Skip to content

Collectors

A collector is a virtual machine that reverge uses to perform network scans against target networks. Collectors can be instantiated from providers that are defined in the Settings menu or defined manually.

Add Collector#

To add a new collector to reverge click on the Save button button in the top right corner of the Collectors dialog.

Collectors Table


Next, fill out the Add Collector dialog by entering the new collector's name, selecting the provider, and selecting the template. There are currently three available templates:

  • Scanner Installs the reverge collector tools required for scanning targets.
  • Extender No additional tools are installed. This template is typically used to setup a SSH tunnel to an unreachable Collector.
  • DNS Registers DNS records for the given domain. Currently only supports Njalla.

    Add User

Remove Collector#

To remove a collector from reverge, select the checkbox to the left of the collectors name in the Collectors dialog and click on the Delete button button in the top right corner.

Delete Collector

Manage Collector#

The Collectors menu is where you configure settings and perform various operations on the collector.

Configure Collector

Save button Opens a remote terminal to the collector
Save button Rotates the IP address on the collector (Cloud only)
Save button Toggles the SSH tunnel to the collector
Save button Toggles the power on the collector
Save button Destroys the collector
Save button

To update a collector's configuration, edit one of the fields in the Configuration dialog and click on the Save button button in the top right corner of the Configuration dialog. The Enable SOCKS Proxy slider will open a listening port on the reverge server that is proxied through the collector to allow for the use of custom tooling such as Burp Suite, etc.

The Collector log component displays information about the status of collector deployment and teardown processes. It also displays collector logs generated during scan operations. For more detailed information, consider using the remote access feature for troubleshooting or performing manual scan activities.

Collector Logs

Remote Access#

If you click on the Save button button, a new window will be opened that renders a virtual remote shell on the selected collector. This interface can be used to troubleshoot issues with the collector or manually execute commands.

Remote Shell


If you click on the Chevron button in the top left of the screen, a side menu will open that allows for downloading files from the remote system. To download a file, navigate to the file in the file system tree and then click the Save button button.


Remote Shell

Advanced#

Although most scanning is typically performed using deployed collectors through reverge, you can also set up a collector manually. This is especially useful when you need to perform scans on an internal network. For this to work a pivot server has to port forward traffic between the reverge server and the collector. The following instructions will guide you through how to set this up.

Click on the Save button button in the top right corner of the Collectors dialog.

In the Add Collector dialog, select Manual in the Provider drop down menu. Enter the IP address for the internet accessible pivot server, the port for the SSH port forward, and the username for the internal scanner docker (root). Generate a SSH pubic/private key. Do not add a password as this key will be managed by reverge. Click the Browse button and select the private key file. Click the Add button.

Add Collector


Click on the newly created collector in the table. Copy the value in the API Key field.


Collector API Key

On the Pivot Server#

Open /etc/ssh/sshd_config and update the following field 

GatewayPorts clientspecified

Restart the SSH server 
service sshd restart

Generate a SSH pubic/private key that will be used between the scan system and the pivot server. Add the public key to the authorized_keys for the user performing the port forward. 
cat pivot.pub >> ~/.ssh/authorized_keys

On the Scanner#

Manually install the reverge-collector software on the system intended to peform scans 

git clone https://github.com/securifera/reverge_collector.git

Copy the previously generated SSH public key to the scanning system. Fill in the appropriate file path to the SSH public key and the copied collector API key in the command below. Generate the collector docker image on the scanning system.

docker build --build-arg sshkey="id_rsa.pub" --build-arg apikey="<API KEY FOR COLLECTOR >" -t collector:test1 .

Start a docker instance of the collector software

docker run --name collector1 -p 2222:22 -d collector:test1

Copy the SSH private key to the scan system Create a port forward from the collector docker to the pivot server. In the example below, port 2222 is being opened on the pivot server to forward connections to the internal collector docker. Please ensure whatever port is opened on the pivot server is added to any firewall exception lists. 
screen -S ssh_session
ssh -t -t -N -i pivot.pem -R *:2222:localhost:2222 -o ServerAliveCountMax=3 <USERNAME>@<PIVOT SERVER IP>

On the Reverge Server#

Click on the Connect button button to connect through the pivot server to the internal docker collector instance. If everything is properly setup, the status should change to Connected. If it doesn't, the most common issues are associated with SSH or firewall rules.

Collector API Key