SUPPORT

Contact Support

OPEN A TICKET

Deploying Netsparker Shark for .NET

Netsparker Shark enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives. For Netsparker Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.

This topic explains how to download and copy the Shark files to your hard disk and install the Shark to your web application.

Deploying the Shark agent consists of 3 steps:

1. Downloading the Shark agent

You can find the required instructions to download the Shark agent in Deploying Netsparker Shark.

You must install Prerequisites on the server hosting the website. The Shark installer application requires Microsoft .NET Framework 3.5 or higher.

2. Copying the Shark agent to web server

You need to copy the Shark installation files to the server hosting the .NET website.

3. Installing Netsparker Shark

To install Netsparker Shark, you need to follow the steps below.

How to install Netsparker Shark for .NET websites
  1. Extract the Shark (IAST).zip file.
  2. Open the Injector.exe file.

On start-up, the Injector will retrieve a list of .NET applications installed on your server.

  1. From the Netsparker .NET Shark window, select the application(s).
  2. Select Install Sensor to install the Shark Technology sensor in the selected .NET applications. Wait for the installation to be over.
  3. Close the confirmation window and also the Shark manager.

How to remove Netsparker Shark for .NET websites

  1. Open the Injector.exe file.
  2. Select the websites, then Remove Sensor

Netsparker Shark Manager

  1. Close the Netsparker .NET Shark.

If needed, you can also uninstall the Netsparker .NET Shark Manager from the Add/Remove Programs from the Settings.

Using Command Line to install or remove the Shark

You can install or remove the Shark using the command line. 

Prerequisite

  • Copy and extract Shark (IAST) to the server hosting the .NET website.
C:\Users\Administrator\Desktop\Shark(IAST)>injector -m inject -t http://localhost:86/yaf_forums
Target Found. Injecting sensor to: http://localhost:86/yaf_forums

C:\Users\Administrator\Desktop\Shark(IAST)>injector -m uninject -t http://localhost:86/yaf_forums
Target Found. Uninjecting sensor from: http://localhost:86/yaf_forums

C:\Users\Administrator\Desktop\Shark(IAST)>injector -m list -t http://localhost:86/yaf_forums
http://localhost:86/
http://localhost:86/yaf_forums
http://localhost:86/kartris
http://localhost:86/bugnet

C:\Users\Administrator\Desktop\Shark(IAST)>

The -m switch can be:

  • inject - to inject the Shark agent into a web application
  • uninject - to remove the Shark agent from a web application
  • list - to list the web application on the web server

The -t switch should specify the URL for which you wish to inject or remove the Shark agent

Note: If the web application is at the root of a URL path, you must include a forward slash at the end of the URL (in this example, http://localhost:86/); if the web application is in a subfolder, you must not include a forward slash at the end of the URL (in this example, http://localhost:86/yaf_forums)

Although the Netsparker Shark agent is secured with a unique strong built-in password, it is recommended that the Shark client files are uninstalled and removed from the web application if they are no longer in use.
Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo