Overview: What is the vPenTest Agent and how does it work?

What is vPenTest?

Developed by Vonahi Security, vPenTest is Vonahi Security’s platform that aims to solve organizations’ challenges seeking a penetration test. This is done by combining methodologies, toolkits, scripts, and processes into an automated procedure to help provide organizations with more value than traditional assessments.

Using vPenTest, organizations can expect to have a penetration test performed at any time for any reason to evaluate their risks to cyber-attacks without the need of a physical human and coordination efforts.

vPenTest Agent

Vonahi Security has developed an Agent, coded in Ruby, that runs on top of Ubuntu. This Agent is essentially responsible for transferring data between the Ubuntu system and the vPenTest server, including running commands.

How does the vPenTest Agent work?

The vPenTest VM is only active before, during, and shortly after a penetration test. In other words, the VM is only connected and accessible by Vonahi Security specifically to perform its assessment.

To initiate connectivity, you must either provide your email address (that was registered in a Company’s settings in the portal) or a unique ID generated by your consultant or an Agent in the portal. Once this information is provided, the Agent will validate itself with the vPenTest server. If vPenTest detects malicious requests, the source public IP address will be blocklisted and the VM will be unable to connect.

Your VM will check to see if there is a scheduled assessment on a periodic basis. If a scheduled assessment is coming soon, the VM will auto-register itself to the vPenTest server again, allowing for remote connectivity from the vPenTest server.

Here’s an example of the vPenTest menu:
******************************************
* vPenTest Remote Access Agent v1.35 *
* Agent UUID: 31337x41 *
* Your public IP: 1.1.1.1 *
******************************************
1. Assign IP address configuration
2. Register Agent
3. Reboot
4. Shut down
5. Exit
Choose an option:

Permitting access

We leverage Amazon Web Services (AWS) to establish remote, secure access to your VM. All traffic occurring between vPenTest and your VM will originate from AWS, which the VM uses port 443/tcp (HTTPS) outbound to establish this access. Please allow outbound access to this port and to all destinations. Vonahi Security uses several Internet-facing services to perform updates, pull down additional tools, recompile tools, scripts, and more.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.