Hacktor
The Hacktor is a software component that can be installed in a specific network segment to perform penetration tests on accessible assets.
Keep the Hacktor software component up to date and perform updates regularly.
Create Hacktor
To add a hacktor just press the 'Create Hacktor' button and run the source code with root privileges on a linux powered server or computer.
The host on which the hacktor is installed must be able to communicate with the target systems. If necessary, check your firewall settings and set Hacktor to an IDS whitelist.
Configuring the Hacktor
Click on the desired hacktor in the list to configure it according to your requirements.
Number of targets scanned in parallel
By default, two target systems are processed in parallel. However, if your system on which Hacktor is installed has sufficient resources, you can increase the default value. This is especially recommended if you want to pentest large IT infrastructures. This will reduce the time required for the pentest.
Timeout per target in minutes
Use the timeout value to define when a pentest on a single target system should be aborted. To do this, you specify the minutes that the scan may take per target system. You can still view the results collected up to the time of abort in the audit report, and the target system is given the status timeout.
High timeout settings potentially cause pentests to take longer. However, they ensure that no results are lost. The default 180 minutes is a compromise that you can vary according to your needs.
Frequency
You can set the frequency with which the penetration test is executed. The frequency depends on the resources available on the network. A higher frequency means shorter timeouts and more requests. This will significantly reduce the time the pentest takes. However, if a too high frequency is chosen, which overloads the tested systems, results can be lost.
In details the frequency settings have the following effects:
| LOW | MEDIUM | HIGH | |
|---|---|---|---|
Minimum RTT Timeout | 100ms | 100ms | 50ms |
Maximum RTT Timeout | 10s | 1,250ms | 300ms |
Maximum connection attempts | 10ms | 6ms | 2ms |
Maximum TCP scan delay | 1s | 10ms | 5ms |
Maximum UDP scan delay | 1s | 1s | 1s |
Timeout per target (Port Scan) | --- | --- | 15min |
Port Range
Manually set the port range to be targeted by the attacked assets. By default, the 3500 most commonly used ports are scanned and tested. You can specify individual ports as a row or a sequence. Alternatively you can combine both variants or define a different number of frequently used ports.
Use the following syntax:
SYNTAX | Example | Description |
TOP_PORTS:[number] | TOP_PORTS:3500 | Steuere eine bestimmte Anzahl von häufig verwendeten Ports an. |
[number],[number],[number],[number] | 21,22,80,443 | Enter your manually defined ports in a row. |
[number]-[number] | 1-65535 | Enter your manually defined ports in a sequence. |
[number],[number]-[number] | 21-22,80-433 | Combine series and sequence. |
Update Hacktor
The Enginsight Hacktor is continuously updated by us. In order for all (new) functions to work as desired, it is necessary that you always keep the watchdog up to date.
Go to Penetration Testing → Hacktors and check if all version numbers are up to date. A warning will be given to you if an outdated version is installed.
If an Hacktor does not have the current version number, click the Update button in the right column at Actions.
The current version number can always be found here.
Get logs
To get current logs of the software component Hacktor you have the following possibility.
On the Hacktor server: Get and save logs
If you have access to the Hacktor server, you can read out the current logs yourself. The best way is to save the logs yourself in a .txt file.
Use the commands below to do this. Adjust the filename before.
Debian:
CentOS:
How far back the logs go also depends on the configuration and the load of the server.
Last updated
