NodeZero Host

NodeZero Host is a Docker host that runs the NodeZero container. Think of it as the starting point for an attacker. You decide where you want the Attacker’s Perspective to start and drop a NodeZero Host there. This host has to be running prior to the operation in order to download and execute NodeZero, and must continue running during the operation. Once the operation is complete, you are free to shutdown or remove the host from the network.

If a different distribution is desired contact the H3 team to determine suitability. It is likely that most distributions will run NodeZero without issue, we just haven’t written checks or validated all of them.

Ideal Host System Requirements

UPDATE: We have identified intermittent problems running NodeZero on macOS Big Sur (11.x) due to a Docker Engine issue within Docker Desktop for Mac. When the operation starts, it may not be able to communicate outbound to the Internet from within the Docker container. We are working to resolve this problem and will provide updates as soon as possible. In order to run an operation when this problem arises, we recommend using a virtual machine (such as with VirtualBox, etc.) configured with the required specs (noted below).

  • Machine Specifications
    • 2 CPU (physical or virtual)
    • 8GB RAM
    • 20 GB free HDD space
  • Operating System
    • Ubuntu Linux 16.x, 18.x, 20.x, or higher (also Debian)
    • Redhat Linux 7.x, 8.x, or higher (also CentOS, Fedora)
    • Synology NAS 6.2, 7.0
    • Other Linux distributions (if Docker supports them)
    • Windows 10 with WSL2 (limited NodeZero functionality)
    • macOS 10.x (limited NodeZero functionality)
  • Network Access (See Connectivity Requirements below for more specific information)
    • HTTPS:443 access to AWS SQS, Cognito, S3, and ECR
  • Docker installed (most recent version)
    • See Docker installation instructions below
Connectivity Requirements

The brains of your personal ethical hacker lives in a single-use architecture in the cloud. We call it Core. The NodeZero host needs access to Core over https:443 in order to communicate with it. Think of this communication as the central nervous system. Your brain, must send messages to your hands and your hands need to send feedback to your brain so that it can analyze and decide the next best action.

  • From a Service perspective, NodeZero must be able to communicate with Core. We currently utilize AWS SQS, Cognito, and S3 over HTTPS:443. This is NOT used as part of the assessment and must be allowed.
  • Assessment Perspective: Do NOT modify your environmentNodeZero is not like any other service or tool. If you wouldn’t modify it for an attacker, don’t modify it for NodeZero…If your firewall is configured to block your marketing VLAN from reaching your finance VLAN, leave it. NodeZero will VERIFY that is actually happening.

If your environment connects to the internet via a proxy, this will affect NodeZero's ability to communicate out. Contact us to facilitate compatibility.

Outbound Network Access

Uninterrupted network access to the following endpoints is required during the entire operation

It is possible to run NodeZero through a proxy if necessary. Contact your representative for more details.

Inbound Network Access

The following ports should be opened on the NodeZero host/VM to allow traffic in:

  • TCP 21, 23, 25, 53, 80, 88, 110, 135, 139, 143, 389, 443, 445, 587, 1433, 3389, 8080
  • UDP 69

This is required on the NodeZero host. This does not pertain to perimeter firewalls.


“Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and deploy it as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.”


To install docker on Ubuntu, perform the following steps:

sudo su
apt-get update
apt-get install docker-ce docker-ce-cli

NOTE: On Ubuntu version 20.04, replace the above command apt-get install docker-ce docker-ce-cli with sudo apt-get install -y

You can get more information on installing docker engine for different operating systems in the docker documentation.


Once the installation is complete, validate your NodeZero host is ready to run operations by running the NodeZero environment validation script (preferred).

Run the following command to run the script:

curl | bash

The output should look similar to the following:

# curl | bash
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18646  100 18646    0     0  61134      0 --:--:-- --:--:-- --:--:-- 61134

[#] This script validates the environment is ready to run NodeZero.

[#] Checking Operating System:
[+] PASSED: macOS is a supported Operating System.

[#] Gathering environmental variables to conduct further checks:
[+] PASSED: All environmental variables set and proceeding with next checks.

[#] Checking Docker functionality by running the hello-world test container:
[+] PASSED: Docker is installed and functioning properly.

[#] Checking Docker permissions to volume mount files from /Users/test/test directory:
[+] PASSED: Docker permissions are correct for the /Users/test/test directory location.

[#] Checking connectivity to AWS resources:
[+] PASSED: is reachable.

[#] Checking 20GB HDD space requirements:
[+] PASSED: There is enough space for the NodeZero container: 34.0386GB

[#] Checking memory requirements:
[+] PASSED: This system has 32GB RAM which meets the recommended minimum to support NodeZero.

[#] Checking compute resource requirements:
[+] PASSED: This system has 20 CPUs which meets the minimum logical CPU requirements to run NodeZero.

[#] Script complete. If any checks failed, correct and re-run before attempting to 'Run a Pen Test'. If all checks passed, the environment is NodeZero ready. If there are warnings, the environment is still NodeZero ready and you may choose to accept or correct the warnings.

If you run into any Failures, contact us via our chat icon in the lower right hand corner of the portal, or shoot us a message at

How can NodeZero help you?

Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.