Installing Internal Agents

In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.

In addition to the scanning agent, you can add an authentication verifier agent that will verify the form authentication on your website. For further information, see Authentication Verifier for Internal Agents in Acunetix 360.

Information

You can install internal agents in Linux and Docker, too. For further information about installing agents in Linux, see Installing a Scan Agent on Linux. For the docker, see Installing a Scan Agent via Dockerization.


There are three stages to this process:

  1. Download and configure the Acunetix 360 agent
  2. Run the agent on your local network where it can reach the internal website you want to scan
  3. Define and scan your internal website

Table of Content

Download and Configuring the Agent

First, you need to download the installation files of the scan agent and install them on a machine in your internal network.

Prerequisites

Hardware Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2
  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • Agent should be configured so that it can reach your internal website through HTTP/HTTPS
  • Agent needs to be able to access the Acunetix 360 Application Server’s HTTP(S) (443) port

Required Access

  • User(s) must have administrator privileges to run the required commands and agent service.

How to Download and Configure the Scanning Agent

  1. Log in to Acunetix 360.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agent.

  1. From the Agent section, select Windows to download the Acunetix 360 Scanner Agent. Your Agent Token is also displayed.
  • Extract the contents of the zip file to C:\A360_Agent. (You can use another location, but these instructions will use this path.)
  • Open the C:\A360_Agent\appsettings.json file with your preferred text editor.
  • You need to edit two attributes before running the agent, listed under AgentInfo:
  • AgentName: This can be anything you want. This text will be displayed when you are starting a new Scan. (If you are going to install more than one instance of the agent make sure you set a unique AgentName value for each instance, something you will remember later.)
  • ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy it into the apiToken.
  • Save and close the C:\A360_Agent\appsettings.json.

Setting Agent as a Windows Service

An internal agent should be configured as a Windows service, so that it can poll the Acunetix 360 servers regularly, and can take the scan initiation command from the server.

How to Set the Agent as a Windows Service
  1. Open a command prompt in Administrator mode and navigate the agent's folder.
  2. Run the command below to install the Acunetix 360 Scanning Agent as a Windows Service:
  • Acunetix.Cloud.Agent.exe -i
  1. Press Windows+R, type 'services.msc' and press Enter.
  2. Find 'Acunetix 360 Scanning Service - [YOUR_AGENT_NAME]'.
  1. Right click on it, and select Properties.
  2. Make sure Startup type is set to Automatic, and click Start.

Warning

Although this service is set to start automatically, it will not restart until the PC is restarted too.

  1. Click Apply and OK, then exit the Properties window.

The Acunetix 360 Scanning Agent is now running on your network, shortly it will be registered to Acunetix 360.

You can uninstall the Windows Service by specifying the -u argument instead of the -i argument used during the installation process.

Warning

Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect.

Managing Groups

In the Manage Groups window, you can search for and view the names of the different agent groups. You can also edit or delete their details, and add a new agent group.

How to Add a New Agent Group
  1. From the main menu, select Agents > Manage Groups.
  2. From the Agent Groups window, select New Agent Group.
  3. Complete the Name and Agents fields.
  4. Select Save.
How to Edit Agent Groups
  1. From the main menu, select Agents > Manage Groups.
  2. From the Agent Groups window, select Edit on the field of the group you want to edit.
  3. In the New Agent Group window, make your edits.
  4. Select Save.
How to Delete Agent Groups
  1. From the main menu, select Agents > Manage Groups.
  2. From the Agent Groups window, select Delete.
  3. Select Yes, Delete in the dialog.

Auto-Update Support for Scanner Agents

Acunetix 360 On-Demand users can install Acunetix 360 Scanning Agents on their own network, while Acunetix 360 On-Premises users can use their own Agents with Acunetix 360 in their own environments.

  • When a new Agent version has been published, users can update their Agents manually using installation files on the machines on which Agents are installed. Alternatively, users can update Agents manually by clicking Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available).

While the update is in progress, the State field will display 'Updating'.

  • Alternatively, enabling Auto Update means that when the new version of the Acunetix 360 Scanning Agent is available, the target Agent will update itself as soon as possible when it’s idle.
How to Enable Automatic Agent Updates
  1. From the main menu, select Agents > Manage Agents.
  2. Next to the relevant Agent, select the Command drop-down, then Enable Auto Update.
How to Disable Automatic Agent Updates
  1. From the main menu, select Agents > Manage Agents.
  1. Next to the relevant Agent, select the Command drop-down, then Disable Auto Update.

Setting Proxy in Scanner Agents

You can set a proxy for the scanning agent in Acunetix 360. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor.

Acunetix 360 supports Basic Authentication but not Digest and NTLM.

  "ProxySettings": {

    "ProxyMode": "SystemProxy",

    "UseDefaultCredentials": true,

    "Username": "",

    "Password": "",

    "Domain": "",

    "Address": "127.0.0.1",

    "Port": "8888",

    "ByPassOnLocal": false,

    "ByPassList": []

  },

This table lists and explains the entries in the Proxy settings.

Field

Description

Proxy Mode

Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes:

NoProxy: The Agent does not use a proxy even if you configure the server's proxy settings.

SystemProxy: The Agent uses the System Proxy that was defined on the server.

CustomProxy: The Agent uses Custom Proxy that you define in the appsettings.json file.

Use Default Credentials

Enter true if you authenticate to the proxy via the user that the Agent service is defined.

Username

Enter a username for authentication

Password

Enter a password for authentication

Domain

Enter a domain name

Address

Enter a proxy address. Only IP address or hostname without schema and port is allowed.

Port

Enter a port for the proxy

Bypass on Local

Enter a value that indicates whether to bypass the proxy server for local addresses.

Bypass List

Enter the address(es) that do not use the proxy server.

Warning

Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect.

Using Proxy Auto-Configuration file

You can use Proxy Automatic Configuration (PAC) to configure your proxy. A PAC file lets you describe the proxy configuration in a file using JavaScript, so you can manage your proxy settings effortlessly.

Information

To use a PAC file, you must set the Proxy Mode to System Proxy in the appsetting.json file. For further information about the proxy settings, see Setting Proxy in Scanner Agents.

How to use a Proxy Auto-Configuration file  in Windows
  1. Go to Settings > Network & Internet > Proxy.
  2. Turn on the Use setup script toggle.
  3. In the Script address field, enter the PAC file's URL address.

  1. Select Save.
How to use a Proxy Auto-Configuration file  in Linux (Debian Distribution)
  1. Go to Settings > Network > Network Proxy.
  2. From the Network Proxy window, select Automatic.
  3. In the Configuration URL field, enter the PAC file's URL address.

  1. Close the window.

Defining and Scanning an Internal Website in Acunetix 360

Now, you have installed scanning agent into your infrastructure, you should configure Acunetix 360 to let it know which websites should be scanned with an internal agent rather than with the built-in agents.

How to Define an Internal Website in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Websites > New Website.
  3. Enter your internal website details (see Adding a Website in Acunetix 360).
  4. From the Agent mode field, select Internal.
  1. Select Save.
How to Scan an Internal Website with Agent
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. From the Target URL field, select your Internal Website (if the field is not already populated).
  4. The Preferred Agent field is already selected by default. Your newly installed scanning Agent is displayed as an option. If you installed more than one instance, select the one which can access your Internal Website. If any of them can access your Internal Website, select the default option Any of the available agents. By selecting this, one of the idle agents will scan your website.
  5. Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)

Your scan has been started in the Queued state. Shortly, you will see that its status changes to Scanning. Once it is completed, you will be able to explore the vulnerabilities found on your website.

 

« Back to the Acunetix Support Page