ENGINSIGHT
WebsiteLoginKostenloser Testzugang
English
English
  • Overview
  • Features
  • Operation
    • Platform overview
    • Start Guide
    • Platform
      • Dashboard
        • Vulnerability Management
        • Operation Centers
        • My Dashboards
        • Configurations
      • Issues
      • Hosts (Pulsar Agent)
        • Pulsar Agent
        • Host details
        • Policy Manager
        • Software Inventory
        • Intrusion Detection System
        • File Integrity Monitoring
        • System events
        • Update Manager
        • Plugins
        • Machine Learning
      • Host (Pulsar-Agent) BETA
        • Pulsar Agent
        • Hostdetails
        • Softwareinventar
        • Plugins
        • Policies
        • Globale Tags
        • Tag Manager
        • System Events
        • Vulnerability Manager
        • Compliance
        • Intrusion Detection System
        • File Integrity Monitoring
        • Advanced Persistent Threats
      • Endpoints (Observer)
        • Endpoint details
        • Domains
        • Certificate Manager
        • Observer
      • Observations
      • Shield
      • Penetration Testing (Hacktor)
        • Run pentest
        • Audits
        • Audit Definitions
        • Target Groups
        • Auth-Providers
        • Hacktor
        • Custom Scripts
      • Discoveries
      • SIEM
        • Data Lake
        • Cockpits
        • Obfuscators
        • Workflows
        • Incidents
        • Extractors
        • Collectors
        • Loggernaut
        • Advanced Settings
        • Models
      • Alerts
      • Settings
      • Organisations
      • Tags
      • Searchbar
  • On-Premises
    • Requirements
    • Installation
      • Automatic Installation
      • Manual Installation
      • Load Balancing
      • SIEM
      • Deinstallation
    • Update
    • Configuration
      • HTTPS and Certificates
      • Licences and Organisations
      • Mail Server
      • 2-Factor Authentication
      • SSO via Office 365
      • Storage Times
      • White Label
      • NGINX Extractor
      • Field Level Encryption
      • Loggernaut-Configurations
  • Technical Details
    • System Requirements
      • Pulsar: Operating Systems
    • Current version numbers
    • Pentest Vectors
    • API
  • Partner section
    • Licenses and organizations
Powered by GitBook
On this page
  • Create Hacktor
  • Configuring the Hacktor
  • Number of targets scanned in parallel
  • Timeout per target in minutes
  • Frequency
  • Port Range
  • Update Hacktor
  • Get logs
  • On the Hacktor server: Get and save logs

Was this helpful?

  1. Operation
  2. Platform
  3. Penetration Testing (Hacktor)

Hacktor

PreviousAuth-ProvidersNextCustom Scripts

Last updated 11 months ago

Was this helpful?

The Hacktor is a software component that can be installed in a specific network segment to perform penetration tests on accessible assets.

Keep the Hacktor software component up to date and .

Create Hacktor

To add a hacktor just press the 'Create Hacktor' button and run the source code with root privileges on a linux powered server or computer.

Configuring the Hacktor

Click on the desired hacktor in the list to configure it according to your requirements.

Number of targets scanned in parallel

By default, two target systems are processed in parallel. However, if your system on which Hacktor is installed has sufficient resources, you can increase the default value. This is especially recommended if you want to pentest large IT infrastructures. This will reduce the time required for the pentest.

Timeout per target in minutes

Use the timeout value to define when a pentest on a single target system should be aborted. To do this, you specify the minutes that the scan may take per target system. You can still view the results collected up to the time of abort in the audit report, and the target system is given the status timeout.

High timeout settings potentially cause pentests to take longer. However, they ensure that no results are lost. The default 180 minutes is a compromise that you can vary according to your needs.

Frequency

You can set the frequency with which the penetration test is executed. The frequency depends on the resources available on the network. A higher frequency means shorter timeouts and more requests. This will significantly reduce the time the pentest takes. However, if a too high frequency is chosen, which overloads the tested systems, results can be lost.

In details the frequency settings have the following effects:

LOW
MEDIUM
HIGH

Minimum RTT Timeout

100ms

100ms

50ms

Maximum RTT Timeout

10s

1,250ms

300ms

Maximum connection attempts

10ms

6ms

2ms

Maximum TCP scan delay

1s

10ms

5ms

Maximum UDP scan delay

1s

1s

1s

Timeout per target (Port Scan)

---

---

15min

Port Range

Manually set the port range to be targeted by the attacked assets. By default, the 3500 most commonly used ports are scanned and tested. You can specify individual ports as a row or a sequence. Alternatively you can combine both variants or define a different number of frequently used ports.

Use the following syntax:

SYNTAX

Example

Description

TOP_PORTS:[number]

TOP_PORTS:3500

Steuere eine bestimmte Anzahl von häufig verwendeten Ports an.

[number],[number],[number],[number]

21,22,80,443

Enter your manually defined ports in a row.

[number]-[number]

1-65535

Enter your manually defined ports in a sequence.

[number],[number]-[number]

21-22,80-433

Combine series and sequence.

Update Hacktor

The Enginsight Hacktor is continuously updated by us. In order for all (new) functions to work as desired, it is necessary that you always keep the watchdog up to date.

  1. Go to Penetration Testing → Hacktors and check if all version numbers are up to date. A warning will be given to you if an outdated version is installed.

  2. If an Hacktor does not have the current version number, click the Update button in the right column at Actions.

Get logs

To get current logs of the software component Hacktor you have the following possibility.

On the Hacktor server: Get and save logs

If you have access to the Hacktor server, you can read out the current logs yourself. The best way is to save the logs yourself in a .txt file.

Use the commands below to do this. Adjust the filename before.

Debian:

cat /var/log/syslog | grep -a hacktor-m24 > /tmp/<dateiname>.txt

CentOS:

cat /var/log/messages | grep -a hacktor-m24 > /tmp/<dateiname>.txt

How far back the logs go also depends on the configuration and the load of the server.

If you want to add a Hacktor container, it is necessary that you log in on each machine via docker loginregistry.enginsight.com. This means that the access data must be entered and saved on several machines. In the case of password rotation, these access data must be updated accordingly everywhere! Further information on the secure storage of access data can be found .

The host on which the hacktor is installed must be able to communicate with the target systems. If necessary, check your firewall settings and set Hacktor to an .

The current version number

here
can always be found here.
perform updates regularly
IDS whitelist