Segmentation Test¶

The NodeZero segmentation test scans the internal network for potential targets to run attacks against. This test does not run any attacks; it just scans for IPs, ports, services, and applications on the network.

Why Should I Run a NodeZero Segmentation Test?¶

Here are three primary use cases for running a segmentation test:

See what NodeZero finds in a network before running tests that perform exploits.
Provide a list of assets on the network at the time the test is run.
Quick test to familiarize you (or other users) with how results are reported.

The following sections outline how to configure and run the test.

(Optional) Set Up a Runner¶

Creating a Runner for the segmentation test will enable you to run the test directly from the NodeZero Portal, and will also facilitate running the test repeatedly. For configuration steps, see NodeZero Runner.

Create a New Pentest¶

Open the NodeZero Portal and navigate to the Pentests tab.

Click + RUN PENTEST, then select the Operational Scenario Testing category.

Select a Test Category screen - operational scenario testing link

Select Segmentation Testing to open the configuration for this pentest.

Run an Operational Scenario Test screen - segmentation testing link

Configure a Segmentation Test¶

You can fill out three sections for this test: Pentest Template, Name, and Scope.

Select a Template and Name¶

Select a Pentest Template to use for the test, and give the test a Name.

Name section - pentest template and name fields are required

Set a Scope¶

The scope is the set of IPs and/or subnets (in CIDR notation) within which you want to run the test. This should be set to the network of interest.

If you are unclear on CIDR notation, here is a reference and a calculator app to assist you:

If your environment uses 192.168.0.1 and the subnet mask is 255.255.255.0, then you’ll add the following to the Include section: 192.168.0.0/24

For properly segmented environments, use comma-separated CIDR notation. For example: 192.168.0.0/16,172.16.10.0/24,10.0.0.0/8

Most internal networks will use the designated private IPs to scan all of these. To automatically add the entire private IP space to the scope, enable the Add Full Private IP Space toggle.

If you are running NodeZero in a more complex environment, set the scope to cover as many subnets as possible. You should ask your network administrator for a list of CIDR-notated subnets.

The Exclude section stops NodeZero from scanning or exploiting a set of IPs or subnets that you supply (in CIDR notation). NodeZero might still discover these IPs via various techniques within the pentest, but NodeZero will not touch them. Within the pentest results, these IPs might show up in the Out of Scope list.

When satisfied with your scope, click Next.

(Optional) Select a Runner¶

To assign the test to a Runner that you've already created, select that Runner from the drop-down shown here.

Run the Test¶

Finally, click Run Pentest to generate the start script to run. If you've assigned a Runner, the Runner will automatically pick up the script and start the test on your behalf. If you're not using a Runner, log in to the NodeZero host, copy/paste the script onto the command line, and execute the script to start the test.

You've started an Segmentation Test

NodeZero sends a notification email once the segmentation test completes.