SUPPORT

Contact Support

OPEN A TICKET

Installing Internal Agents

In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Netsparker Enterprise.

In addition to the scanning agent, you can add an authentication verifier agent that will verify the form authentication in your website. 

There are three stages to this process:

  1. Download and configure the Netsparker Enterprise agent
  2. Run the agent on your local network where it can reach the internal website you want to scan
  3. Define and scan your internal website
You can install internal agents in Linux and Docker, too. For further information about installing agents in Linux, see Installing a Scan Agent on Linux. For the docker, see Installing a Scan Agent via Dockerization.

To download the agent from Netsparker Enterprise, you must be an account administrator.

Downloading and Configuring the Agent

First, you need to download the installation files of the agent and install them on a machine in your internal network.

Prerequisites

Hardware Requirements

  • Windows Server 2016 or above (Windows Server 2019 recommended)
  • .NET Framework 4.7.2
  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 2 GB RAM (4 GB or higher recommended)
  • 10 GB Free Disk space for each internal agent

Network Requirements

  • Agent should be configured so that it can reach your internal website through HTTP/HTTPS
  • Agent needs to be able to access the Netsparker Enterprise Application Server’s HTTP(S) (443) port

Required Access

  • User(s) must have administrator privileges to run the required commands.

How to Download and Configure the Scanning Agent

  1. Log in to Netsparker Enterprise.
  2. From the main menu, go to Agents Manage Agents > Configure New Agent
  3. From the Agent section, select Windows to download the Netsparker Enterprise Scanner Agent. Your Agent Token is also displayed
    • Extract the contents of the zip file to C:\NC_Agent. (You can use another location, but these instructions will use this path.)
    • Open the C:\NC_Agent\appsettings.json file with your preferred text editor.
    • You need to edit two attributes before running the agent, listed under AgentInfo:
        • AgentName: This can be anything you want. This text will be displayed when you are starting a new Scan. (If you are going to install more than one instance of the agent make sure you set a unique AgentName value for each instance, something you will remember later.)
        • ApiToken: In Netsparker, the Agent Token is displayed in the Configure New Agent window. Copy it into the ApiToken.

          Agent Token

            • Save and close the C:\NC_Agent\appsettings.json.

          How to Download and Configure the Authentication Verifier Agent

          1. Log in to Netsparker Enterprise.
          2. From the main menu, go to Agents Manage Agents > Configure New Agent
          3. From the Authentication Verifier section, select Windows to download the Netsparker Enterprise Authentication Verifier Agent. Your Agent Token is also displayed.
            • Extract the contents of the zip file to C:\NC_VerifierAgent. (You can use another location, but these instructions will use this path.)
            • Open the C:\NC_VerifierAgent\appsettings.json file with your preferred text editor.
            • You need to edit two attributes before running the agent, listed under AgentInfo:
                • AgentName: This can be anything you want. This text will be displayed when you are starting a new Scan. (If you are going to install more than one instance of the agent make sure you set a unique AgentName value for each instance, something you will remember later.)
                • ApiToken: In Netsparker, the Agent Token is displayed in the Configure New Agent window. Copy it into the ApiToken.
                The Authentication Verifier Agent is an optional component. You can download and install the Authentication Verifier Agent if you need to scan websites with form or basic authentication or OAuth2.

                The instructions, such as setting the agent as a Windows service, are the same for the Scan Agent and the Authentication Verifier Agent.

                Setting Agent as a Windows Service

                An internal agent should be configured as a Windows service, so that it can poll the Netsparker Enterprise servers regularly, and can take the scan initiation command from the server.

                How to Set the Agent as a Windows Service
                1. Open a command prompt in Administrator mode and navigate the agent's folder.
                2. Run the command below to install the Netsparker Enterprise Scanning Agent as a Windows Service:
                Netsparker.Cloud.Agent.exe -i
                1. Press Windows+R, type 'services.msc' and press Enter.
                2. Find 'Netsparker Enterprise Scanning Service - [YOUR_AGENT_NAME]'.
                3. Right-click on it, and select Properties.
                4. Make sure Startup type is set to Automatic, and select Start.
                Please note that although this service is set to start automatically, it will not restart until the PC is restarted too.
                1. Select Apply and OK, then exit the Properties window.

                The Netsparker Enterprise Agent is now running on your network, shortly it will be registered to Netsparker Enterprise.

                You can uninstall the Windows Service by specifying the -u argument instead of the -i argument used during the Installation process.

                Managing Groups

                In the Manage Groups window, you can search for and view the names of the different agent groups. You can also edit or delete their details, and add a new agent group.

                How to Add a New Agent Group

                1. From the main menu, select Agents > Manage Groups.
                2. From the Agent Groups window, select New Agent Group.
                3. Complete the Name and Agents fields.
                4. Select Save.

                How to Edit Agent Groups

                1. From the main menu, select Agents > Manage Groups.
                2. From the Agent Groups window, click Edit on the field of the group you want to edit. 
                3. In the New Agent Group window, make your edits.
                4. Select Save.

                How to Delete Agent Groups

                1. From the main menu, click Agents Manage Groups
                2. From the Agent Groups window, select Delete
                3. Select Yes, Delete in the dialog.

                Auto-Update Support for Scanner Agents

                Netsparker Enterprise On-Demand users can install Netsparker Enterprise Scanning Agents on their own network, while Netsparker Enterprise On-Premises users can use their own Agents with Netsparker Enterprise in their own environments.

                The Authentication Verifier Agent does not support auto-update currently. We have been working on improving this.

                When a new Agent version has been published, users can update their Agents manually using installation files on the machines on which Agents are installed. Alternatively, users can update Agents manually by clicking Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available).

                While the update is in progress, the State field will display 'Updating'.

                • Alternatively, enabling Auto Update means that when the new version of the Netsparker Enterprise Scanning Agent is available, the target Agent will update itself as soon as possible when it’s idle.
                How to Enable Automatic Agent Updates
                1. From the main menu, click Agents Manage Agents.
                2. Next to the relevant Agent, select the Command drop-down, then Enable Auto Update.
                How to Disable Automatic Agent Updates
                1. From the main menu, select Agents Manage Agents.
                2. Next to the relevant Agent, select the Command drop-down, then Disable Auto Update.

                Setting Proxy in Scanner Agents

                You can set a proxy for the scanning agent in Netsparker Enterprise. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor. 

                The Authentication Verifier Agent does not support proxy configuration currently. We have been working on improving this. 

                Netsparker supports Basic Authentication but not Digest and NTLM.

                  "ProxySettings": {
                    "Enabled": false,
                    "Username": "",
                    "Password": "",
                    "Domain": "",
                    "Address": "127.0.0.1",
                    "Port": "8888",
                    "ByPassList": ""
                  }
                

                This table lists and explains the fields in the Proxy settings.

                Field Description
                Enabled Enter true if you use a proxy
                Use System Default Enter true if you authenticate the agent via operating system credential
                Username Enter a username for authentication
                Password Enter a password for authentication
                Domain Enter a domain name
                Address Enter a proxy address
                Port Enter a port for the proxy
                Bypass on Local Enter a value that indicates whether to bypass the proxy server for local addresses.
                Bypass List Enter the address(es) that do not use the proxy server.

                Malware Analysis with ClamAV 

                If you want a Netsparker Enterprise scan agent to carry out malware analysis, you need to download and install ClamAV. For further information, see Malware Analysis with ClamAV in Netsparker Enterprise.

                Defining and Scanning an Internal Website in Netsparker Enterprise

                Now, you have installed scan and verifier agents into your infrastructure, you should configure Netsparker Enterprise to let it know which websites should be scanned with an internal agent rather than with the built-in agents.

                How to Define an Internal Website in Netsparker Enterprise
                1. Log in to Netsparker Enterprise.
                2. From the main menu, select Websites > New Website
                3. Enter your internal website details (see Adding a Website in Netsparker Enterprise).
                4. From the Agent mode field, select Internal.
                5. Select Save
                How to Scan an Internal Website with Agent
                1. Log in to Netsparker Enterprise.
                2. From the main menu, select Scans > New Scan.
                3. From the Target URL field, select your Internal Website (if the field is not already populated).
                4. The Preferred Agent field is already selected by default. Your newly installed scanning Agent is displayed as an option. If you installed more than one instance, select the one which can access your Internal Website. If any of them can access your Internal Website, select the default option Any of the available agents. By selecting this, one of the idle agents will scan your website.
                5. From the Authentication, select Form. Then select the Form Authentication checkbox.
                6. In the Login Form URL field, enter the URL of the login form whose credentials you want to configure.
                If there is more than one authentication verifier agent defined in your system, Netsparker Enterprise shows a drop-down to select the verifier agent you want to use.
                1. In the Personas section, select New Persona. Then, enter a username and password.
                2. Select Verify Login & Logout so the verifier agent can test the login. If configured, the Verifier Agent confirms the login and logout if the credentials are correct.
                3. Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)

                Your scan has been started in the Queued state. Shortly, you will see that its status changes to Scanning. Once it is completed, you will be able to explore the vulnerabilities found on your website.

                Netsparker

                Highly accurate, fast & easy-to-use Web Application Security Scanner

                Get a demo