Contact Support


Installing Internal Agents

In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Netsparker Enterprise.

There are three stages to this process:

  1. Download and configure the Netsparker Enterprise scanning agent
  2. Run the agent on your local network where it can reach the internal website you want to scan
  3. Define and scan your internal website
You can install internal agents in Linux and Docker. For further information about installing agents in Linux, see Installing a Scan Agent on Linux. For the docker, see Installing a Scan Agent via Dockerization.

Download and Configuring the Scanning Agent

First, you need to download the installation files of the scan agent and install them on a machine in your internal network.


  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2
  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • Agent should be configured so that it can reach your internal website through HTTP/HTTPS
  • Agent needs to be able to access the Netsparker Enterprise Application Server’s HTTP(S) (443) port
How to Download and Configure the Scanning Agent
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Agents Manage Agents
  3. Select Configure New Agent

  1. Select the platform to download the Netsparker Enterprise Scanner Agent. Your Agent Token is also displayed.
    • Extract the contents of the zip file to C:\NC_Agent. (You can use another location, but these instructions will use this path.)
    • Open the C:\NC_Agent\appsettings.json file with your preferred text editor.
    • You need to edit two attributes before running the agent, listed under AgentInfo:
        • AgentName
          • This can be anything you want. This text will be displayed when you are starting a new Scan. (If you are going to install more than one instance of the agent make sure you set a unique AgentName value for each instance, something you will remember later.)
        • ApiToken 
          • In Netsparker, the Agent Token is displayed in the Configure New Agent window. Copy it into the ApiToken.

    Agent Token

      • Save and close the C:\NC_Agent\appsettings.json.

    Setting Scanning Agent as a Windows Service

    An internal scan agent should be configured as a Windows service, so that it can poll the Netsparker Enterprise servers regularly, and can take the scan initiation command from the server.

    How to Set the Scanning Agent as a Windows Service
    1. Open a command prompt in Administrator mode and add cd into C:\NC_Agent.
    2. Run the command below to install the Netsparker Enterprise Scanning Agent as a Windows Service:
      Netsparker.Cloud.Agent.exe -i
      1. Press Windows+R, type 'services.msc' and press Enter.
      2. Find 'Netsparker Enterprise Scanning Service - [YOUR_AGENT_NAME]'.
      3. Right-click on it, and select Properties.
      4. Make sure Startup type is set to Automatic, and select Start.
      Please note that although this service is set to start automatically, it will not restart until the PC is restarted too.

      1. Select Apply and OK, then exit the Properties window.
      2. The Netsparker Enterprise Scanning Agent is now running on your network, shortly it will be registered to Netsparker Enterprise.

      1. You can uninstall the Windows Service by specifying the -u argument instead of the -i argument used during the Installation process.

      Managing Groups

      In the Manage Groups window, you can search for and view the names of the different agent groups. You can also edit or delete their details, and add a new agent group.

      How to Add a New Agent Group

      1. From the main menu, select Agents > Manage Groups.

      New Agent Group

      1. From the Agent Groups window, select New Agent Group.
      2. Complete the Name and Agents fields.
      3. Select Save.

      How to Edit Agent Groups

      1. From the main menu, select Agents > Manage Groups.
      2. From the Agent Groups window, click Edit on the field of the group you want to edit. 
      3. In the New Agent Group window, make your edits.
      4. Select Save.

      How to Delete Agent Groups

      1. From the main menu, click Agents Manage Groups

      Agent Groups

      1. From the Agent Groups window, select Delete
      2. Select Yes, Delete in the dialog.

      Auto-Update Support for Scanner Agents

      Netsparker Enterprise On-Demand users can install Netsparker Enterprise Scanning Agents on their own network, while Netsparker Enterprise On-Premises users can use their own Agents with Netsparker Enterprise in their own environments.

      • When a new Agent version has been published, users can update their Agents manually using installation files on the machines on which Agents are installed. Alternatively, users can update Agents manually by clicking Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available).

      While the update is in progress, the State field will display 'Updating'.

      • Alternatively, enabling Auto Update means that when the new version of the Netsparker Enterprise Scanning Agent is available, the target Agent will update itself as soon as possible when it’s idle.
      The new Auto Update feature was implemented in the last agent release (May 2019), so you should manually upgrade to the latest Agent version one more time. After that, you can use Auto Update.
      How to Enable Automatic Agent Updates
      1. From the main menu, click Agents Manage Agents.

      Manually updating agents.

      1. Next to the relevant Agent, select the Command drop-down, then Enable Auto Update.
      How to Disable Automatic Agent Updates
      1. From the main menu, select Agents Manage Agents.
      2. Next to the relevant Agent, select the Command drop-down, then Disable Auto Update.

      Setting Proxy in Scanner Agents

      You can set a proxy for the scanning agent in Netsparker Enterprise. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor. 

      Netsparker supports Basic Authentication but not Digest and NTLM.

        "ProxySettings": {
          "Enabled": false,
          "Username": "",
          "Password": "",
          "Domain": "",
          "Address": "",
          "Port": "8888",
          "ByPassList": ""

      This table lists and explains the fields in the Proxy settings.

      Field Description
      Enabled Enter true if you use a proxy
      Use System Default Enter true if you authenticate the agent via operating system credential
      Username Enter a username for authentication
      Password Enter a password for authentication
      Domain Enter a domain name
      Address Enter a proxy address
      Port Enter a port for the proxy
      Bypass on Local Enter a value that indicates whether to bypass the proxy server for local addresses.
      Bypass List Enter the address(es) that do not use the proxy server.

      Malware Analysis with ClamAV 

      If you want a Netsparker Enterprise scan agent to carry out malware analysis, you need to download and install ClamAV. For further information, see Malware Analysis with ClamAV in Netsparker Enterprise.

      Defining an Internal Website in Netsparker Enterprise

      Now, you have installed scan agents into your infrastructure, you should configure Netsparker Enterprise to let it know which websites should be scanned with an internal agent rather than with the built-in agents.

      How to Define an Internal Website in Netsparker Enterprise
      1. Log in to Netsparker Enterprise.
      2. From the main menu, click Websites New Website
      3. Enter your internal website details (see Adding a Website in Netsparker Enterprise).
      4. From the Agent mode field, select Internal.
      5. Select Save. The Websites window is displayed.

      1. Next to the Internal Website you have created, select Scan
      2. From the Target URL field, select your Internal Website (if the field is not already populated).
      3. The Preferred Agent field is already selected by default. Your newly installed scanning Agent is displayed as an option. If you installed more than one instance, select the one which can access your Internal Website. If any of them can access your Internal Website, select the default option Any of the available agents. By selecting this, one of the idle agents will scan your website.
      4. Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)

      Your scan has been started in the Queued state. Shortly, you will see that its status changes to Scanning. Once it is completed, you will be able to explore the vulnerabilities found on your website


      Highly accurate, fast & easy-to-use Web Application Security Scanner

      GET A DEMO