Agents in Acunetix 360 On-Premises

To scan a website located on your internal network, you need to install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.

  • You can install scan agents in Windows and Linux and use the dockerization version of the scan agent. These agents execute scans and inform the Acunetix 360 application.
  • In addition to the scan agent, you can install an authentication verifier agent that will verify the form authentication on your website.

Installer files for agents are in the Zip file you were emailed. You can also download them from the Acunetix 360 user interface.

This document explains how to download scan and authentication verifier agents from the Acunetix 360 user interface and explains how to manage agents.

For more information about Agents, refer to Installing and Configuring Acunetix 360 On-Premises.

Downloading agents

On the Configure New Agent page, you can download the agents you want to install.

How to download agents from Acunetix 360 user interface
  1. Log in to Acunetix 360.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agents.

  1. Select the agent you want to download. The download starts immediately.

Installing agents? See the following pages for further information:

Managing scanning agents

In the Manage Agents window, you can view the details and current state of all Agents. You can also disable them and add new Agents to the list.

Manage Agents Fields

This table lists and explains the fields in the Agents window.

Field

Description

Name

This is the name of the agent.

State

This is whether the agent is online and waiting for a scan assignment.

  • Available
  • Launching
  • Waiting
  • Scanning
  • Terminated
  • NotAvailable

Launch Date

This is the date when the agent was first available.

Last Heartbeat

This is the last time the agent communicated with the web application.

Version

This is the version number of the scan agent.

Is Up To Date

This is whether the Agent is up-to-date.

VDB Version

This is the Vulnerability Database Version running on the Agent.

Operating System

This is the operating system on which the Agent is installed.

Installed Framework

This is the .NET environment on which the Agent is running.

Operating System Architecture

This represents the operating system architecture on which the Agent is installed.

Target URL

This is the target URL of the website, including the path.

Process Architecture

This represents the process architecture on which the Agent is installed.

IP Address

This is the IPv4 version of the Agent.

How to Configure an Agent for a Website

  1. From the main menu, select Agents > Manage Agents.
  2. On the Agents page, select Configure New Agent.
  3. Copy the Agent Token to the appsetting.json file of the other Agent that you manually installed.
How to Disable an Agent
  1. From the main menu, select Agents > Manage Agents.
  2. On the Agents page, select the Agent you want to disable, and select Disable in their field. The Disable Agent dialog is displayed.

  1. Click Yes, Disable.

Setting Proxy in Scanner Agents

You can set a proxy for the scanning agent in Acunetix 360. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor.

Acunetix 360 supports Basic Authentication but not Digest and NTLM.

  "ProxySettings": {

    "ProxyMode": "SystemProxy",

    "UseDefaultCredentials": true,

    "Username": "",

    "Password": "",

    "Domain": "",

    "Address": "127.0.0.1",

    "Port": "8888",

    "ByPassOnLocal": false,

    "ByPassList": []

  },

This table lists and explains the entries in the Proxy settings.

Field

Description

Proxy Mode

Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes:

NoProxy: The Agent does not use a proxy even if you configure the server's proxy settings.

SystemProxy: The Agent uses the System Proxy that was defined on the server.

CustomProxy: The Agent uses Custom Proxy that you define in the appsettings.json file.

Use Default Credentials

Enter true if you authenticate to the proxy via the user that the Agent service is defined.

Username

Enter a username for authentication

Password

Enter a password for authentication

Domain

Enter a domain name

Address

Enter a proxy address. Only IP address or hostname without schema and port is allowed.

Port

Enter a port for the proxy

Bypass on Local

Enter a value that indicates whether to bypass the proxy server for local addresses.

Bypass List

Enter the address(es) that do not use the proxy server.

Warning

Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect.


Managing Authentication Verifier Agents

On the Manage Verifiers page, you can view all verifier agents' details and their current state. You can also delete and disable them and add new agents to the list.

Manage Authentication Verifier Agents fields

This table lists and explains the fields on the Authentication Verifier Agents page.

Field

Description

Name

This is the name of the authentication verifier agent.

Launch Verification Date

This is the date when the authentication verifier agent was first available.

Last Heartbeat

This is the last time the authentication verifier agent communicated with the web application.

Auto Update Enabled

This is whether the Agent is configured to update itself when there is a new release.

Agent Version

This is the version number of the authentication verifier agent.

VdB Version

This is the Vulnerability Database Version running on the Authentication Verifier Agent.

Operating System

This is the operating system on which the Authentication Verifier Agent is installed.

Managing authentication verifier agents

This page lists authentication verifier agents installed on your machine.

From this page, you can download the required files to install your verifier agents, delete your agents, and request agent logs.

How to access the Manage Authentication Verifier page
  1. Log in to Acunetix 360.
  2. From the main menu, select Agents > Manage Verifiers.

Accessing verifier agent logs

The Acunetix 360 Authentication Verifier Agent stores the application logs in the Logs folder in the installation path.

The last three days’ logs can be downloaded from the Manage Authentication Verifier page. These logs are especially useful for troubleshooting.

How to access authentication verifier agent logs
  1. From the main menu, select Agents > Manage Verifier.
  2. Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
  3. From the Request Verifier Logs dialog, select Yes. Wait.
  4. In the Save As window, choose a location and select Save.

Then, Acunetix 360 downloads the log to your preferred location.

Deleting authentication verifier agent using the UI

You can delete an authentication verifier agent using Acunetix 360's user interface.

How to delete an authentication verifier agent using the UI
  1. Log in to Acunetix 360.
  2. From the main menu, select Agents > Manage Verifiers.
  3. Next to the relevant agent, select Delete.
  4. From the Delete Agent dialog, select Yes, Delete to delete the verifier agent.

 

« Back to the Acunetix Support Page