New Scope Tutorial

Let see how to configure and launch a scope inside app.hackermate.io/create-scope:

Scope Creation

Name

The first step is naming the new scope:

The name cannot contain special characters.

Assets

The second step is indicating the assets of the scope: Domains, Subdomains, Emails, IPs, Ranges and Webs.

HACKERMATE will automatically discover most of these assets from an initial asset. For example, from a domain, HM will discover subdomains, IPs, emails and webs relate to the original domain.

For more information about HM's discovery capabilities take a look at this page:

HACKERMATE

GCSE (Dorks)

If you don't know what "dorks" are, we recommend reading this page before continuing:

GCSE (Google Custom Search Engine) - Tutorial

For checking dorks, it's required to indicate the GCSE ID where the dorks will be searched.

The following options are available in this category:

  • Don't use GCSE: Dorks won't be searched

  • Use main categories: Main dorks will be searched

  • Use all categories: Search all dorks

Note that when searching for dorks, if any domain of the scope is affected by a dork, HACKERMATE will only retrieve the first 10 URLs affected.

Settings

HACKERMATE also allows configuring how it's going to behave when an asset (from the initial scope or HM's discovery capabilities) is found:

  • Limit IPs: This setting indicates whether HM scans IPs discovered by the scan and which are not included in the original scope.

    • e.g. an IP related to a subdomain discovered by the scan

  • Avoid CDNs IPs: This setting indicates whether HM scans IPs related to a CDN.

    • e.g. an IP of a Cloudflare machine pointed by a subdomain of the scope.

  • TCP Scan: This setting indicates whether HM launches a TCP scan over the IPs.

  • UDP Scan: This setting indicates whether HM launches an UDP scan over the IPs.

  • Vulnerability Assessment: This setting indicates whether HM performs an active vulnerability assessment over the new IP.

  • Brute-Force: This setting indicates whether HM performs brute-force attacks over network services discovered by the scan.

    • e.g. if a SSH service is discovered, and this setting is enabled, HM will launch a Brute-Force attack which uses credentials frequently used in SSH.

  • Limit Webs: This setting indicates whether HM scans new discovered Webs discovered by the scan and which aren't set in the scope.

    • e.g. If a web of a subdomain is discovered, and this setting is enabled, HM will scan the web.

  • Only Passive over New Webs: This setting indicates whether HM launches only "passive" modules over webs discovered by the scan and which are not set in the scope. In this scenario, passive means that only well behaving tools will be launched.

    • e.g. If a web of a subdomain is discovered, and this setting is enabled HM will launch only "passive" web analysis

Legal

Finally, before launching the scope you need to agree with the Terms of Service and explicitly indicate that you are allowed to launch the analysis over the indicated assets:

Cost Estimation

Once you have configured your scope, proceed to the cost estimation. An estimation of the cost of the scope will be displayed. The estimation will look similar to this one:

If you agree with the cost estimation, select your payment method, and proceed to payment. After paying, the scope will be automatically launched.

PreviousHACKERMATENextGCSE (Google Custom Search Engine) - Tutorial

Last updated

Was this helpful?