How to scan the internal network using Docker VPN Agent

You can perform internal scanning without any configuration on multiple platforms such as Windows, Linux, or even Apple M1 chips.

Basic ❌ / Advanced ✔️ / Teams & Enterprise ✔️

The Pentest-Tools.com VPN Agent is a small appliance that can be easily deployed on a multitude of platforms in order for our tools to gain access to your internal network.

⚠️ Before starting, please make sure you have Docker Engine installed on the host machine where you want to deploy the Agent. You can find more information here.

Step 1: Create a new VPN Agent Profile

Go to VPN Profiles, click on + Add VPN Profile, and select Use VPN Agent (for the other options, check our support center).

These are important configuration steps that can be set now, or later by editing the VPN Profile:

  1. Make sure you specify any internal DNS, but also keep an external DNS such as Google's 8.8.8.8 as some of our tools require access to external resources.
  2. Don't forget to select the desired Workspace(s) that you want to associate this VPN Profile with. All scans in these workspaces will pass through the VPN Tunnel.
  3. [Optional] specify a limit for how many parallel scans you can execute over this VPN Profile (you can't set more than the maximum parallel scans included in your pricing plan). This is useful, especially for setups that cannot handle more than a few parallel scans due to network limitations.

Each VPN Agent Profile can be deployed using multiple methods. In order to find those methods, you can click on the yellow button Deploy. In this article, we will focus only on the Docker method and how to install the Pentest-Tools.com Docker to scan private networks or bypass firewall restrictions.

Step 2: Copy the docker run command

Copy the docker command and paste it into the terminal of the host machine.

Step 3: Launch the Docker Agent into the terminal

At the first run, the docker will automatically pull the image from our official docker hub repository.

Make sure that the outbound connection on port 22 is allowed from your host machine. Otherwise, the agent will fail the step Starting SSH to vpn.pentest-tools.com:22...
Please ensure that the host machine can reach vpn.pentest-tools.com and that it can correctly resolve the name.

Step 4: Test the connection

Click the play button to test the connection to the deployed agent.

Congrats! 🎉
You’ve successfully configured the Docker VPN Agent and you can start scanning your infrastructure.