SUPPORT

Contact Support

OPEN A TICKET

Installing a Scan Agent via Dockerization

If you want to scan a website in a demilitarized zone (DMZ), internal networks that are not publicly accessible, you can install Netsparker scan agents in your network.

  • You can install the Netsparker Enterprise scan agent on any operating system that has Docker.
  • Using Docker means you don't need to install redundant files like drivers or operating system kernels, for example. This is an alternative method for installing Netsparker Enterprise Scan Agents.

This topic explains how to install Netsparker Enterprise scan agent on Windows, Linux or MacOS operating systems using dockerization. Except for the steps for installing Docker (it is out of this topic's scope), the steps are the same for each operating system.

In this document, for illustration purposes, you may see some Linux images.

Prerequisites

  • Docker. To find out if your OS has Docker installed, type the following code in the shell: docker -v
  • Install .7z so that you can extract the downloaded .7z installation file.
  • Administrator privileges to run the required commands.

Downloading and Installing the Agent

You need to download the installation files of the agent to a machine on your internal network.

Downloading the Docker agent to your on-premises environment? Please contact support@netsparker.com.
How to download a Scan Agent in Netsparker Enterprise On-Demand
  1. Log in to Netsparker Enteprise.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agent.

  • From the Agent section, select Docker to download the NetsparkerEnterprise_Scan_Agent.tar file.
How to install a Scan Agent in Netsparker Enterprise
  1. Extract the TAR file:
tar xf Netsparker_Enterprise_Scanner_Agent.tar

It should contain the following: a TAR file and a PDF document.

  1. Now, navigate to the extracted file, and run the following command to load the image file:
docker load < NetsparkerEnterprise_Scan_Agent.tar

After entering the previous command, the system will start to download the image. It may take some time. Once the download is complete, a welcome message is displayed.

  1. Now that the latest version of scan agent's Docker image is installed, the next step is to boot up a container.
docker run -d --name {container name} --restart=always
-v {log file path in host machine}:/app/Logs/
-e "ApiToken={api token}"
-e "ApiRootUrl={api url}"
-e "AgentName={agent name}"
-e "IgnoreSslCertificateErrors=false"
-e "NhsPort=8080"
agent:{tag}


The command docker run would boot up a container. This table lists and explains the parameters required to further configure the container.

Parameter

Description

-d:

This denotes daemon mode. The container will work in the background.

--name : 

This gives a name to the container.

--restart=always:

This makes the container start automatically when the Docker service starts.

-v :

The parameters mount a directory in the container with a directory in the host. This setting allows you to see agent reports.

-e:

This parameter is used to set the environment variable for the container. The ApiToken, ApiRootUrl and AgentName settings will be used by the scan agent.

AgentName: This can be anything you want. This text will be displayed when you are starting a new Scan. (If you plan to install more than one instance of the agent, make sure you set a unique agentName value for each instance, as it will be needed later.)

ApiToken: In Netsparker Enterprise, the Agent Token is displayed in the Configure New Agent window. Copy this value into the apiToken.

ApiRootUrl: This would be the URL of Netsparker Enterprise On-Demand or Netsparker Enterprise Web On-Premises.

IgnoreSslCertificateErrors: This would ignore any SSL certificate errors on the scan target website.

NhsPort: This port is used for Netsparker Helper Service. If the port is already used, please change with any available port.

agent:{tag}: 

This is the image name from which the container will be created. The name of the image is agent, whereas {tag} is the version number of the image. We use the latest in our case.

How to Get an Agent Token for the Scan Agent

From the main menu go to Agents > Manage Agents > Configure New Agent. In the Agent Token field, select Copy to clipboard ().

  1. You can now execute the following command in order to create a container.

  1. After the command is executed, the container is created. To see the result, you can execute the command below.
docker container ls

  1. The scanner agent container is now installed. You can check its status in Netsparker Enterprise. From the Agents menu, select Manage Agents.
Note that agents in Docker do not support auto-update currently. We have been working on improving this.

So, in order to update the Netsparker Enterprise Scan Agent, you need to remove the existing agent and download/install the latest version of the docker agent.

Now you can start a scan through the scan agent you just installed. To do that navigate to Scans > New Scan and select a website that agent mode is Internal. Then with other settings that required to start a scan, you can also select which agent would be used to scan the target:

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo