This guide will take you to the process of configuring an Internal Scanner Standalone VM on a certain instance.
An Internal Scanner is a decoupled scan engine that can allow Footprint to scan internal ranges and services that you do not want exposed to the internet.
You can configure an internal scanner either by:
📥 Downloading the installer and configuring the service yourself
💻 Installing a ready-made virtual machine and configuring it
This guide will show the steps to configure a ready-made virtual machine.
📥 Downloading the virtual machine
From the Footprint console, go to SCAN SURFACE in the main menu:
Once here, go to the SETUP SCANNERS menu option:
Once here, you will be presented with a brief overview of what an internal scanner is, as well as some required information:
🌐 Footprint Management URL: This is the URL of your Footprint instance
🔑 Internal Scanner Token: This is the token that you will use to authorize the internal scanner on your instance.
You can download the virtual machine in one of two flavors:
VMWare Fusion > 14
VMWare Player > 14
VMWare Workstation > 14
Windows 8 or greater
Manual download links:
OVA Virtual Machine (5GB): https://update.codacloud.net/is/vm/IS-Full.ova
Hyper-V Virtual Machine Gen 1 (5GB): https://update.codacloud.net/is/vm/IS-Full.hyv.zip
VMWare VMDK Disk (5GB): https://update.codacloud.net/is/vm/IS-Full.vmdk.zip
Microsoft Hyper-V VHD Disk (5GB): https://update.codacloud.net/is/vm/IS-Full.vhd.zip
QEMU Image (qcow2 format - 6GB): http://update.codacloud.net/is/vm/IS-Full.qcow2.zip
🔧 Installing and configuring the scanner
Once you have downloaded the appropriate image for your hypervisor type, you will need to create a new virtual machine for the scanner.
Start the Hyper-V Manager and go to ACTION ➡ NEW ➡ VIRTUAL MACHINE :
Follow the steps in the Virtual Machine wizard, assigning a name to the machine:
When prompted to select a generation, select GENERATION 1 :
Next, assign desired memory for the virtual machine. The minimum amount for a
/24 scan is 4096MB (4GB).
Higher workloads may require more memory. We recommend leaving the USE DYNAMIC MEMORY checkbox selected.
With regards to networking, the
Default Switch usually works fine:
When reaching the Connect Virtual Hard Disk step, select
Use an existing virtual hard disk, select BROWSE and navigate to the downloaded VHD file:
Hit finish to complete the VM creation process:
The Virtual Machine will appear in your manager’s list:
To start the machine, double click it and click on the START button. This will boot up the machine and, after a few minutes, you will see the login screen of the VM:
For the VMWare setup example, we will use the VMWare Workstation 16 Player. The setup process will be similar on other VMWare products.
First up, open VMWare Player and click on
Create a New Virtual Machine:
In the New Virtual Machine wizard, select
I will install the operating system later:
Guest Operating System page, select
Give a name to the virtual machine and select the location where you want it to be stored:
On the next screen, keep the default options and select
Store virtual disk as single file. We will not use the disk VMWare creates for us, but it is a required step in order to create a new VM.
Don’t worry about disk space use - the disk we create here won’t use any space because we won’t write anything to it.
On the final screen, hit FINISH to create the new machine:
Note: Make sure that you have at least 2 CPU cores, 8GB RAM and 80GB storage.
With our VM being created, we now need to associate the downloaded VMDK file. Right click the virtual machine and select SETTINGS :
In the window that appears, remove the existing
Hard Disk (SCSI) entry:
Next up, click on
Add… in the lower left, and select
SCSI in the next screen and click
Select a Disk screen, select
Use an existing virtual disk:
Browse on the next screen and navigate to the downloaded VMDK file:
Finish when done.
If asked whether to convert existing format, select
Keep existing format
On the next screen, click
OK to save your changes. In order to start the VM, double-click it.
If you get a warning regarding device
sata0:1, select no on the prompt.
The VM will start and you will be presented with the login screen:
🔧 Configuring the Internal Scanner
Now that our Internal Scanner is up, we need to configure it in order to link it to our Footprint instance.
Manual, Static IP Address Configuration
Please consult this KB article.
Configuring the required network permissions (outbound)
Remember to allow access from the Scanner to the following outside world destination if there is any firewall involved.
Footprint IS Automated Updates (optional, highly recommended)
Footprint IS Alerting Service (optional, highly recommended)
Footprint IS - Console Connectivity (mandatory)
Footprint IS - Console Connectivity (mandatory)
🔒 Retrieving the necessary credentials
In the Footprint Console, navigate to
Scan Surface →
Setup Scanners. On this page, you will see the management URL and token right above the download buttons:
You can click the
Copy button next to each of these in order to add them to your clipboard.
You can use the
Clipboard History feature to store multiple elements in your Clipboard. Access it via the Windows + V shortcut.
Setting up the credentials
Navigate to the URL listed on the internal scanner VM’s login screen (see above). You will see the following screen, displaying your scanner’s status:
Click the Configure button in order to input your credentials:
Label: a name that will identify this scanner in the console
Console URL: the URL of the Footprint console you are using (copy it from the Setup Scanners page)
Token: your account’s scanner token (copy it from the Setup Scanners page)
After configuring and clicking Save, the scanner will start registering with the console. This will take a few minutes, after which you will be able to see the scanner in your Deployed Scanners listing in the Footprint Console.
2 photos above show: status of the scanner controller (lef) and status in the Footprint platform (right)
After registering, the Internal Scanner needs to do a series of signature updates. These may take up to 15 minutes, in which the scanner will appear as
Starting and you will not be able to use it to start new scans.
After the scanner is shown as
Active, you are able to start new scans using it. Go to the
Extend Area modal, input your scan targets and select your desired Internal Scanner using the dropdown in the footer:
That’s it! Your scanner will now process your inputs and you will be able to see your results in just a few minutes.
In case your IS does not successfully register to the console, please make sure the following steps are checked:
Log on to the IS VM Controller app (http://IS_INTERNAL_IP:8080) and check its status. Look for any warnings.
Check the time & date of the Virtualization Server Host & the Guest IS VM
Check the outbound connectivity of the IS VM to the required. Make sure it has network access to the required outside world as depicted above in the Required Network Permissions section. Please make sure the VM has network connectivity (IP address, subnet mask, default gw, dns servers) and that outbound traffic is allowed.
Make sure it has the minimum hardware resources required
If none of the above work, give us a call and we’ll be happy to support.
Please sign in to leave a comment.