Quick Start
Installation guide for Fleetfolio Pentest Module.
Quick Start Guide
This guide explains how to set up and run Fleetfolio Pentest Module via Docker.
Install Docker
Ensure Docker is installed and running on your system.
sudo apt update && sudo apt install docker.io -y && sudo systemctl enable docker --nowError Fix
If the update fails, run:
sudo sed -i 's|http://http.kali.org|https://http.kali.org|' /etc/apt/sources.list && sudo apt-get clean && sudo apt-get update --fix-missingConfigure Environment
Create your .env configuration using the following block:
sudo tee -a .env > /dev/null << 'EOF'
# Scope configuration
OPSFOLIO_EAA_HOME=/opt/eaa/sessions
OPSFOLIO_EAA_TENANT_ID=NET1234
OPSFOLIO_EAA_TENANT_NAME=Netspective
OPSFOLIO_EAA_PURPOSE=Threat
OPSFOLIO_EAA_DESCRIPTION=Demo_Threat
OPSFOLIO_EAA_CONTEXT_JSON='{ \"Sample\": \"Value\" }'
OPSFOLIO_EAA_EXIT_EMAIL_ADDRESSES=example@nespective.com,example2@nespective.com,example3@gmal.com
OPSFOLIO_EAA_DOMAINS=netspective.com
OPSFOLIO_EAA_KEY_URLS=https://netspective.com
OPSFOLIO_EAA_SUBDOMAINS=
OPSFOLIO_EAA_IP_RANGES=
OPSFOLIO_EAA_EXCLUDES=
OPSFOLIO_EAA_KEY_APIS=
OPSFOLIO_EAA_KEY_GIT_URLS=
OPSFOLIO_EAA_CORSY_PATH=/opt/eaa/Corsy
OPSFOLIO_EAA_WAF_BYPASS_PATH=/opt/eaa/waf-bypass
OPSFOLIO_EAA_WP_TOKEN=
OPSFOLIO_EAA_VIRUSTOTAL_API_KEY=
OPSFOLIO_EAA_RATE_LIMIT=200
OPSFOLIO_EAA_CONCURRENCY=50
OPSFOLIO_EAA_NAABU_PORTS=top-100
OPSFOLIO_EAA_NUCLEI_TEMPLATES=cves,default
EOFDocker Run
Launch the container.
- For Lightweight Testing:
sudo docker run --rm -it \
--env-file .env \
-v $(pwd)/.env:/opt/eaa/.env \
-v $(pwd)/results:/opt/eaa/sessions/ \
fleetfolio/fleetfolio- For Thorough Testing:
sudo docker run --rm -it \
--env-file .env \
-v $(pwd)/.env:/opt/eaa/.env \
-v $(pwd)/results:/opt/eaa/sessions/ \
fleetfolio/fleetfolio --graph thoroughBy default the docker image is set to scan for lightweight pentesting. To get a thorough pentesting, use the --graph thorough switch.
After execution, a /results directory will be created in your current path containing all generated reports and data.
How is this guide?
Last updated on
Download Operational Truth™ - Fleetfolio Pentest Module
Operational Truth™ is a downloadable software platform for continuous compliance. The Fleetfolio Pentest module (powered by Fleetfolio) must be installed on a local workstation or server environment. The software is not web-based and requires local installation to operate. To install Fleetfolio Pentest, users must first set up the required software dependencies and then download and install the primary Fleetfolio Pentest module package by following the provided installation instructions.
Download Operational Truth™ - Fleetfolio Threat Exposure Module
Fleetfolio Threat Exposure Module is a threat exposure module for Fleetfolio. It is a downloadable software package that must be installed on a local workstation or server environment. The software is not web-based and requires local installation to operate. To install Fleetfolio Threat Exposure Module, users must first set up the required software dependencies and then download and install the primary Fleetfolio Threat Exposure Module application package by following the provided installation instructions.