Allowlisting requirements for Acunetix On-Premises agents
To ensure the proper functioning of internal agents and integrations, configure inbound and outbound traffic rules to allow access to the URLs specified in this document. Correctly configuring network access is a prerequisite for successful and accurate scans of your targets.
These are the allowlisting configuration steps to consider:
- Outbound connections
- Your browser outbound connections
- Acunetix main installation outbound connections
- Acunetix multi-engine outbound connections
- AcuSensor outbound connections
- Inbound connections
- Acunetix main installation accepting inbound connections
- Acunetix multi-engine accepting inbound connections
- Your target accepting inbound connections
- Your integration server accepting inbound connections
Outbound connections
Your browser outbound connections
Your browser might be behind an outbound firewall or web proxy, especially when connected to a corporate LAN or VPN. Ensure that your firewall, proxy, or VPN allows outbound connections to the following destinations:
Scope | Destination |
Browser access to your Acunetix On-Premises main installation | IP address or URL of your Acunetix main installation on (default) port 3443 |
Browser access to your Acunetix On-Premises multi-engine installation | IP address or URL of your Acunetix multi-engine installation on (default) port 3443 |
Acunetix main installation outbound connections
Scope | Destination |
API calls to your Acunetix On-Premises multi-engine installation | IP address or URL of your Acunetix multi-engine installation on (default) port 3443 |
API calls to the AcuMonitor service for out-of-band vulnerability checking | https://bxss.me |
API calls to the safe browsing service | https://sb.bxss.me |
API calls to the software composition analysis service | https://sca.acunetix.com |
AcuMonitor S3 bucket for out-of-band vulnerability checking | https://bxss.s3.dualstack.us-west-2.amazonaws.com |
Access Token for the Invicti Discovery Service | https://jwtsigner.invicti.com |
API calls to the Invicti Discovery Service | https://discovery-service.invicti.com |
Check for software updates | https://updates.acunetix.com |
Downloading of update packages for the internal scanning agent | https://*.amazonaws.com |
Scanning requests to your target | IP address/URL for your target, including destination port |
API calls for Invicti licensing and target management | https://erp.acunetix.com |
API discovery for Apigee API hub, Mulesoft, AWS API Gateway, etc | IP ranges or URLs for your target API integrations (including port number) |
Zero configuration API discovery requests to your targets | IP address/URL for your targets (the default port list is: 80, 81, 443, 3000, 5000, 7000, 8000, 8008, 8080, 8081, 8083, 8088, 8090, 8181, 8443, 8888) |
Acunetix multi-engine outbound connections
Scope | Destination |
API calls to your Acunetix On-Premises main installation | IP address or URL of your Acunetix main installation on (default) port 3443 |
API calls to the AcuMonitor service for out-of-band vulnerability checking | https://bxss.me |
API calls to the safe browsing service | https://sb.bxss.me |
API calls to the software composition analysis service | https://sca.acunetix.com |
AcuMonitor S3 bucket for out-of-band vulnerability checking | https://bxss.s3.dualstack.us-west-2.amazonaws.com |
Check for software updates | https://updates.acunetix.com |
Downloading of update packages | https://*.amazonaws.com |
Scanning requests to your target | IP address/URL for your target, including destination port |
AcuSensor outbound connections
If you have deployed an AcuSensor agent in your target web application, ensure your network infrastructure permits it to establish outbound connections for API calls to the AcuSensor Bridge.
Scope | Destination |
API calls to the AcuSensor Bridge (default) | IP address or URL of your Acunetix main installation on (default) port 7880 |
API calls to the AcuSensor Bridge (if configured) | https://acusensor.acunetix.com |
Inbound connections
Acunetix main installation accepting inbound connections
Scope | Source |
Communication between your Acunetix main installation and multi-engine installation | IP address or URL of your Acunetix multi-engine installation |
Acunetix multi-engine accepting inbound connections
Scope | Source |
Communication between your Acunetix main installation and multi-engine installation | IP address or URL of your Acunetix main installation |
Your target accepting inbound connections
Scope | Source |
Scanning requests from your Acunetix main installation Zero configuration API discovery requests from your Acunetix main installation | IP address or URL of your Acunetix main installation |
Scanning requests from your Acunetix multi-engine installation | IP address or URL of your Acunetix multi-engine installation |
Your integration server accepting inbound connections
Scope | Source |
Integration API calls | IP address or URL of your Acunetix main installation |
