SUPPORT

Contact Support

OPEN A TICKET

Installing Authentication Verifier Agents

You can download and configure an authentication verifier agent to perform a form authentication in your internal network.

  • In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Netsparker Enterprise.
  • If the website that you scan requires a form authentication, you can download and configure an internal verifier agent. This internal agent performs the authentication so that you can run authenticated scanning in your network.

For further information about the internal authentication verifier, see Streamline authenticated scanning with Netsparker’s verifier agents.

There are three stages for installing an authentication verifier agent:

  1. Download and configure the Netsparker Enterprise authentication verifier agent
  2. Run the authentication verifier agent on your local network where it can reach the internal website you want to authenticate
  3. Verify the form authentication
The Authentication Verifier Agent is an optional component. You can download and configure the verifier agent if you need to scan websites with form or basic authentication or OAuth2.

Downloading and configuring authentication verifier agent in Windows

First, you need to download the installation files of the authentication verifier agent and install them on a machine in your internal network.

Prerequisites

Hardware Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2
  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • An agent should be configured so that it can reach your internal website through HTTP/HTTPS
  • An agent needs to be able to access the Netsparker Enterprise Application Server’s HTTP(S) (443) port

Required Access

  • User(s) must have administrator privileges to run the required commands and agent service.
How to download the authentication verifier agent
  1. Log in to Netsparker Enterprise.
  2. From the main page, go to Agents > Manage Agents > Configure New Agent.
  3. From the Authentication Verifier section, select Windows to download the Netsparker Enterprise Authentication Verifier Agent.

When you download the zip file, you can configure the authentication verifier agent.

How to configure the authentication verifier agent
  1. Navigate to the folder you downloaded the zip file.
  2. Extract the contents of the zip file to C:\NC_VerifierAgent. (You can use another location, but these instructions will use this path.)
  3. Open the C:\NC_VerifierAgent\appsettings.json file with your preferred text editor. You need to edit the following attributes before running the agent, listed under AgentInfo:
  • AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
  • ApiToken: In Netsparker Enterprise, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.
  1. Save and close the C:\NC_VerifierAgent\appsettings.jsonfile.

Setting authentication verifier agent as a Windows Service

An internal authentication verifier agent should be configured as a Windows service so that it can poll the Netsparker Enterprise servers regularly and can take the verification initiation command from the server.

How to set the authentication verifier agent as a Windows Service
  1. Open a command prompt in Administrator mode and navigate to the agent's folder.
  2. Run the following command to install the Netsparker Enterprise Authentication Verifier Agent as a Windows Service:
    • Netsparker.Cloud.Agent.exe -i
  1. Press Windows+R, type 'services.msc' and press Enter.
  2. Find 'Netsparker Enterprise Scanning Service - [YOUR_AGENT_NAME]'.
  3. Right-click on it and select Properties.
  4. Make sure Startup type is set to Automatic, and select Start.
Please note that although this service is set to start automatically, it will not restart until the PC is restarted too.
  1. Select Apply and OK, then exit the Properties window.

The Netsparker Enterprise Authentication Verifier Agent is now running on your network, shortly it will be registered to Netsparker Enterprise.

You can uninstall the Windows Service by specifying the -u argument instead of the -i argument used during the installation process.

Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect.

You can now use your agent to verify the form authentication. For further information, see How to verify form authentication with a verifier agent.

Downloading and configuring authentication verifier agent in Linux

First, you need to download the installation files of the authentication verifier agent and install them on a machine in your internal network.

Prerequisites

Hardware Requirements

  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • The Agent should be configured so that it can reach your internal website through HTTP/HTTPS.
  • The Agent needs to be able to access the Netsparker Enterprise Application Server’s HTTP(S) (443) port.

Required Access

  • User(s) must have administrator privileges to run the required commands.
How to download a Netsparker Enterprise authentication verifier agent
  1. Log in to Netsparker Enterprise.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agent.
  3. From the Authentication Verifier section, select Linux to download the required files to install the verifier agent.

Installing the authentication verifier agent

Once you download the required file, you must install a Netsparker Enterprise authentication verifier agent on your environment.

Setting authentication verifier agent as a Linux Service

When you installed an internal authentication verifier agent, you need to set it as a Linux service. So, the verifier agent can poll the Netsparker Enterprise servers regularly and can take the initiation command from the server.

You can complete this process in three steps:

Add a unit file for a Netsparker Agent

  1. Open a terminal
  2. cd /etc/systemd/system
  3. sudo touch [YOUR_AGENT_NAME].service
  4. sudo nano [YOUR_AGENT_NAME].service

The AgentName in the appsetting.json file and the unit file name for the agent must have the same name. This is required to start the scan agent as a Linux service and to update the scan agent when a new version is released.
  1. Add the following script into [YOUR_AGENT_NAME].service
[Unit]
Description=netsparker.service description
[Service]
Type=notify
KillMode=process
Restart=always
RestartSec=30
SyslogIdentifier=[YOUR_USER]
KillSignal=SIGINT
User=[YOUR_USER]
WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH]
ExecStart=/usr/bin/dotnet [YOUR_AGENT_DIRECTORY_PATH]/Netsparker.Cloud.Agent.dll
ExecStop=/usr/bin/pkill -f "[YOUR_AGENT_DIRECTORY_PATH]/Nhs/NetsparkerHelperService.exe"
[Install]
WantedBy=multi-user.target

The [YOUR_USER] in the unit file must be the same as [YOUR_USER] that you entered while installing the verifier agent.

Save and close the document.

Configure Sudoers for a Netsparker Agent

  1. sudo cd /etc/sudoers.d
  2. sudo touch [YOUR_AGENT_NAME]-systemctl
  3. sudo visudo -f [YOUR_AGENT_NAME]-systemctl
  4. Add the following script into [YOUR_AGENT_NAME]-systemctl
    • [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl start [YOUR_AGENT_NAME].service
    • [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl stop [YOUR_AGENT_NAME].service

Save and close the document.

Start Netsparker Enterprise Agent as a Linux Service

  1. sudo systemctl daemon-reload
  2. sudo systemctl start [YOUR_AGENT_NAME].service

You can now check the status of the connection between Netsparker Enterprise and the authentication verifier agent. From the Agents menu, select Manage Agents. The Agents window is displayed.

You can use your verifier agent to verify the form authentication. For further information, see How to verify form authentication with a verifier agent.

Setting proxy in authentication verifier agent

You can set a proxy for the authentication verifier agent in Netsparker Enterprise. You are required to manually enter proxy settings to the appsettings.json file with your preferred text editor.

Netsparker supports Basic Authentication but not Digest and NTLM.

  "ProxySettings": {
    "Enabled": false,
    "Username": "",
    "Password": "",
    "Domain": "",
    "Address": "127.0.0.1",
    "Port": "8888",
    "ByPassList": ""
  }

This table lists and explains the entries in the Proxy settings.

Field

Description

Enabled

Enter true if you use a proxy

Use System Default

Enter true if you authenticate the agent via operating system credential

Username

Enter a username for authentication

Password

Enter a password for authentication

Domain

Enter a domain name

Address

Enter a proxy address

Port

Enter a port for the proxy

Bypass on Local

Enter a value that indicates whether to bypass the proxy server for local addresses.

Bypass List

Enter the address(es) that do not use the proxy server.

How to verify form authentication with a verifier agent

  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Scans > New Scan.
  3. In the Target URL field, enter the URL.
  4. From the Scan Options section, select Form Authentication.
  5. Select the Form Authentication checkbox.

  1. In the Login Form URL field, enter the URL of the login form whose credentials you want to configure.
If there is more than one authentication verifier agent defined in your system, Netsparker Enterprise shows a drop-down to select the verifier agent you want to use.
  1. In the Personas section, select New Persona. Then, enter a username and password.
  2. Select Verify Login & Logout so the verifier agent can test the login.

If the Verify Login & Logout button is green, this means the Netsparker Authentication Verifier Agent authenticated successfully.

Scanning your website with an internal scan agent? See Defining and Scanning an Internal Website in Netsparker Enterprise.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo