SUPPORT

Contact Support

OPEN A TICKET

Installing a Scan Agent via Dockerization

If you want to scan a website in a demilitarized zone (DMZ), internal networks that are not publicly accessible, you can install Netsparker scan agents in your network. You can install Netsparker Enterprise scan agent on any operating system that has Docker.

Using Docker means you don't need to install redundant files like drivers or operating system kernels, for example. This is an alternative method for installing Netsparker Enterprise Scan Agents.

This topic explains how to install Netsparker Enterprise scan agent on Windows, Linux or MacOS operating systems using dockerization. Except for the steps for installing Docker (it is out of this topic's scope), the steps are the same for each operating system.

In this document, for illustration purposes, you may see some Linux images.

Before proceeding, please ensure that the system on which you want to install the Netsparker Enterprise Scan Agent has Docker installed. To find out if your OS has Docker installed, type the following code in the shell: docker -v

Also, ensure that you have 7zip installed to extract the downloaded .7z installation file.

To download the agent from Netsparker Enterprise, you must be an account administrator.

How to Install a Netsparker Enterprise Scan Agent

  1. Download the agent file:
      • In Netsparker Enterprise, go to Agents > Manage Agents > Configure New Agent.
      • From the Agent section, select Docker to download the NetsparkerEnterprise_Scan_Agent.tar file.
    1. Extract the TAR file:

      tar xf Netsparker_Enterprise_Scanner_Agent.tar

    It should contain the following: a TAR file and a PDF document.

    1. Now, navigate to the extracted file, and run the following command to load the image file:
    docker load < NetsparkerEnterprise_Scan_Agent.tar

    After entering the previous command, the system will start to download the image. It may take some time. Once the download is complete, a welcome message is displayed.

    1. Now that the latest version of scan agent's Docker image is installed, the next step is to boot up a container.
    docker run -d --name {container name} --restart=always
    -v {log file path in host machine}:/app/Logs/
    -e "ApiToken={api token}"
    -e "ApiRootUrl={api url}"
    -e "AgentName={agent name}"
    -e "IgnoreSslCertificateErrors= false"
    -e "NhsPort= 8080"
    agent:{tag}


    The command docker run would boot up a container. This table lists and explains the parameters required to further configure the container.

    Parameter

    Description

    -d:

    This denotes daemon mode. The container will work in the background.

    --name : 

    This gives a name to the container.

    --restart=always:

    This makes the container start automatically when the Docker service starts.

    -v :

    The parameters mount a directory in the container with a directory in the host. This setting allows you to see agent reports.

    -e:

    This parameter is used to set the environment variable for the container. The ApiToken, ApiRootUrl and AgentName settings will be used by the scan agent.

    AgentName: This can be anything you want. This text will be displayed when you are starting a new Scan. (If you plan to install more than one instance of the agent, make sure you set a unique agentName value for each instance, as it will be needed later.)

    ApiToken: In Netsparker Enterprise, the Agent Token is displayed in the Configure New Agent window. Copy this value into the apiToken.

    ApiRootUrl: This would be the URL of Netsparker Enterprise On-Demand or Netsparker Enterprise Web On-Premises.

    IgnoreSslCertificateErrors: This would ignore any SSL certificate errors on the scan target website.

    NhsPort: This port is used for Netsparker Helper Service. If the port is already used, please change with any available port. 

    agent:{tag}: 

    This is the image name from which the container will be created. The name of the image is agent, whereas {tag} is the version number of the image. We use the latest in our case.

    How to Get an Agent Token for the Scan Agent

    From the main menu go to Agents > Manage Agents > Configure New Agent. In the Agent Token field, select Copy to clipboard ().

    1. You can now execute the following command in order to create a container.

    1. After the command is executed, the container is created. To see the result, you can execute the command below.
    docker container ls

    1. The scanner agent container is now installed. You can check its status in Netsparker Enterprise. From the Agents menu, select Manage Agents.
    Note that agents in Docker do not support auto-update currently. We have been working on improving this.

    So, in order to update the Netsparker Enterprise Scan Agent, you need to remove the existing agent and download/install the latest version of the docker agent.

    Now you can start a scan through the scan agent you just installed. To do that navigate to Scans > New Scan and select a website that agent mode is Internal. Then with other settings that required to start a scan, you can also select which agent would be used to scan the target:

    Netsparker

    Highly accurate, fast & easy-to-use Web Application Security Scanner

    Get a demo