Installing internal agents with proxy settings

Internal agents integrate with Acunetix Premium+ Online, enabling scans within your environment for targets not publicly accessible from the internet or when you do not want to allowlist Acunetix cloud agents.

This guide shows you how to install the Acunetix internal agent with proxy settings on Windows and Docker to connect to Acunetix Premium+ Online.

Limitations for internal agents

When the site is internal, and you prefer using internal agents for the scan, you cannot create a new Login Sequence Record (LSR) or Business Logic Record. However, you can import them. For further information about recording and downloading an LSR, refer to Using the Login Sequence Recorder.

Prerequisites

System requirements

  • At least 2-core CPU 64bit processor
  • Dedicated memory: minimum of 2 GB RAM
  • At least 50GB of HDD

Access requirements

  • Administrator privileges for command execution.
  • Acunetix System/Platform Administrator role.

Allowlisting requirements

For internal agents to work properly, you need to allowlist the following web URLs:

  • online.acunetix.com
  • app.invicti.com (EU-based customers: app-eu.invicti.com)
  • sca.acunetix.com
  • bxss.me
  • sb.bxss.me
  • acusensor.acunetix.com

NOTE: If you are running multiple concurrent scans with internal agents, your RAM and CPU need to be exponentially greater than the specified installation requirements.

  • Running 2 concurrent scans requires 6 GB RAM + 2-core CPU
  • Running 3 concurrent scans requires 8 GB RAM + 3-core CPU
  • Running 4 concurrent scans requires 10 GB RAM + 4-core CPU

Any additional concurrent scan requires +2 GB RAM and +1 core.

How to install an internal agent with proxy settings on Windows

  1. Log in to Acunetix and select Agents from the main menu.
  2. Click Agent Installation Instructions.

  1. Select Windows.

  1. Enter a name for your internal agent.

  1. Create a folder where you will save the internal agent.

  1. Click Download Windows Agent. When the invicti-agent.exe file is downloaded, move it to the folder created in Step 5 above.

  1. Copy the command from Step 5 in the Agent Installation Instructions.

  1. Paste the command in a place where you can edit the content, for example, in Notepad.

  1. Edit the command to add -p http://username:pass@proxy_server:port at the end (after the registration token). Ensure that you replace username, pass, proxy_server, and port with your actual proxy settings.

.\invicti-agent.exe register --url app.invicti.com --agentname "newagent" --registration-token aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee -p http://username:pass@proxy_server:port 

  1. As a user without administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'

  1. Copy and paste the edited command from Step 9 above to your Terminal window and execute the command.

  1. Copy the command from Step 6 in the Agent Installation Instructions.

  1. As a user with administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'

  1. Paste and run the command copied in Step 12 above. This installs the agent as a service so that it is ready to start executing scans.

Your internal agent is now installed. You can view your internal agents in Acunetix by going to the Agents page.

You can now assign targets to the installed internal agent and commence testing your website.

How to install an internal agent with proxy settings using Docker

NOTE: Ensure Docker Desktop is installed on your host OS by verifying with the command 'docker -v' in Terminal. If version information is displayed, you're all set. Otherwise, refer to the Docker support documentation for installation guidance.

  1. Log in to Acunetix and select Agents from the left-side menu.
  2. Click View Agent Installation Instructions.

  1. Select Docker.

  1. Enter a name for your internal agent.

  1. Copy the command from Step 3 in the Agent Installation Instructions.

  1. Paste the command in a place where you can edit the content, for example, in Notepad.

  1. Edit the command to add -e INVICTI_AGENT_HTTP_PROXY=http://username:pass@ip:port
    after the name parameter. If the proxy doesn't have any authentication, then use  
    -e INVICTI_AGENT_HTTP_PROXY=http://ip:port instead.

Ensure that you replace username, pass, ip, and port with your actual proxy settings.

docker run -d --name "my-agent" -e INVICTI_AGENT_HTTP_PROXY=http://username:pass@ip:port invicti/internal-agent --url online.acunetix.com --agentname "agent-name" --registration-token XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX 

  1. Copy the full text of your newly edited command.

  1. Open Terminal and paste the command. Press enter to execute the command.


Your internal agent is now installed. You can view your internal agents in Acunetix by going to the
Agents page.

You can now assign targets to the installed internal agent and commence testing your website.

How to import a certificate within Docker

To import a certificate within Docker, follow the steps below:

  1. Create a new folder. For example, C:\users\name\my_agent
  2. Copy the certificate you would like to import to this new folder. For example, C:\users\name\my_agent\my_certificate.pem
  3. Navigate to this folder: C:\users\name\my_agent
  4. Create the following Dockerfile and name it ‘Dockerfile’:

FROM invicti/internal-agent

USER root

COPY my_certificate.pem /usr/local/share/ca-certificates/my_certificate.crt

RUN update-ca-certificates

USER invicti

ENTRYPOINT ["/usr/local/bin/invicti-agent","register-run"]

  1. Run the command “docker build -t my_agent .” to build the image
  2. Run the following command to start the agent with the new certificate and proxy. Note that ‘-p’ is used for the agent proxy.

docker run -d --env REQUESTS_CA_BUNDLE=/etc/ssl/certs/ --name "dockeragent" my_agent --url app.invicti.com --agentname "dockeragent" --registration-token XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX -p http://myproxy:8888

Troubleshooting

To troubleshoot issues, review the Docker log and host terminal. For further assistance, contact our Support team.

Explanation of parameters

Below is a table detailing the parameters necessary to configure a Docker container for installing an internal agent.

Parameter

Description

-d

This indicates detached mode, allowing the container to operate in the background.

--name

Assigns a name to the container.

-e

Sets the environment parameters to add the proxy.

--url

Specifies the Acunetix URL.

--agentname

Defines the agent name in the Acunetix UI, changeable later.

If installing multiple agent instances, assign a unique agent name for each instance. (Max 50 characters)

--registration-token

Obtain from Acunetix Agents menu > Agent Installation > Docker > Your registration token is displayed in Step 2: Get your token.

« Back to the Acunetix Support Page