Menu option: InfoSec > Internal PenTest

Use the PenTest Agent to instruct VirtualSME to run PenTests on selected part of your infrastructure from inside your firewall.

You can run tests on:

• Network - use for Network devices (CISCO switches, routers and so on), Infrastructure security scanning, embedded systems.
• API - use for Host application security scanning, vulnerability assessments, API endpoint penetration, database security scanning.
• Full Stack - use for Comprehensive security assessments, Data center compute blades, Container + host scanning.

Each scan can be run on Ubuntu (Linux), Windows or Mac. You'll need to select the scan type and operating system when you download and create the agent.

You can create as many agents as you need to run the scans you require.

To download and create an agent:

1. In the Internal PenTesting screen, click on the Discover tab:
   
   
    
2. Click on Download Agent. The following dialog box opens:
   
   
    
3. Scroll to the type of scan that you want to run using this Agent, one of Network, API or Full Stack. Each scan type has its own operating system download options. 
    
4. Select the operating system that you want to run the scan on, and then click Download. The agent downloads to the location you select.
   
   
    
5. Double-click on install.sh. The PenTest Agent downloads.
6. Return to this screen and click on API Key next to the Download Agent button you selected in step 2. The following dialog box opens:
   
   
    
7. Complete this screen as follows:
   New User Quota - 
   Expiry Date - set an expiry date for the API Key.
   Permissions - select from Full Access, Read Only or Scan Only.
   Description - optionally, enter any further details about this API Key.
   Click on Generate API Key.
    
8. Open the PenTest Agent. The following screen opens:
   
    

Related Articles

• Set up a scheduled PenTest
• Run an on-demand PenTest
• Review security vulnerabilities