Prancer PAC CLI
It is possible to integrate Prancer PAC pentesting in the CI / CD pipeline to integrate with your current SDLC process tightly. To do so, you will use Prancer PAC CLI to run the pentesting.
There are two different uses of Prancer-PAC. The first usage is in Scanner mode, and the system gets prancer PAC from the docker and then runs in AZURE or AWS cloud. The second usage is in custom mode, and we explain in this document how you can install and run Prancer-PAC on your local machine.
Prerequisites:
make sure the following binaries are installed on your CI machine:
-
Prancer PAC
How to Install Prancer Pac
To Install Prancer PAC, you can flow these steps:
-
You can download the latest version from here.
-
Extract download file :
tar -xvf prancer-pac-latest.tar.gz. -
If extract for the first time, You will run chmod command for install.sh:
sudo chmod 0777 install.sh. -
To Install Prancer PAC, you can run the following command:
sudo ./install.sh
To make sure prancer-pac is installed successfully, you can run this command:
$ prancer-pac version
The version of prancer pac is 1.0.0-beta linux/amd64
CI Variables
Defining variables in PAC tool to run Prancer PAC in your pipeline, you need to define some variables.
Prancer API token
Generate a user access token from Prancer SaS solution How to generate token in Prancer SaaS
You should define this variable as APITOKEN or as input variable in your CI tool. Add this as a secret.
Pentest Configuration ID
you need to get target configoration, you need to go the admin panel and choose PAC Management page from side bar and then choose your config and press in pac configuration and finally copy config id.
Pentest Customer
This is company name used in the URL. example: https://portal.prancer.io/prancer-contoso/user/login, the customer is "contoso"
How to run
-
For running pentest run following command:
prancer-pac pentest --config CONFIGURATION_ID -d prod --customer CUSTOMER_ID --token APITOKEN docker logs prancer-scanner -f -
A sample azure pipeline script:
parameters:
- name: configid
displayName: 'configid of the PAC configuration eg: 630d8a975512099de059988b'
type: string
default: ''
- name: customer
displayName: 'Name of the tenant, eg: liquware'
type: string
default: contoso
- name: token
displayName: customer API token
type: string
default: ''
trigger:
- None
resources:
- repo: self
stages:
- stage: Prancer_PAC_CLI_Pipeline_Customer
displayName: "Prancer PAC Cli setup in pipeline"
jobs:
- job: prancer_pac_cli
displayName: "prancer pac build in agent"
pool: test-agent
steps:
- bash: |
echo "Fetching prancer-pac-latest from storage account...."
curl -o prancer-pac-latest.tar.gz https://pacshare001.blob.core.windows.net/cli/prancer-pac-latest.tar.gz
tar xvfz prancer-pac-latest.tar.gz
chmod +x prancer-pac-latest/prancer-pac
prancer-pac-latest/prancer-pac version
docker pull prancer/prancer-pac:latest
prancer-pac-latest/prancer-pac pentest -c ${{parameters.configid}} -d prod -i ${{parameters.customer}} -t ${{parameters.token}} --dev prancer/prancer-pac:latest
docker logs prancer-scanner-dev -f
docker rm prancer-scanner-dev
docker image rm prancer/prancer-pac:latest
displayName: 'Run Prancer PAC CLI'
How to run pentesting on the cloud
If the pac config file declared as cloud mode such as azure, aws or gcp then your code running on the cloud.
prancer-pac pentest --token [YOUR ACCESS TOKEN] --customer [YOUR CUSTOMER ID] --config [YOUR CONFIG ID]
Finally Pentesting start on your cloud.
Pentest command
[short description] Pentest command prepare an enviroment to set your information and create zap enviroment to start test.
[long description]
### The pentest flags
-
-c, --config=> Config is the id of configuration that, it will going to extract required data from prancer database for setting up pentest configurations -
-i, --customer =>Customer should pass for getting jwt token -
-e, --env=> Set your working enviroment. the list including dev,qa and prod. (default is prod) (default "prod") -
-t, --token=> Access token should passed as prameter for getting jwt token so prancer-cli be able to send request to portal -
-o, --output=> Output field will use to get out put in terminal and out put support json and normal (Default=normal) (default "normal") -
-p, --port=> Set your available port for proxy docker port on your system, default is 8080 (default 8080) -
-s, --silent=> Silent field will use to ignore the details of terminal -
-h, --help=> Help for pentest
The pentest available commands
auth=> [short description] you enter authentication details here when you run you pentest with authentication like form base or jwt authentication :-u, --username=> Enter your target user name for authorize-p, --password=> Enter your target user name for authorize
Prancer PAC CLI Usage Guide
Follow these steps to use the Prancer PAC Command Line Interface (CLI):
Step 1 - Fetch the Latest Docker Image of prancer/prancer-pac.
To obtain the latest Docker image of prancer/prancer-pac, follow this command:
docker pull prancer/prancer-pac:latest
Step 2 - Create a docker.env file and set the following environment variables:
| Environment Variable | Description |
|---|---|
PAC_CONFIG_ID |
PAC configuration ID as in the Inventory Management. |
PAC_CONFIG_TOKEN |
Access token generated from the Prancer portal. |
PAC_CONFIG_CUSTOMER_ID |
Customer Id basically a company name in tenant URL prancer-<company name> |
PAC_CONFIG_DOMAIN |
Set your working enviroment. It should be prod for the production. |
Step 3 - Initiate PAC CLI
- Run in daemon mode
docker run --env-file docker.env --rm --name remoterun -d -p 8080:8080 prancer/prancer-pac:latest
Check the logs:
docker logs -t remoterun
- Run in foreground mode
docker run --env-file docker.env --rm --name remoterun -it -p 8080:8080 prancer/prancer-pac:latest /bin/bash
Start the pentest process:
./run.sh