Prancer On-Premise Discovery and Penetration Testing Guide

Follow these professional guidelines to conduct discovery and penetration testing within your on-premise environment using Prancer:

Step 1: Create an API Token

Generate a secure token in your environment.
Detailed instructions can be found here: Create Token

To install Prancer PAC, follow these instructions:

tar -xvf prancer-pac-latest.tar.gz

If installing for the first time, set the appropriate permissions for the installation script:

cd prancer-pac-latest/
sudo chmod 0777 install.sh

sudo ./install.sh

prancer-pac version

Expected output:

The version of prancer pac is 1.4.4 linux/amd64

prancer-pac discovery -i <customer tenant name> -t <token> -c <collectionid>

Run the provided command on your on-premise environment to start the discovery process.

Once the discovery is complete, navigate to the Inventory Management page on the Prancer portal.
You should see all discovered hosts listed.

Identify the pentest configuration ID by opening the relevant manifest file (PAC) from the Inventory Management page.
The configuration ID is located at the top of the file.
Execute the pentest with the following command:

prancer-pac pentest --config CONFIGURATION_ID -d prod --customer abccustomer --token APITOKEN

docker logs prancer-scanner -f

After completion, return to the Prancer portal.
The pentesting results will be available under Application Findings.

Ensure the following prerequisites are met for smooth operation:

Docker is installed on your system.
Your firewall permits outbound connections to:
portal.prancer.io
[customer-id].core.windows.net
(Recommended: allow *.core.windows.net for ease of use)

For additional details, refer to our knowledge base here.