Documentation

Version: Mageni 1.10

Published: 05.16.22

Author: Jonathan Jaquez, Certified CompTIA PenTest+

CompTIA PenTest+ Credentials

CompTIA PenTest+ is for cybersecurity professionals tasked with penetration testing and vulnerability management. PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.

PenTest+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program.

Requirements

OS Requirements

The following OS and platforms are supported or in plans to be supported.

OS Version Supported Download
Ubuntu 20.04 Yes Official Website
Windows Multipass (Ubuntu 20.04 Image) Yes https://multipass.run/
Linux Multipass (Ubuntu 20.04 Image) Yes https://multipass.run/
MacOS Multipass (Ubuntu 20.04 Image) Yes https://multipass.run/
Docker Desktop Windows Soon
Docker Desktop Linux Soon
Docker Desktop MacOS Soon

Hardware Requirements

The following hardware recommendations are to be used as a general guide. Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for deployments include raw network speed, the size of the network being monitored, and the configuration of the application. Processors, memory, and network cards will be heavily based on the former. Disk space requirements will vary depending on usage based on the amount and length of time data is stored on the system.

Hosts Scanned CPU Cores Memory Disk Space
512 active IPs 4@2GHz cores 8 GB RAM 30 GB
2,500 active IPs 6@2GHz cores 12 GB RAM 60 GB
10,000 active IPs 16@3GHz cores 16 GB RAM 250 GB
25,000 active IPs 4@2GHz cores 32 GB RAM 1 TB
100,000 active IPs 32@2GHz cores 64 GB RAM 2 TB

Network Requirements

  • The local network must be configured to allow outbound HTTPS (port 443) access to the Internet to download the updates and vulnerability database
  • The IP addresses for the hosts to be scanned must be accessible to the scanner

How to Install

In order to install Mageni, you will need a registration token and download the installer from the customer portal. Please register to access the customer portal

Screencast Installation

Types of Vulnerability Scans

There are several types of vulnerabilities scans that Mageni can perform:

Internal Scan

An internal vulnerability scan is the process of searching for vulnerabilities from within the business network

External Scan

This is a scan to search for vulnerabilities in the network perimeter.

The difference between an internal scan and the external scan is that the internal scan is within your network and the external scan is in the perimeter.

Credentialed Scan

This scan allows users to log into the system and see its vulnerabilities from a trusted source’s perspective. This process identifies vulnerabilities from workstations, network hosts, and servers while giving users a better understanding of the system’s patch management and configurations

Non-Credentialed Scan

A non-credentialed scan offers the perspective of someone who infiltrated the system. Users can remotely check for security risks like unsecured web servers and misconfigured firewalls. By employing both types of scans, you can be sure sensitive information is safe on your networks

A credentialed scan will find more vulnerabilities than a non-credentialed scan and it is necessary for gray-box testing.

Create a Scan

Click the "New Scan" button.

A window will show up, here you can define the name, description and scanning template of your scan.

Once that you have chosen the name, description and scanning template click "Next Step"

Next, include the targets or assets that you want to scan and click "Next Step"

Next, you can define if you want to perform a credentialed or non-credentialed scan. For this example, we will perform a non-credentialed scan. So click "Next Step"

Next, you can define a schedule. In this example, we won't create a schedule. So click "Next Step"

Now, before you save the scan, you can review the information. If everything is ok, click "Save".

The scan is saved and now you can see it on the scan Dashboard and start, delete or edit it.

Screencast Create a Scan