Card Recon 3.0.2
Running the Card Recon CLI
Running the Card Recon CLI executable immediately attempts a scan.
When the Card Recon runs, it looks for these files in its directory:
- cardrecon.cfg: default Card Recon configuration file.
- <license-file-name>.li2: Offline License File; Card Recon looks for any file ending with .li2.
If it finds any of these files in the directory that the Card Recon executable occupies, it will try to load them when the Card Recon runs.
The Card Recon CLI automatically loads cardrecon.cfg when run, altering your scan configuration. If your loaded cardrecon.cfg is set up for Card Recon to load a specific journal file, Card Recon loads that journal file when run with cardrecon.cfg.
If you do not want to load these files when you run the Card Recon CLI, use the -c and -journal flags OR remove these files from the directory.
For more information, see Card Recon CLI Options.
Running the Card Recon CLI on Windows
Locate the Windows CLI executable: cr_x.x.x.exe
There are 2 ways to run the Windows CLI.
Method 1
- Locate cr_x.x.x.exe in Windows Explorer.
- Right-click cr_x.x.x.exe, select Run as administrator and enter the administrator password if prompted.
- In the terminal, Card Recon will prompt you to validate your license.
- Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License File.
Card Recon will run with default settings – i.e. it scans all local storage with default search parameters (see Selecting Card Data Types for more information).
Method 2
- Click Start to open the Start Menu.
- Enter cmd to search for cmd.exe, or find it in Start > All Programs > Accessories > Command Prompt.
- Right-click cmd.exe or the Command Prompt program and select Run as administrator. Enter the administrator password if prompted.
-
In the newly-opened Command Prompt window, navigate to the folder where your Card Recon executable is located.
# If your Card Recon executable is in the Downloads folder cd c:\User\username\Downloads\
-
To run the Card Recon executable with default settings, issue this command:
# Run a default scan, save a compliance report and an encrypted database journal file. cr_x.x.x.exe -j journal-filename.jnl -password-inline password
Saving a database journal file allows you to inspect and remediate matches in the Card Recon GUI. - Card Recon prompts you to validate your license.
- Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License file.
Card Recon may ask you to select a Client and Project Group. If you are the only user or the licensee, select Default Client and Default Project when prompted . If not, check with your system administrator or the licensee. - Once logged in, Card Recon runs a scan with default settings. When the scan completes, Card Recon automatically saves a compliance report.
Running the Card Recon CLI on macOS, Linux and Unix-like Systems
Scanning macOS Target locations within the top-level Users (/Users) folder requires the "Full Disk Access" feature to be enabled for the Terminal prior to the first scan of the macOS Target. Locations not granted full access will be logged as inaccessible locations. See Enabling Full Disk Access in macOS Systems for more information.
Enabling Full Disk Access in macOS Systems
For supported macOS systems, the macOS Terminal must have full disk access prior to performing the first scan.
To enable the Full Disk Access feature for the Terminal in macOS:
- On the macOS Target, open System Settings.
- Click Privacy & Security > Full Disk Access.
- Select the toggle button for Terminal to enable full disk access.
Running the Card Recon CLI
- In the Terminal, locate the Card Recon executable. E.g. cr_linux26_x.x.x.
-
Open your terminal and run:
chmod u+x cr_linux26_x.x.x
-
Run the following command as root:
# Run a default scan, save a compliance report and an encrypted database journal file. ./cr_linux26_x.x.x -j journal-filename.jnl -password-inline password
-
Card Recon prompts you to validate your license.
Managing licenses
Project and license groups are usually used by the licensees or IT administrators who manage your software licenses to assign permissions to certain groups of users.
If you are not sure of which project or license group to use, contact your IT administrator or the licensee for more information. If you are the licensee, IT administrator, or the only user, you can choose Default Project or Default Client.
For more information on how to manage your licenses, please see Card Recon Licensing. - Log in using one of the three methods (see Logging into Card Recon for more information):
- Ground Labs Login.
- Use an Online Token.
- Use Offline License File.
Card Recon may ask you to select a Client and Project Group. If you are the only user or the licensee, select Default Client and Default Project when prompted . If not, check with your system administrator or the licensee.
If you have not assigned a license to the current Target, Card Recon will return a list of licenses available in your Ground Labs Services Portal.
Card Recon should ask you to confirm authorization of the Target. For more information on Card Recon licensing, see Card Recon Licensing.
Card Recon starts scanning the Target with default settings.
Opening Compliance Reports
Once the scan is done, Card Recon automatically saves a compliance report. To open these files, issue the following command as administrator:
# Where <filename>.pdf is the file saved by Card Recon that you want to open.
chmod 644 <filename>.pdf