Running Authenticated (Whitebox) Scans

How to add authentication credentials to Delve in order to scan inside certain machines and obtain the information on locally-installed vulnerable software.

Credentials can be added in Delve in order to run authenticated (whitebox) scans.

Credentials can be associated to groups of assets through the use of tags (see Creating new tags and Associating credentials to tags). All the assets categorized under the tag to which the credentials are associated will be scanned with authentication using these credentials.

Tags that have credentials associated will have a left blue border visible throughout Delve.

Once a scan finishes, the report will show which credentials were used during this scan (if any).

Systems requirements for authenticated scans

Requirements for SMB authentication on Microsoft Windows machines

  • The remote registry service must be started (can be configured in the 'Services' section of Microsoft Windows).
  • File and printer sharing must be activated and in the case of Windows XP machines, the "Simple Sharing" should be deactivated.
  • If you are scanning individual systems:
    • Use an account that has administrative rights on the machine.
    • Create a new DWORD value named LocalAccountTokenFilterPolicy with the value '1' in the following key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\
  • If you are scanning systems that are part of a Domain, contact Delve Labs to obtain configuration instructions.
  • If need be, exception rules for Warden (or the Edge Service) should be created in the Windows firewall.

Requirements for SSH authentication (GNU/Linux & Cisco)

  • The SSH server (sshd) should be activated on the destination machine.
  • Key-based authentication should be activated in the SSH daemon config (/etc/ssh/sshd.conf must not contain "PubkeyAuthentication no" )
  • The user used for authentication needs to to have administrative privileges but read-only access to "root" restricted files is recommended (through the use of an administrative group).
  • For Cisco (IOS) systems, an unprivileged user that has access to the "show version" command is necessary.

Requirements for authentication on ESXi machines

  • An administrative account or a read-only role with global settings permission must be used for ESXi authentication.