Contact Support


Installing a Scan Agent via Dockerization

If you want to scan a website in a demilitarized zone (DMZ), internal networks that are not publicly accessible, you can install Netsparker scan agents in your network. You can install Netsparker Enterprise scan agent on any operating system that has Docker. Using Docker means you don't need to install redundant files like drivers or operating system kernels, for example. This is an alternative method for installing Netsparker Enterprise Scan Agents.

This topic explains how to install Netsparker Enterprise scan agent on Windows, Linux or MacOS operating systems using dockerization. Except for the steps for installing Docker (it is out of this topic's scope), the steps are the same for each operating system.

In this document, for illustration purposes, you may see some Linux images.

Before proceeding, please ensure that the system on which you want to install the Netsparker Enterprise Scan Agent has Docker installed. To find out if your OS has Docker installed, type this code in the shell.

Also, ensure that you have 7zip installed to extract the downloaded .7z installation file.

How to Install a Netsparker Enterprise Scan Agent

  1. Download the agent file:
      • In Netsparker Enterprise, click Agents, then Manage Agents. The Manage Agents window is displayed.

      • Click Configure New Agent. The Configure New Agent window is displayed.

    • Click Docker to download the required files to install the scan agent. After extracting the downloaded .7z file, you will have these files:
      • Installing a Scan Agent via Dockerization.pdf
      • NetsparkerEnterprise_Scan_Agent.tar
  1. We now have an agent image file (NetsparkerEnterprise_Scan_Agent.tar)  for the Docker container. With the following step we can load this image file.

docker load < NetsparkerEnterprise_Scan_Agent.tar

After entering the command above, the system will start to download the image. It may take some time. Once  the download is complete, a welcome message is displayed.

  1. Now that the latest version of scan agent's Docker image is installed, the next step is to boot up a container.
docker run -d --name {container name} --restart=always 
        -v {log file path in host machine}:/app/Logs/
-e "ApiToken={api token}"
-e "ApiRootUrl={api url}"
-e "AgentName={agent name}"

The command docker run would boot up a container. This table lists and explains the parameters required to further configure the container.




This denotes daemon mode. The container will work in the background.

--name : 

This gives a name to the container.


This makes the container start automatically when the Docker service starts.

-v :

The parameters mount a directory in the container with a directory in the host. This setting allows you to see agent reports.


This parameter is used to set the environment variable for the container. The ApiToken, ApiRootUrl and AgentName settings will be used by the scan agent.


This can be anything you want. This text will be displayed when you are starting a new Scan. (If you plan to install more than one instance of the agent, make sure you set a unique agentName value for each instance, as it will be needed later.)


In Netsparker Enterprise, the Agent Token is displayed in the Configure New Agent window. Copy this value into the apiToken.


This would be the URL of Netsparker Enterprise On-Demand or Netsparker Enterprise Web On-Premises.


This is the image name from which the container will be created. The name of the image is agent, whereas {tag} is the version number of the image. We use the latest in our case.

How to Get an Agent Token for the Scan Agent
  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Agents, then Manage Agents. The Agents window is displayed.

  1. Click Configure New Agent. The Configure New Agent window is displayed.

  1. In the Agent Token field, click Copy to clipboard ().
  1. You can now execute the following command in order to create a container.

  1. After the command is executed, the container is created. To see the result, you can execute the command below.
docker container ls

  1. The scanner agent container is now installed. You can check its status in Netsparker Enterprise. From the Agents menu, click Manage Agents.

Now we can start a scan through the scan agent we just installed. To do that navigate to Scans > New Scan and select a website that agent mode is Internal. Then with other settings that required to start a scan, we can also select which agent would be used to scan the target:


Highly accurate, fast & easy-to-use Web Application Security Scanner