Authentication Verifier for Internal Agents in Acunetix 360

You can download and configure an authentication verifier agent to perform a form authentication in your internal network.

In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.

If your website requires a form authentication, you can download and configure an internal verifier agent. This internal agent performs the authentication so that you can run authenticated scanning in your network.

Downloading and configuring an internal authentication verifier differ for the Windows and Linux operating systems. Each instruction for the operating system is detailed later in this document.

Information

The Authentication Verifier Agent is an optional component. You can download and configure the Verifier Agent if you need to scan websites with form or basic authentication or OAuth2.

Windows

Prerequisites

Hardware Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2
  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • An agent should be configured so that it can reach your internal website through HTTP/HTTPS
  • An agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443) port

Required Access

  • User(s) must have administrator privileges to run the required commands and agent service.
How to Download the Authentication Verifier Agent
  1. Log in to Acunetix 360.
  2. From the main page, go to Agents > Manage Agents > Configure New Agent.
  3. From the Authentication Verifier section, select Windows to download the Acunetix 360 Authentication Verifier Agent. 

When you download the zip file, you can configure the authentication verifier agent.

How to Configure the Authentication Verifier Agent
  1. Navigate to the folder you downloaded the zip file.
  2. Extract the contents of the zip file to C:\Acunetix360_VerifierAgent. (You can use another location, but these instructions will use this path.)
  3. Open the C:\Acunetix360_VerifierAgent\appsettings.json file with your preferred text editor. You need to edit the following attributes before running the agent, listed under AgentInfo:
  • AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
  • ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.
  1. Save and close the C:\Acunetix360_VerifierAgent\appsettings.json file.

When you installed an internal authentication verifier agent, you need to set it as a Windows service. So, the verifier agent can poll the Acunetix 360 servers regularly and can take the initiation command from the server. For further information, see Setting Scanning Agent as a Windows Service.

You can check the status and mode of the connection between it and the agent on Acunetix 360's agent page. To view your agents, from the main menu, select Agents > Manage Agents.

You can now use your verifier agent to verify the form authentication. For further information, see How to Verify Form Authentication with a Verifier Agent.

Linux

Prerequisites

Hardware Requirements

  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • The Agent should be configured so that it can reach your internal website through HTTP/HTTPS.
  • The Agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443) port.

Required Access

  • User(s) must have administrator privileges to run the required commands.
How to Download and Configure the Authentication Verifier Agent
  1. Log in to Acunetix 360.
  2. From the main page, go to Agents > Manage Agents > Configure New Agent.
  3. From the Authentication Verifier section, select Linux to download the Acunetix 360 Authentication Verifier Agent. 

When you download the tar file, you can configure the authentication verifier agent.

  1. Open appsettings.json file via any text editor you prefer in order to enter the necessary information, such as ApiToken:

sudo nano appsettings.json

These settings will be used by the agent:

  • AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
  • ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.
  1. Save and close the appsettings.json file.

Information

When you configure the appsettings.json file, you can install and configure the authentication verifier agent. For further information, see Installing a Scan Agent on Linux (Debian Distribution) or Installing a Scan Agent on Linux (RedHat Distribution).

When you installed an internal authentication verifier agent, you need to set it as a Windows service. So, the verifier agent can poll the Acunetix 360 servers regularly and can take the initiation command from the server. For further information, see Setting Scanning Agent as a Linux Service.

You can check the status and mode of the connection between it and the agent on Acunetix 360's agent page. To view your agents, from the main menu, select Agents > Manage Agents.

You can now use your verifier agent to verify the form authentication. For further information, see How to Verify Form Authentication with a Verifier Agent.

Setting Proxy in Verifier Agents

You can set a proxy for the verifier agent in Acunetix 360. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor.

Acunetix 360 supports Basic Authentication but not Digest and NTLM.

This table lists and explains the entries in the Proxy settings.

Field

Description

Enabled

Enter true if you use a proxy

Use System Default

Enter true if you authenticate the agent via operating system credential

Username

Enter a username for authentication

Password

Enter a password for authentication

Domain

Enter a domain name

Address

Enter a proxy address

Port

Enter a port for the proxy

Bypass on Local

Enter a value that indicates whether to bypass the proxy server for local addresses.

Bypass List

Enter the address(es) that do not use the proxy server.

How to Verify Form Authentication with a Verifier Agent

  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. In the Target URL field, enter the URL.
  4. From the Scan Options section, select Form Authentication.
  5. Select the Form Authentication checkbox.
  6. In the Login Form URL field, enter the URL of the login form whose credentials you want to configure.

Information

If there is more than one authentication verifier agent defined in your system, Acunetix 360 shows a drop-down to select the verifier agent you want to use.

  1. In the Personas section, select New Persona. Then, enter a username and password.
  2. Select Verify Login & Logout so the verifier agent can test the login.

Scanning your website with an internal scan agent? See Defining and Scanning an Internal Website in Acunetix 360.


 
« Back to the Acunetix Support Page