BugBase Documentation
  • πŸ‘‹Welcome to BugBase Docs
  • Overview
    • πŸ’‘What we do
    • ⚑Changelogs
    • ✨Our Features
    • πŸ“‚Programs at BugBase
      • Vulnerability Disclosure Program (VDP)
      • Bug Bounty Program
      • Private Bounty Program
      • Pentest Program (VAPT)
  • Report Lifecycle
    • Bug Report
    • Report Status
  • How To
    • πŸ‘¨β€πŸ’»Invite Organization Members to BugBase (RBAC)
    • 🚩Setup a Campaign for better program engagement
    • πŸ›Submit a Bug Report on BugBase
    • πŸ“‘Create a Bug Bounty Program on BugBase
    • ⬇️Download the mobile app
  • Company Guide
    • πŸ‘¨β€πŸ’ΌCreate a Company Account
    • 🧭Navigation
    • πŸ›‘οΈAssets Dashboard
    • πŸ—οΈCredential Vaults
      • Creating a Credential Vault
      • Adding Credentials to Vault
      • Connect Credential Vault to an Asset
      • Require Whitelisting for a Credential
    • πŸ”VPN Servers
      • Create, Configure and Deploy VPN server
      • Monitor Live Statistics and Logs
    • πŸ—‚οΈPrograms Dashboard
      • β›³Create a Program
    • πŸ“’Customer Support
    • πŸ’΅Bounty Bin
    • βš™οΈCompany Settings
      • πŸ‘¨β€πŸ«Profile
      • 🏒Organisation
      • πŸ‘¨β€πŸ­Roles and Permissions
      • πŸ”Security & Authentication
        • Multi-Factor Authentication
        • SSO with SAML
          • Okta SSO setup via SAML
          • Google SSO setup via SAML
      • 🎨Customization
        • Automations
        • Report Tags
      • πŸ“™Manage Access
    • πŸ“ˆInsights Dashboard
    • πŸ”ŠCampaigns
    • πŸ’²Understanding Currencies Used in BugBase
    • 🀝Whitelist
  • Program guide
    • Bug Bounty Dashboard
      • Program Reports Section
        • Report Components
        • Report Actions
        • Duplicating Reports
        • Assigning Swags
        • Assigning Bounties
        • Assigning Thanks to Reporters
        • Assigning Bonus Bounty
        • Automatic Response Generator using ChatGPT
      • Program Policy
        • Editing Program Policy
          • Best Practices For Designing Policy
          • Best Practices For Bounty Tables
      • Payouts
      • Settings
    • Private Bug Bounty Dashboard
      • Invite Hackers
      • Manage Credentials
    • VDP Dashboard
    • Pentest Dashboard
      • Pentest Overview
      • Vulnerabilities Section
        • Pentest Report Components
        • Pentest Report Actions
      • Global Pentest Chat
    • Competition Dashboard
      • Dashboard
      • Creating a Competition
        • Adding Challenges
      • Manage Competitions
        • Statistics
        • Leaderboard
        • Manage Users
  • Bounty Hunter Guide
    • Bounty Hunter Dashboard
    • Bounty Hunter Profile
    • Programs Directory
      • Program Policy Page
      • Credentials
      • VPN Access
      • Whitelist
      • Collaborate
    • Bounty Hunter Reports Section
      • Submitting Reports
      • Interaction with Program Representees
      • Collaboration
      • Response Generation through ChatGPT on Report Chat
    • Competitions
    • Discord Community
    • Leaderboard
    • Multi-Factor Authentication
    • Settings
      • Verify KYC
    • Email Alias
    • πŸš€Apollo Community
  • Integrations
    • πŸ”—Supported Integrations
    • Webhooks
    • JIRA
      • Creating a JIRA Issue
    • Slack
      • Managing Integration
    • Microsoft Teams
    • Github
    • Asana
    • Sumo Logic
    • PagerDuty
  • on-premise
    • Running Automated Testing
    • Sandbox Environment
Powered by GitBook
On this page

Was this helpful?

  1. on-premise

Sandbox Environment

As part of our on-premises deployment option, we offer a dedicated sandbox instance with robust tools for testing and reproducing bug reports

Overview of the Sandbox Instance

The sandbox environment is a fully equipped Kali Linux Instance with pre-installed tools such as Metasploit, Nmap, Wireshark and others, designed to assist in security testing and bug reproduction. This sandbox allows you to safely test bugs without affecting your production environment. The sandbox environment has internet access as well.

Accessing the Sandbox

You can access the Kali Linux instance via Remote Desktop Protocol (RDP) or Secure Shell (SSH), depending on your preference for graphical or command-line interfaces.

Using RDP

  1. Open your RDP client: Use any standard RDP client available on your system.

  2. Connect to the instance: Enter the IP address from the BugBase company settings Dashboard. You will also need the username and private ssh-key, which can be found in the settings as well.

Using SSH

  1. Open your terminal or SSH client.

  2. Enter the following command:

    ssh -i private_sshkey.pem username@ip_address

Guidelines for Using the Sandbox

  • Security Practices: While the sandbox is isolated, it's essential to follow best practices for security to prevent unauthorized access.

  • Resetting the Instance: If you need the instance reset to its original state, please contact support.

  • Support: For technical issues or questions regarding the use of tools within the sandbox, please reach out to our support team.

The Kali Linux sandbox provided by Bugbase enhances your testing capabilities, enabling safe and effective security testing. By utilizing this sandbox, you can ensure that your systems are robust against security vulnerabilities.

Conducting Security Tests

1. Environment Setup

  • Once connected via RDP or SSH, familiarize yourself with the layout and available tools. The desktop environment (if using RDP) will have shortcuts to popular tools, or you can access them from the terminal.

2. Using Pre-installed Tools

  • Metasploit: Use Metasploit for exploiting vulnerabilities. Launch it by typing msfconsole in your terminal.

  • Nmap: Utilize Nmap to scan the network for open ports and running services. Start a scan by typing nmap [options] [target IP].

  • Wireshark: If using RDP, open Wireshark from the graphical interface to monitor network traffic.

Some tools might not be installed by default on the instance, for this you can use apt package manager to install them.

3. Testing and Reproducing Bugs

  • Simulate attacks or reproduce reported vulnerabilities using the tools available. It’s advisable to document your steps and findings systematically.

For any further assistance, please contact our customer support team at queries@bugbase.in

PreviousRunning Automated Testing

Last updated 11 months ago

Was this helpful?

Here is the link to view all the tools Kali offers:

https://www.kali.org/tools/