Deploying AcuSensor for Node.js in Acunetix 360

You can use AcuSensor to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.

  • Node.js is an open-source server environment designed to build scalable network applications, as it is capable of handling a vast number of simultaneous connections with high throughput. Depending on the specific frameworks and libraries, debugging a Node.js application can be tricky though.
  • You can take advantage of Acunetix’s unique DAST-induced IAST approach to get an inside view into how security checks and test payloads are processed within these environments. These additional insights will let you isolate the location and root cause of security defects quickly.

Before deploying AcuSensor, note the list of supported servers and frameworks.

Supported Servers and Frameworks

NodeJS Runtime

  • Tested on Windows: v10, v12, v14, v16, v18, v20
  • Tested on Ubuntu 20: v10, v12, v14, v16, v18, v20

Database Clients

  • better-sqlite3
  • Knex (PostgreSQL, CockroachDB, MSSQL, MySQL, MariaDB, SQLite3, Better-SQLite3, Oracle, and Amazon Redshift)
  • MySQL
  • PostgreSQL
  • Sequelize (Oracle, Postgres, MySQL, MariaDB, SQLite and SQL Server)
  • SQLite3


  • Director
  • Express
  • find-my-way
  • koa-router
  • LoopBack 4
  • Restify
  • Router


  • EJS
  • Handlebars
  • Pug


  • Axios (http-request)
  • ldapjs (ldapquery)
  • Libxmljs (xmlparser)
  • Needle (http-request)
  • Nodemailer (sendmail)

For AcuSensor to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.

To deploy AcuSensor, you should keep in mind that the mechanism we need to use is to invoke the sensor when launching the Node application.

Deploying AcuSensor in Node.js consists of 3 steps:

Step 1. Downloading the AcuSensor agent

You can find the required instructions to download the AcuSensor agent in Deploying Acunetix AcuSensor.

Step 2. Copying the AcuSensor agent

You need to create a dedicated folder inside the root folder of your operating system to hold the AcuSensor agent.

  • For Windows:
  1. Create a folder in C: and name it acusensor
  2. Copy the node-acusensor.tar file into C:\acusensor\
  • For Linux:
  1. Run mkdir /acusensor
  2. Locate the folder that contains the AcuSensor agent file by using cd
  3. Run cp node-acusensor.tar /acusensor/

Step 3. Launching your Node.js web application invoking the AcuSensor

  • For Windows:
  • Use "cd" to navigate to the folder which contains your web application (where the "app.js" file resides) and run the following command:

npx \acusensor\node-acusensor.tar app.js

  • For Linux:
  • Use "cd" to navigate to the folder which contains your web application (where the "app.js" file resides) and run the following command:

npx /acusensor/node-acusensor.tar app.js

Uninstall AcuSensor

You may choose to uninstall the AcuSensor files from your server. You can follow the steps below in order to uninstall.

  • For Windows, remove the "C:\acusensor\node-acusensor.tar" file and then remove the "C:\acusensor" folder
  • For Linux, run the following command:

rm -rf /acusensor


Although the AcuSensor agent is secured with a unique strong built-in password, it is recommended that the AcuSensor client files are uninstalled and removed from the web application if they are no longer in use.

« Back to the Acunetix Support Page