About VAPT-SE

Vulnerability assessment and penetration testing (VAPT) is a service that ControlCase provides. The VAPT-SE solution is intended to be the replacement for the VAPT virtual machine solution that is now agnostic of the underlying hardware and can be successfully deployed on bare metal, virtual machines, or even cloud machines in a few minutes.

Introduction to the VAPT-SE Installation

The VAPT-SE solution provides various options for installation. To ensure a successful VAPT-SE deployment, we will step through each of the installation methods, and the sequence of tasks.
The four core components of the VAPT-SE solution are:

  • The ControlCase remote management software
  • A Custom selection of Linux tools required to support the vulnerability assessment and penetration testing operation
  • The Rapid7 Nexpose engine
  • The Rapid7 Metasploit engine

Requirements

Customer Credentials

  • ClientK number from ControlCase
  • Remote Management Key (RemoteID) from ControlCase
  • root/sudo access to elevate permissions on the target machine

Hardware

  • CPU: Quad Core
  • RAM: 8 GB
  • Free Disk Space: 100 GB (in /opt)

Operating System

  • Ubuntu 16 LTS
    • Fresh Installation (No unauthorized 3rd party software installed)
    • Root access to download and install the ControlCase software
  • Ubuntu 18 LTS
    • Fresh Installation (No unauthorized 3rd party software installed)
    • Root access to download and install the ControlCase software

Network Access

If firewalls are present on your network, please ensure you allow access to the necessary network locations and ports as described here:

Source Destination TCP Port Description
VAPT-SE con-eu.controlcase.com 443 ControlCase Remote Management
VAPT-SE ccst-eu.controlcase.com 443 ControlCase Scan Engine
VAPT-SE download2.rapid7.com 80 Rapid7 Metasploit and Nexpose Installers

NOTE: The installer will need to access the local Ubuntu repositories as defined in /etc/apt/sources to install software using the advanced package tool (apt)

NOTE: If you manually download and transfer the Rapid7 installers to the VAPT-SE machine you will not have to open the firewall to download2.rapid7.com

Installation

In this section we will discuss the installation of the VAPT-SE solution
This will install all the software defined in the Software List, including the ControlCase Remote Management Agent.

Install

Syntax

./VAPT-SE.sh install –clientk <####> –remoteid ‘<RemoteID>’

NOTE: It is expected that the VAPT-SE.sh file is set to executable. If it is not, you may issue the command ‘chmod +x VAPT-SE.sh’ to set it executable.

Example Output

Proinstall

The proinstall method will skip the apt-status verification, RAM allocation, free disk space allocation verification and the network connectivity verification steps as observed in the regular installation. This method should be used by experts or at the request of ControlCase support.

Syntax

./VAPT-SE.sh proinstall –clientk <####> –remoteid ‘<RemoteID>’

Example Output

Uninstallation

If you wish to uninstall the software, there are multiple methods:

Uninstall

This will only uninstall the ControlCase Remote Management Agent.

Syntax

./VAPT-SE.sh uninstall –clientk <####>

Example Output

Uninstallall

This will uninstall all the software defined in the Software List including the ControlCase Remove Management Agent

Syntax

./VAPT-SE.sh uninstallall –clientk <####>

NOTE: It is expected that the VAPT-SE.sh file is set to executable. If it is not, you may issue the command ‘chmod +x VAPT-SE.sh’ to set it executable.

Example Output

Software List

Kali Packages

  • braa
  • cisco-auditing-tools
  • dnsenum
  • exploitdb
  • firewalk
  • johnny
  • nishang
  • sidguesser
  • smtp-user-enum
  • snmpcheck
  • tlssled
  • wfuzz
  • wordlists
  • wpscan

Rapid7

  • Nexpose
  • Metasploit

Ubuntu Packages

  • apt-transport-https
  • cryptcat
  • dnswalk
  • hping3
  • httptunnel
  • nmap
  • sqlmap

Troubleshooting

If you are having issues with the solution, you can invoke the ‘test’ method which will run through the pre-flight checks to ensure that the RAM, free disk space and network target (con.controlcase.com) are currently reachable.

Syntax

./VAPT-SE.sh test

NOTE: It is expected that the VAPT-SE.sh file is set to executable. If it is not, you may issue the command ‘chmod +x VAPT-SE.sh’ to set it executable.

Example Output