Creating a local or network source

Edit online

Add a local or network source to your system to create an implant that tests the security of your network devices.

Before you begin

When you choose a target system for your source, consider the following scenarios:
  • Local sources
    • To maximize the benefits of testing locally, choose a target system that represents a standard configuration of what you find in your organization's network.
  • Network sources
    • The connectivity from your target system to other entities within your network determines what Randori scans.
    • For example, if you want to test your network segmentation, you can choose a host that does not have complete access to your infrastructure. If you want to test and discover as much as possible from one system, choose a target system with broad access to other systems on your network.

Procedure

  1. On the Sources page, click Create new source.
  2. Configure the following attributes.
    Table 1. Source attributes
    Attribute Description
    Source Name Enter a descriptive name for your source. You can include the location or purpose of the environment where you intend to install this source.
    Type Choose Network or Local.
    Operating System Choose Windows or Linux.
    Important: You can install Network sources on the Linux® operating system only.
    Architecture Choose the architecture of your operating system:
    • x86
    • x86_64
    Perspective Select the perspective that you want your source to have. You can select the Default Internal perspective, create your own, or select a previously created perspective.

    For more information, see Perspectives.
    Source Note Add a note to capture more information about the source for other users to see and reference.
  3. Click Create Source.
    When the source is created, a window opens with confirmation information. This process can take a few minutes.
  4. Download the .zip file from the window. You can also download the file by clicking the overflow menu next to the table entry for the source.
  5. Linux only: Install a source.
    1. Use SCP to add the .zip file to your Linux system.
    2. Extract the contents by running the following command: 
      unzip <filename>
    3. Local only: In the directory where the implant.bin file is extracted, run the following commands: 
      chmod +x ./implant.bin
      ./implant.bin
      Important: If you want the source to run with privileged permissions, run the command as root. 
      ps aux | grep implant
    4. Network only: If you want to persist the source through reboots, run the following command as root: 
      ./implant.bin -p
      If you do not want the source to restart on reboot, run the following command as root: 
      ./implant.bin
      After you run one of the previous commands, run the following command:
      ps aux | grep riasma
    5. Verify that the implant process runs. The following example shows a successful implant process. 
      root@Testbox:/home/ubuntu# ps aux | grep implant 
root      5456 3.0  0.7  30396 30136 ?        S    02:34   9:41 
/home/ubuntu/implant.bin
  6. Windows only: Install a local source.
    1. Upload the .zip file to the target system.
    2. Extract the file.
    3. Optional: To run the source as a privileged user, open the command prompt as an administrator.
    4. To run the command without persisting, run the following command in the source's directory: 
      implant.exe user
    5. To run the command with persisting, run the following command as an administrator in the source's directory: 
      implant.exe install
    6. In the task manager, verify that the implant process is running.

Results

Validate that the source is installed by checking the source on the Sources page. When the source is installed correctly, the source has an online status and Randori runs a check-in event.

Deleting a source

Edit online

Deleting a source is irreversible and can affect your attack surface if another source is not installed.

Procedure

  1. On the Sources page, click the overflow menu of the entry that you want to remove.
  2. Click Delete.
  3. Linux only: If you persisted the source when you installed it, run the following command on the source's target system: 
    /usr/local/sbin/riasma.sh -u
  4. Windows only: Run the following command as an administrator: 
    implant.exe uninstall