Smart Proxy (Private Networks)

Unlike Attack Surface Management tools that only scan internet-accessible sites, NightVision can scan targets in private networks. We do this with our Smart Proxy architecture, baked into NightVision’s command line interface (CLI).

Distributed scanning in a CI/CD pipeline

This architecture (patent pending) is part of how NightVision achieves fast scans - and why NightVision is a good fit in a CI/CD pipeline.

Smart Proxy Architecture

When a user requests a scan from the command line, it triggers scans that run as headless browsers running out of serverless functions in AWS. We tunnel those requests through our Smart Proxy, which the command line connects to, and the requests are sent over the command line to the target.

Figure 1: NightVision orchestrates scans from headless browsers running in the cloud (our serverless scanners) to reach targets on private networks using the Smart Proxy and the Command Line.

With this architecture, our headless browsers in the cloud can crawl web applications and simulate attacks on applications or APIs hosted on any private network! For example, NightVision can scan targets on:

✅ Localhost
✅ Docker
✅ Kubernetes
✅ Staging environments
✅ Corporate Data Centers

Note

No Infrastructure Changes Needed

The Smart Proxy is baked into the command line, and completely transparent to the user. There is no need to make any infrastructure changes, install agents, or deploy new servers.

Example Deployment Scenarios

Web App on localhost:3000 from CI/CD

Figure 2: NightVision scanning applications running on Docker within the Jenkins CI/CD worker.

The above example is modified to demonstrate a scenario where the target application runs as a Docker container on http://localhost:3000. NightVision can scan this application by running the following command:

URL="localhost:3000"
APP="local-host"
TARGET="local-host"
nightvision target create $TARGET URL
nightvision scan {TARGET}

REST API Service in a Kubernetes Cluster

Figure 3: NightVision scanning applications running in a Kubernetes cluster.

Consider a scenario where the target application called insecure is running in a Kubernetes cluster under the prod namespace. NightVision can scan this application by running the following command:

URL="insecure.prod:443"
TARGET="insecure-prod"
nightvision target create $TARGET $URL
nightvision scan {TARGET}

REST API in a Datacenter

Figure 4: NightVision scanning applications running in a corporate data center.

The above example is modified to demonstrate a scenario where the target application runs on a server deployed in a corporate data center with the address http://vuln.api.internal:8080. NightVision can scan this application by running the following commands:

URL="http://vuln.api.internal:8080"
TARGET="vuln-api"
nightvision target create $TARGET $URL
nightvision scan {TARGET}

Internet Accessible Targets

NightVision can also scan internet-accessible apps, like other DAST tools and Attack Surface Management (ASM) tools. When you run a scan through the NightVision app (https://app.nightvision.net), it will run directly from the serverless scanners without using the Smart Proxy.

Figure 5: NightVision scanning applications running on the public internet.

As with the rest of the scan scenarios, the results can be viewed within the NightVision web application at https://app.nightvision.net. Results can also be queried via the REST API or command line or exported to SARIF format via the command line for integration with other tools, such as bug aggregation or ASOC platforms.