Installing a scanner agent on Linux (Debian Distribution)

To scan websites in a demilitarized zone (DMZ) or internal networks that are not publicly accessible, install an Acunetix 360 scan agent on your network. The agent performs the scan and reports the results to Acunetix 360.

Optionally, you can install an authentication verifier agent to verify form authentication on your website.

You can install the scan agent on a Linux operating system. For Debian distributions, ensure the required dependencies are met.

This document focuses on installing a scan agent on Debian-based systems. For Red Hat distributions, refer to Installing a Scan Agent on Linux (RedHat Distribution).

This process involves three steps:

  1. Download the Acunetix 360 agent
  2. Install the Acunetix 360 agent
  3. Set the agent as a Linux service

Prerequisites

Hardware Requirements

  • Processor: 1.4 GHz minimum (2.0 GHz or faster recommended)
  • Memory: 4 GB or higher recommended
  • Storage: 10 GB free disk space per internal agent
  • If NTLM is used as the authentication method, Ubuntu version 24.04 or its equivalent must be used at a minimum.

Network Requirements

  • The agent must access your internal website via HTTP/HTTPS
  • The agent must connect to the Acunetix 360 Authentication Verifier Server over HTTP(S) (port 443)

Allowlisting Requirements

  • Domains:
  • www.invicti.com
  • netsparker.com
  • r87.me
  • https://online.acunetix360.com/
  • Regional IPs:
  • 18.215.138.185, 3.209.193.120
  • s3.us-east-1.amazonaws.com

Required Access

  • Users must have root privileges to execute the required commands. If root privileges are unavailable, use the Docker-based scan agent instead. For instructions, refer to Installing a Docker scan agent.

Step 1: Download the Agent

To install the scan agent, download the installation files to a machine on your internal network. These are the steps to download a Scan Agent in Acunetix 360 On-Demand:

  1. In Acunetix 360, select Agents > Manage Agents from the left-side menu.
  2. Click Configure New Agent.

  1. From the Agent - Direct Download section, select Linux to download the required files to install the verifier agent.

Step 2: Install the Agent

To install the Acunetix 360 Agent follow these instructions:

  1. Open a terminal window.
  2. Update the operating system's application repositories:

sudo apt update && sudo apt upgrade -y

  1. Install the required dependent packages:

sudo apt-get install p7zip-full  

sudo apt install -y wget gss-ntlmssp nano mono-complete apt-transport-https

  1. Create a folder for the Agent dependency:

sudo mkdir -p /home/[YOUR_USER]/.local/share/Netsparker_Ltd

  1. Change the ownership of the folder:

sudo chown -R [YOUR_USER] /home/[ YOUR_USER]/.local/share

NOTE:  Make sure that [YOUR_USER] in this step matches the [YOUR_USER] in the unit file described later in this guide.

  1. To install the necessary dependencies for Headless Chrome, run the following command:

sudo apt install -y gconf-service libasound2 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils libgdiplus 

IMPORTANT:

If the operating system is Ubuntu 24.04 or higher, the following must be used:

sudo apt install -y libasound2t64 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libnss3 lsb-release xdg-utils libgdiplus

After installing the dependencies, you can download and configure the Headless Chrome browser.

WARNING FOR KALI DISTRIBUTIONS
You may encounter an issue while installing the libappindicator1 dependency specified in step 6 above. If this happens, refer to the section Adding Debian Repository to the Sources.List in Kali Rolling below for instructions on how to resolve it.

  1. Extract the Agent TAR file by running the following commands:

cd /home/[YOUR_USER]

sudo tar -xvf Acunetix_360_Scanner_Agent.tar --one-top-level

sudo chown -R [YOUR_USER]:[YOUR_USER] /home/[YOUR_USER]/Acunetix_360_Scanner_Agent

  1. Open the appsettings.json file using your preferred text editor to enter the required information (e.g., ApiToken):

cd /home/[YOUR_USER]/Acunetix_360_Scanner_Agent

nano appsettings.json

Changing the default data folder for the scanner Agent

To change the default data folder, add the following attribute under AgentInfo in the appsettings.json file:

"ScanDataFolderPath": "FullPath"

For example, you can set the path like this:

/home/[YOUR_USER]/[data folder]/

  • If you modify an existing agent's appsettings.json file, you must restart the service after making the change.
  • If you are adding this line to a new agent, you can continue with the installation process as usual.

These settings will be used by the agent:

  • AgentName: You can set this to any name you prefer. It will be displayed when starting a new scan. If installing multiple instances of the agent, ensure each has a unique AgentName that you will reference later.
  • AgentType: This can be set to either Standard or Cloud. If you plan to use a Cloud Provider for scanning, set AgentType to Cloud.
  • ApiToken: The ApiToken corresponds to the Agent Token displayed in the Configure New Agent window of Acunetix 360. Copy this value into the ApiToken field.
  • ApiRootUrl: The URL of Acuetix 360 or the Acunetix 360 On-Premises.

Adding Debian Repository to the Source.List in Kali Rolling Distribution

To install libappindicator1 for Headless Chrome browser dependencies, add the Debian Repository to the sources.list in Kali Rolling using these instructions:

  1. Open a terminal and run this command.

sudo nano /etc/apt/sources.list

  1. Add the following lines to the sources.list file:

deb http://deb.debian.org/debian buster main contrib non-free  

deb-src http://deb.debian.org/debian buster main contrib non-free

  1. Save and close the file.
  2. Update the repositories:

sudo apt update

  1. Install libappindicator1:

sudo apt install libappindicator1

  1. After installing libappindicator1, you can resume the agent installation starting from step 2 point 8 above.

Step 3: Set the Agent as a Linux Service

An internal agent must be set up as a Linux service to regularly poll the Acunetix 360 servers and receive scan initiation commands.

You can complete this configuration in three steps:

  1. Add a unit file for an Acunetix 360 Agent
  2. Configure Sudoers for an Acunetix 360 Agent
  3. Start Acunetix 360 Agent as a Linux Service

Additionally, you can update the scan agent or enable it to auto-update itself. For further information about the agent update, see Auto-Update Support for Scanner Agents.

3.1 Add a unit file for an Acunetix 360 Agent

Follow these steps to add a unit file fon the Acunetix 360 Agent:

  1. Open a terminal
  2. cd /etc/systemd/system
  3. sudo touch [YOUR_AGENT_NAME].service
  4. sudo nano [YOUR_AGENT_NAME].service

IMPORTANT:

The AgentName specified in the appsettings.json file must match the agent's unit file name. Consistency between these names is required for proper operation.

  1. Add the following script into [YOUR_AGENT_NAME].service:

# For internal agents version 2.0.2.157 and newer:

[Unit]

Description=acx360_scan_agent_01

[Service]

Type=notify

KillMode=process

Restart=always

RestartSec=30

SyslogIdentifier=[YOUR_USER]

KillSignal=SIGINT

User=[YOUR_USER]

WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH]

ExecStart = ./[Your Agent Directory path]/Acunetix.Cloud.Agent

ExecStop=/usr/bin/pkill -f "[YOUR_AGENT_DIRECTORY_PATH]/Nhs/NetsparkerHelperService.exe"

[Install]

WantedBy=multi-user.target

  1. Save and close the document.

3.2 Configure Sudoers for an Acunetix 360 Agent

To configure Sudoers for the Acunetix 360 agent, follow these steps:

  1. Navigate to the sudoers directory:

sudo cd /etc/sudoers.d

  1. Create a new sudoers file:

sudo touch [YOUR_AGENT_NAME]-systemctl

  1. Edit the file with visudo:

sudo visudo -f [YOUR_AGENT_NAME]-systemctl

  1. Add the following script to grant the necessary permissions:

[YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl start [YOUR_AGENT_NAME].service  

[YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl stop [YOUR_AGENT_NAME].service

  1. Save and close the file.

3.3 Start Acunetix 360 Agent as a Linux Service

  1. Reload the system daemon to recognize the new service:

sudo systemctl daemon-reload

  1. Start the agent service:

sudo systemctl start [YOUR_AGENT_NAME].service

TIP:

To ensure the scanning agent service remains active after a machine reboot:

  1. Open a terminal.
  2. Enable the agent service to start automatically:

    sudo systemctl enable [YOUR_AGENT_NAME].service

  1. You can now verify the connection between Acunetix 360 and the scan agent by navigating to the Agents menu and selecting Manage Agents.

TIP:

You can set a proxy for the scanning agent in Acunetix 360. For further information about the proxy, see Setting Proxy in Scanner Agents. Using Proxy Auto-Configuration? For further information, see Using Proxy Auto-Configuration file.

Defining and Scanning an Internal Website in Acunetix 360

Now, that you have installed a scanning agent into your infrastructure, you should configure Acunetix 360 to let it know which websites should be scanned with an internal agent rather than with the built-in agents.

How to Define an Internal Website in Acunetix 360

  1. Log in to Acunetix 360.
  2. From the main menu, select Websites > New Website.
  3. Enter your internal website details (see Adding a Website in Acunetix 360).
  4. From the Agent mode field, select Internal.
  1. Select Save.

How to Scan an Internal Website with Agent

  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.
  3. From the Target URL field, select your Internal Website (if the field is not already populated).
  4. The Preferred Agent field is already selected by default. Your newly installed scanning Agent is displayed as an option. If you installed more than one instance, select the one which can access your Internal Website. If any of them can access your Internal Website, select the default option Any of the available agents. By selecting this, one of the idle agents will scan your website.
  5. Select Launch. (For simplicity, optimization and other settings are ignored in this procedure.)

Your scan has been started in the Queued state. Shortly, you will see that its status changes to Scanning. Once it is completed, you will be able to explore the vulnerabilities found on your website.

Installing Multiple Agents on the Same Operating System

You can install more than one agent in Linux.

How to Install Multiple Agents on the Same Operating System

  1. Open a terminal window.
  2. Create a new folder for the new agent.
  3. Copy the TAR file into the new folder, and extract the TAR file
  4. Follow the instructions in Installing the Agent and Setting Agent as a Linux Service.

Make sure that you enter a different name for the new agent.

For further information about managing scan agents, see Managing Groups.

« Back to the Acunetix Support Page