search

How to Trigger an Internal Scan

Follow these steps to initiate an internal scan in Pentest Copilot Enterprise.

hashtag
1. Connect the Agent

  • Connect an Agent with a Custom Agent ID to Pentest Copilot.

  • Ensure the agent has a network route to the infrastructure you want to test.

Agentschevron-right

hashtag
2. Open Discovery Module

  • Navigate to Modules → Internal Assessment → Discovery.

hashtag
3. Select the Agent

  • Choose the Agent ID that is connected to your internal network.

hashtag
4. Define the Scope

  • A list of available subnets will be displayed.

  • Provide:

    • A list of IP addresses, or

    • A CIDR range within the displayed subnets.

hashtag
5. Run or Schedule Discovery

  • Either Run Discovery immediately or Schedule it for later.

hashtag
6. Launch the Main Module

  • Navigate to Modules → Internal Assessment → Module.

hashtag
7. Select Subnets for Assessment

  1. View Available Subnets: The module displays a table of all available subnets discovered in your network, showing:

    • Subnet CIDR (e.g., 192.168.1.0/24)

    • Subnet name

  2. Select Subnets:

    • Use the checkbox in the first column to select individual subnets

    • Use the header checkbox to select/deselect all subnets at once

    • You can select multiple subnets to run assessments in parallel

  3. Configure Each Selected Subnet: For each selected subnet, configure the following:

    Agent Selection:

    • Choose which agent will run the assessment for that subnet

    • Agents that are in the same subnet are automatically prioritized and marked with "(Same Subnet)"

    • The system automatically selects the best agent if one is available in the subnet

    Confidence Level:

    • Set the confidence level (0.00 to 1.00) for the assessment

    • This determines how aggressive the assessment will be

    • Higher values indicate higher confidence in findings

    Exploit Mode:

    • Enabled: The assessment will run exploit submodules during the assessment

    • Disabled: The assessment will only perform enumeration and discovery without attempting exploits

hashtag
8. Configure Entity Exclusion List

After selecting subnets, the module automatically displays all entities directly connected to the selected subnets:

  1. View Subnet Entities:

    • A table appears showing all entities (Hosts, Users, Groups) connected to your selected subnets

    • Each entity displays:

      • Type: Host, User, or Group

      • Name: Entity identifier (hostname/IP for hosts, username for users, group name for groups)

      • Incoming Relation: How the entity is connected to the subnet

  2. Exclude Entities:

    • By default, all entities are included in the assessment

    • To exclude an entity, uncheck the checkbox next to it

    • You can exclude multiple entities across different subnets

    • The exclusion count is displayed at the top of the entity table

hashtag
9. Review Configuration (Optional)

Before running the assessment, you can review your configuration:

  1. Click "Run Assessment" button

  2. A review drawer opens showing:

    • All selected subnets with their configurations

    • Confidence level for each subnet

    • Exploit mode status (Enabled/Disabled)

    • Agent assigned to each subnet

    • Number of excluded entities per subnet

  3. Review the summary and either:

    • Click "Cancel" to go back and make changes

    • Click "Run assessment" to proceed with the assessment

PreviousManual CrawlerNextAttack Surface

Last updated