Installing internal agents with proxy settings
Internal agents integrate with Acunetix Premium+ Online, enabling scans within your environment for targets not publicly accessible from the internet or when you do not want to allowlist Acunetix cloud agents.
This guide shows you how to install the Acunetix internal agent with proxy settings on Windows and Docker to connect to Acunetix Premium+ Online.
Limitations for internal agents When the site is internal, and you prefer using internal agents for the scan, you cannot create a new Login Sequence Record (LSR) or Business Logic Record. However, you can import them. For further information about recording and downloading an LSR, refer to Using the Login Sequence Recorder. |
Prerequisites
System requirements |
|
Access requirements |
|
Allowlisting requirements | For internal agents to work properly, you need to allowlist the following web URLs:
|
NOTE: If you are running multiple concurrent scans with internal agents, your RAM and CPU need to be exponentially greater than the specified installation requirements.
Any additional concurrent scan requires +2 GB RAM and +1 core. |
How to install an internal agent with proxy settings on Windows
- Log in to Acunetix and select Agents from the main menu.
- Click Agent Installation Instructions.
- Select Windows.
- Enter a name for your internal agent.
- Create a folder where you will save the internal agent.
- Click Download Windows Agent. When the invicti-agent.exe file is downloaded, move it to the folder created in Step 5 above.
- Copy the command from Step 5 in the Agent Installation Instructions.
- Paste the command in a place where you can edit the content, for example, in Notepad.
- Edit the command to add -p http://username:pass@proxy_server:port at the end (after the registration token). Ensure that you replace username, pass, proxy_server, and port with your actual proxy settings.
.\invicti-agent.exe register --url app.invicti.com --agentname "newagent" --registration-token aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee -p http://username:pass@proxy_server:port |
- As a user without administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'
- Copy and paste the edited command from Step 9 above to your Terminal window and execute the command.
- Copy the command from Step 6 in the Agent Installation Instructions.
- As a user with administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'
- Paste and run the command copied in Step 12 above. This installs the agent as a service so that it is ready to start executing scans.
Your internal agent is now installed. You can view your internal agents in Acunetix by going to the Agents page.
You can now assign targets to the installed internal agent and commence testing your website.
How to install an internal agent with proxy settings using Docker
NOTE: Ensure Docker Desktop is installed on your host OS by verifying with the command 'docker -v' in Terminal. If version information is displayed, you're all set. Otherwise, refer to the Docker support documentation for installation guidance. |
- Log in to Acunetix and select Agents from the left-side menu.
- Click View Agent Installation Instructions.
- Select Docker.
- Enter a name for your internal agent.
- Copy the command from Step 3 in the Agent Installation Instructions.
- Paste the command in a place where you can edit the content, for example, in Notepad.
- Edit the command to add -e INVICTI_AGENT_HTTP_PROXY=http://username:pass@ip:port
after the name parameter. If the proxy doesn't have any authentication, then use -e INVICTI_AGENT_HTTP_PROXY=http:/ip:port instead.
Ensure that you replace username, pass, ip, and port with your actual proxy settings.
docker run -d --name "my-agent" -e INVICTI_AGENT_HTTP_PROXY=http://username:pass@ip:port invicti/internal-agent --url online.acunetix.com --agentname "agent-name" --registration-token XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX |
- Copy the full text of your newly edited command.
- Open Terminal and paste the command. Press enter to execute the command.
Your internal agent is now installed. You can view your internal agents in Acunetix by going to the Agents page.
You can now assign targets to the installed internal agent and commence testing your website.
How to import a certificate within Docker
To import a certificate within Docker, follow the steps below:
- Create a new folder. For example, C:\users\name\my_agent
- Copy the certificate you would like to import to this new folder. For example, C:\users\name\my_agent\my_certificate.pem
- Navigate to this folder: C:\users\name\my_agent
- Create the following Dockerfile and name it ‘Dockerfile’:
FROM invicti/internal-agent USER root COPY my_certificate.pem /usr/local/share/ca-certificates/my_certificate.crt RUN update-ca-certificates USER invicti ENTRYPOINT ["/usr/local/bin/invicti-agent","register-run"] |
- Run the command “docker build -t my_agent .” to build the image
- Run the following command to start the agent with the new certificate and proxy. Note that ‘-p’ is used for the agent proxy.
docker run -d --env REQUESTS_CA_BUNDLE=/etc/ssl/certs/ --name "dockeragent" my_agent --url app.invicti.com --agentname "dockeragent" --registration-token XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX -p http://myproxy:8888 |
Troubleshooting
To troubleshoot issues, review the Docker log and host terminal. For further assistance, contact our Support team.
Explanation of parameters
Below is a table detailing the parameters necessary to configure a Docker container for installing an internal agent.
Parameter | Description |
-d | This indicates detached mode, allowing the container to operate in the background. |
--name | Assigns a name to the container. |
-e | Sets the environment parameters to add the proxy. |
--url | Specifies the Acunetix URL. |
--agentname | Defines the agent name in the Acunetix UI, changeable later. If installing multiple agent instances, assign a unique agent name for each instance. (Max 50 characters) |
--registration-token | Obtain from Acunetix Agents menu > Agent Installation > Docker > Your registration token is displayed in Step 2: Get your token. |