AWS External Scanner with New VPC
This page provides instructions on how to use Prancer to create a PAC config that can be used to run a Pentest on a target web application on AWS using an external scanner. The article outlines the steps for creating the PAC config and setting up an AWS VPC. Once the configuration is set up, the article shows how to run the Pentest and view the results. The provided YAML code also shows how the PAC config should be structured.
- AWS External Scanner *
AWS Cloud Allow client to create Resources like TaskDefintion,Cluster,SecurityGroup,EC2, S3, VPC, ELB etc. Here we Create Own VPC and which is connected publicly. Using Own VPC created can run Task and make i Pentest on Target Machine
Prancer Pentesting for web application
It will help to create PAC Config, Which is helpful to create AWS Resource and Own VPC, it will help to run Pentest for provided target machine.
Create PAC Config using following Steps (#Note on the scanner selection Page need to select New Pentest under that needs to select External , for New VPC needs to select create new VPC option)
Find Complete PAC File like this
Collection: aws ConnectionName: aws_connector CloudType: aws ApplicatioName: external_safe_001 RiskLevel: safe Compliance: - CIS - HIPAA ApplicationType: WebScan Schedule: onetime Target: <<your target endpoint>> RescourceID: <<Some Resource ID>> Scanner: Cloud: Platform: AWS: AfterRun: delete NewFargate: External: AccountId: "<<account Id>>" Region: us-west-2 TaskDefinition: pentest-task ClusterName: pentest-cluster SecurityGroup: pentest-security-group ContainerName: prancer-scanner SubnetId: VpcCidr: <<VPC Cidr eg. 10.0.0.0/16>> VpcId: "" SubnetCidr: <<Subnet CIDR eg. 10.0.0.0/24>> IGCidr: <<Internet gateway CIDR eg. 0.0.0.0/0>> AuthenticationMethod: noAuthentication AddOns: - accessControl - ascanrulesBeta - sqliplugin
Run the Pentest:
- Click on
startbutton to run the pentest.
- After sometimes when the Pentest will complete then can see the results by click on
See Latest Resultslink.
- It will open the
Application Security Findingspage.