only requires a set of domain names, IP addresses, or CIDR ranges. Additional assets will automatically be discovered to uncover shadow IT.
The cloud module scans your cloud environments(AWS,Azure,GCP) for vulnerabilities and misconfigurations. Since this is scanning the inside of a companies cloud environment the platform requires a set of credentials to perform the scan.
Last the internal module scans your internal network and active directory environments for exploits and vulnerabilities. This module also takes a black box approach but requires a single agent to be installed on the companies internal network. The agent will automatically scan and discover additional assets based on the CIDR address provided by the user. In addition to supplying a CIDR range or IP address to be scanned you can provide a set of active directory credentials(normal user) to scan that environment.
These modules are designed to automate as much of the penetration testing process as possible and lay somewhere in between a vulnerability scanner and automated pentesting platform. More information about each module can be found in the external, internal, cloud folders.