Skip to content Skip to main navigation Skip to footer

How to scan the internal network using the VPN Agent

Pro Basic / Pro Advanced ✔️ / Enterprise ✔️

You can now perform internal network scanning without performing any special configuration, you just have to run the VPN Agent and start scanning.

The VPN Agent is a very small virtual machine (VmWare, Hyper-V, VirtualBox) which has to be active in your internal network while the scans are running. The agent does not implement any scanning logic, its only purpose is to ensure the secure connectivity (using a VPN tunnel) between your internal systems and our scanning servers.

Since all the scans initiated from our scanning servers will pass through the VPN tunnel you will see the source IP address of the scans as the IP of the VPN Agent.

Step 1: Create a new VPN Profile and download the agent.

Go to VPN Profiles, click on + Add VPN Profile, and select Use VPN agent Virtual Machine (for the second option, check the article in our Learning Center).

Create a new VPN Profile using a VM Agent
You can either add your internal DNS server or leave the default field.

Attach the new profile to one of your workspaces and click confirm. Your new profile will be displayed in the VPN Profiles list. Select Download Agent.

Download the VmWare Agent to perform internal network scan

Step 2. Extract the contents of the archive and start the agent

The download should start automatically. Extract the contents of the archive:

PentestTools-VPN-Agent VMware files extracted

Start the virtual machine agent PentestTools-VPN-Agent VMware virtual machine configuration file using VmWare Player or VmWare Workstation. The agent attempts to connect automatically to our infrastructure and you should see an output similar to the following: VPN Agent configuration file successfully connected message in VMware workstation

Don’t close the agent until all your scans have finished!

If you’re getting the failed error at the “Detecting the local IP address” step, you need to change from BRIDGE to NAT in the VM settings and restart the agent.

When using the VPN Agent, you need to make sure that the agent virtual machine is allowed to initiate outbound TCP connections to on port 22. This connection will be used to perform the VPN tunnel between your network and our infrastructure and is the only connection required to perform the internal scanning.

Step 3. Test the connection from the platform

After the agent is successfully connected, you should test the connection from the platform. Go back to the VPN Profiles page and press the “Test connection” button for the profile just created. A success message should appear as below:

Test connection for VPN Agent configuration will display a success message

Step 4. Start scanning your internal network

At this point, the workspace where you applied the scan profile (Step 1) will be VPN Enabled. You can check that your current workspace uses VPN by the lock icon on the right:

You can see that your current workspace uses VPN by the lock icon on the right

You can now perform scans as you usually do in any workspace. All the traffic will reach your internal network through the VPN Agent virtual machine. Therefore the scanning speed may not be as quick as when you are scanning a publicly exposed system. Even if the scan might seem to stagnate, we recommend you let the scans run.

And don’t forget to keep the VPN agent running for the whole duration of the scans.

Was This Article Helpful?


If you didn't find what you were looking for, browse the categories below or contact us now!

We'd really love to get you the answer you're looking for. If the article How to scan the internal network using the VPN Agent doesn't contain the information you're seeking, please get in touch with us directly:

Contact us »