SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Installing Netsparker Hawk Internally

Netsparker Hawk is the infrastructure the Netsparker web application security scanner uses to detect Server Side Request Forgery (SSRF), and all other kinds of blind, asynchronous and second order vulnerabilities that require data to be sent over out-of-band channels.

This topic explains how to hosting Netsparker Hawk infrastructure on your environment.

For further information, see How Netsparker Hawk Finds Vulnerabilities.

Requirements

These are the minimum requirements for the machines on which you install Netsparker Hawk:

  • Docker must be installed
  • SSL certificate ready in .pem format for <DOMAIN_NAME>
  • Recommended RAM: 4 GB
  • Recommended disk: 100 GB (mostly for logging purposes)

How to Install Netsparker Hawk Internally

  1. Make sure you have a Static IP address to allocate to the DNS Server, which will be referred to as <STATIC_IP> in these steps.
  2. Register a short DNS Address, which will be referred to as <DOMAIN_NAME>& or example.com in this document.
  3. Register ns.<DOMAIN_NAME> and ns2.<DOMAIN_NAME> as Name Servers for <DOMAIN_NAME>.
  4. Point ns.<DOMAIN_NAME> and ns2.<DOMAIN_NAME> to <STATIC_IP>. The Name Server will be hosted inside the Docker Container.
  5. Please make sure that the following Netsparker Hawk ports are reachable and not used by any other process:
    • TCP 80, 53, 443; from everywhere
    • UDP 53; from everywhere
  6. Download the latest compressed Hawk Docker image file and copy it to a machine with a Docker installation. You can download it from this link: https://s3.amazonaws.com/ns.hawk/netsparkerhawk.tar.xz
  7. Load this image to Docker using the following command:
docker load < netsparkerhawk.tar.xz

  1. Create a container using the following command. Adjust the command, by inserting your own domain name (<DOMAIN NAME> and static IP (<STATIC IP>).
docker create -it -e DOMAIN_NAME='<DOMAIN_NAME>' -e STATIC_IP='<STATIC_IP>' -e RESPONDER_HTTP_ONLY='NO' --security-opt=no-new-privileges --restart=always --oom-kill-disable --memory=3g -p 80:80 -p 443:443 -p 53:53/udp --name netsparkerhawk netsparkerhawk

  1. We recommend that you have SSL support between Netsparker and Netsparker Hawk. If your certificates are in .crt and .key file formats, they should be converted to .pem files (see https://stackoverflow.com/search?q=crt+key+pem).
    • Copy your certificate and private key into the cert folder in the Hawk container
    • docker cp fullchain.pem netsparkerhawk:/opt/cert/fullchain.pem
    • docker cp privkey.pem netsparkerhawk:/opt/cert/privkey.pem
    • If you do not wish to use HTTPS, e.g. for testing purposes, pass the RESPONDER_HTTP_ONLY='YES' argument to the docker create command.
  2. Start the container:
    • docker start netsparkerhawk
  3. Configure DNS for <DOMAIN_NAME>, as in example.com:
    • Define two name servers ns.example.com and ns2.example.com to point to the static IP address of the docker host
    • Check that the docker host machine is accessible using these DNS names
    • Netsparker Hawk should be able to resolve the following addresses:
      • example.com
      • ns.example.com
      • ns2.example.com
      • a.example.com
      • a.b.c.example.com
      • aaaaaaaaaaaaaaaaaaaaaaa.example.com
  4. Change Netsparker Hawk URI in the policy to https://example.com or http://example.com if you do not want to use HTTPS.

  1. Validate DNS Settings and Validate Netsparker Hawk.

  1. You can now run Netsparker scans using a custom server that uses this policy for Netsparker Hawk verification.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO