Introduction
  • 12 Jul 2022
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

Introduction

  • Dark
    Light

Article summary

The external scanner is responsible for analyzing a companies external network. This process is often called attack surface analysis. The external scanner is agent-less and takes a black box when testing. This means after gathering the initial seed data(domains,IPs, CIDRs) from the user the platform will automatically discovery additional assets/shadow IT and check for security vulnerabilities. The process is 100% automated and is designed to mimic the action of hackers.

As shown in the image above users only have to supply the initial seed data and the tool will automate the rest of the process. The platform is designed to mimic hackers/penetration testers so naturally it follows goes though the same phases as them. During the recon phase the tool is looking for additional assets and shadow IT, discovering which ports are live and the services running on them, determine the tech stack of application and services, looking at database leaks for compromised credentials, and much more. 

After the recon phase the platform moves to the exploit phase. Here the platform uses the information gathered earlier to test for security weaknesses and vulnerabilities. This can include looking for CVEs, testing for OWASP top 10 vulnerabilities such as sql injection and cross site scripting, testing passwords found on the dark web against gmail and outlook, running brute force attacks against, and much more.

Finally, after a scan has completed you can download a penetration test report of your vulnerabilities as exploits. This report can also be scheduled to send to you daily, weekly, or what ever time you decide to pick. In addition to reports you can also get notified when a new exploit is found by integrating into slack and other third party tools.

Once you setup you'r sentry via the onboarding process and initiate a scan on the sentry you should see a screen as shown below. To get to the external sentries list click the "Sentry" tab in the left side bar.

If you click the "Create Sentry" button you will be taken to the onboarding process where you can create and setup an external sentry. More information on this process can be found in the "Onboarding" document. 

This page also lists all external sentries belonging to your team. If you cant see a created sentry make sure you have been added to the sentries ACL, more information on this can be found in the ACL documentation. Each row corresponds to a separate sentry and it always displays your cyber security letter grade, found exploits, found CVEs, and found Assets. To get a deeper look at a sentry click on the sentries name.


As shown above by clicking on the sentry you are brought to the dashboard. Here you can export reports, initiate scans, and view the scan results. There are several pages and features within the external scanner more information about each tab can be found in the corresponding documents. 



Was this article helpful?

What's Next