Overview
Bright Repeater
Important:
The latest Repeater version can be downloaded from our Github repository.
The Bright Repeater is a scan proxy that provides a secure connection between the Bright cloud engine and a target on a local network. The Repeater mode enables you to securely scan targets on a local network without having to allowlist the Bright IP address in your firewall for incoming traffic.
The Repeater mode is designed for:
- Organizations that cannot open a port in the firewall for inbound traffic. A Repeater enables you to scan either from the Bright SaaS or a private cloud.
- Users who must run a local scan on their machine without deploying the target application.
Important:
- Repeater support WebSocket and HTTPS: 443 protocol for communication between the Repeater and Bright cloud.
- If your environment uses a proxy server, please make sure that the SOCKS protocol support is enabled.
- The Repeater mode is not compatible with TLS tests.
- To get access to a scan target using the HMAC authorization, see Using Repeater Scripts.
How the Repeater deployment works
The Bright Repeater is an open source scan proxy which securely connects to the Bright cloud engines and mediates all traffic from the cloud to any local target.
Technical requirements
Connecting a Repeater requires:
- A local machine with:
- Processor: x86 or x64 1 core (minimum), 2 core (recommended)
- RAM: 512 MB (minimum), 1 GB (recommended)
- Hard disk: up to 512 MB of available space may be required
- Access to the relevant internal targets on a local network
Deployment
To run a scan in the Repeater mode so that all scan requests are pulled (as outbound traffic) from the Bright cloud through a Repeater to the local target, you first need to install the Bright CLI on your machine. Using a special Bright CLI command, you will be able to connect a Repeater to your local network.
Follow these instructions to deploy Bright CLI:
- Prerequisites
- Install as a standalone app
- Install as Docker
- Install as NPM / Yarn
- Install as Windows app (MSI)
Usage
To learn how to start Bright CLI, follow these instructions.
- Security scanning as self-service
It’s my first time using a DAST tool. I just want to set up a simple scan to try it out.
I’m a developer from a small development team, and we want to scan our products (APIs, web applications) for security vulnerabilities from time to time (self-service). - Scanning at the enterprise level
I want to scan local targets inside my company’s internal network without exposing the targets externally. - Scanning as part of CI pipeline
I want to integrate security scanning in to my company’s CI pipeline so that scans will run automatically with every new build.
Updated 7 months ago