Prancer On-Premise Discovery and Penetration Testing Guide

Follow these professional guidelines to conduct discovery and penetration testing within your on-premise environment using Prancer:


Step 1: Create an API Token

Generate a secure token in your environment.
Detailed instructions can be found here: Create Token


Step 2: Install Prancer PAC

To install Prancer PAC, follow these instructions:

tar -xvf prancer-pac-latest.tar.gz
  • If installing for the first time, set the appropriate permissions for the installation script:
cd prancer-pac-latest/
sudo chmod 0777 install.sh
  • Run the installation script:
sudo ./install.sh
  • Verify the installation by running:
prancer-pac version

Expected output:

The version of prancer pac is 1.4.4 linux/amd64

Step 3: Autonomous Discovery Wizard

  • Open the autonomous discovery wizard in your Prancer portal.
  • Select "On Premise" and enter your IP address range.
  • Submit the information, and you'll receive a generated command.
prancer-pac discovery -i <customer tenant name> -t <token> -c <collectionid>
  • Run the provided command on your on-premise environment to start the discovery process.

Step 4: Verify Inventory

Once the discovery is complete, navigate to the Inventory Management page on the Prancer portal.
You should see all discovered hosts listed.


Step 5: Conduct Penetration Testing

  • Identify the pentest configuration ID by opening the relevant manifest file (PAC) from the Inventory Management page.
    The configuration ID is located at the top of the file.

  • Execute the pentest with the following command:

prancer-pac pentest --config CONFIGURATION_ID -d prod --customer abccustomer --token APITOKEN
  • To monitor logs during the pentesting process, run:
docker logs prancer-scanner -f

Step 6: View Results

After completion, return to the Prancer portal.
The pentesting results will be available under Application Findings.


Step 7: Required Network and Software Configurations

Ensure the following prerequisites are met for smooth operation:

  • Docker is installed on your system.
  • Your firewall permits outbound connections to:
  • portal.prancer.io
  • [customer-id].core.windows.net
    (Recommended: allow *.core.windows.net for ease of use)

For additional details, refer to our knowledge base here.