Downloading the tool
This tool uses the SSH command to connect a web server on your intranet to one of VAddy’s servers. (The SSH command bundled with macOS, Linux, and other UNIX-like systems is supported.) Because a connection to VAddy’s SSH server is established on port 22, your firewall must be configured to allow outbound SSH connections.
If you are using Git, you can clone the project’s GitHub repository with the following command:
$ git clone https://github.com/vaddy/go-vaddy.git
Alternatively, you can download the project as a ZIP file.
Once you have downloaded a copy of the GitHub project, you can find the VAddy PrivateNet command-line tool in the privatenet subdirectory. For more details, check out the project’s README.
Editing the configuration file
First, generate a WebAPI key from VAddy’s admin console.
Next, open the project's privatenet/conf subdirectory and copy vaddy.conf.example to a new file named vaddy.conf. Edit all of the relevant settings, as described below.
vaddy.conf uses environment variables to set the values required to initiate a scan. If you’ve already set any of these environment variables elsewhere in your command prompt or using a continuous integration service like CircleCI or Travis CI, you can comment them out in this configuration file.
vaddy.conf
Environment Variable | Description |
---|---|
VADDY_AUTH_KEY | WebAPI key generated by VAddy’s admin console. |
VADDY_FQDN | Server name (FQDN) registered with VAddy. (e.g. www.example.com) |
VADDY_VERIFICATION_CODE | Verification code generated by VAddy’s admin console when registering a server. |
VADDY_USER | Username for authenticating with the VAddy service. |
VADDY_YOUR_LOCAL_IP | The IP address to scan. This could be localhost or the address of a server on your intranet. (e.g. 172.16.1.10) |
VADDY_YOUR_LOCAL_PORT | The port to scan. (e.g. 80 or 443) |
VADDY_CRAWL | Optional ID or label specifying which crawl data to use. |
You can only specify a single port with VADDY_YOUR_LOCAL_PORT. As a result, your application will be scanned over either an HTTP or HTTPS connection depending on the port number you have specified for VADDY_YOUR_LOCAL_PORT.
For a full list of settings, see the README.
Preparing to establish a connection
First, manually run the following command:
$ ssh portforward@pfd.vaddy.net
When the following message appears, type yes. The command will immediately exit.
Are you sure you want to continue connecting (yes/no)
Testing the connection
From the privatenet folder, run the following shell script.
$ ./vaddy_privatenet.sh connect
This command should print the following information to the console and then exit.
################################################################ # VAddy Private Net Tools (Version: 1.0.3) # This software is released under the MIT License, # # This tool needs Mac or Linux, Java, ssh command # ################################################################ ---------------- setting information ----------------- FQDN: www.example.com User: your user name Local IP: 127.0.0.1 Local Port: 8888 ------------------------------------------------------ === Connect === Log file setup : vaddy/2017_06_13_12_50_14.txt ssh and ssh-keygen OK. DNS OK. HTTPS connectivity OK. Connection to web server OK. SSH files exist OK. .......... ssh -i vaddy/ssh/id_rsa -N -R 0.0.0.0:2001:127.0.0.1:8888 portforward@pfd.vaddy.net pid:4391 Checking E2E connectivity... Checking E2E connectivity... E2E connectivity OK. Connect Status: 0
If you see Connect Status: 0 at the end of the message above, everything is working normally.
You can now run the following command to shut down the SSH connection.
./vaddy_privatenet.sh disconnect
Troubleshooting connection failures
If the connection fails, you will see a message like the one below. Re-check the information you have entered in private/conf/vaddy.conf.
Connect Status: 1
Error: Can not make connection for private net.
You may also see the following message:
The authenticity of host 'pfd.vaddy.net (13.112.146.129)' can't be established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
If you do, manually run the following SSH command and type yes when prompted. The VAddy PrivateNet command-line tool should be able to connect to VAddy’s server the next time it is run.
$ ssh portforward@pfd.vaddy.net
This tool uses the SSH command; it must be able to make outgoing SSH connections from the machine on which it is running.