Agents in Acunetix 360 On-Premises
To scan a website located on your internal network, you need to install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.
- You can install scan agents in Windows and Linux and use the dockerization version of the scan agent. These agents execute scans and inform the Acunetix 360 application.
- In addition to the scan agent, you can install an authentication verifier agent that will verify the form authentication on your website.
Installer files for agents are in the Zip file you were emailed. You can also download them from the Acunetix 360 user interface.
This document explains how to download scan and authentication verifier agents from the Acunetix 360 user interface and explains how to manage agents.
For more information about Agents, refer to Installing and Configuring Acunetix 360 On-Premises.
Downloading agents
On the Configure New Agent page, you can download the agents you want to install.
How to download agents from Acunetix 360 user interface
- Log in to Acunetix 360.
- From the main menu, go to Agents > Manage Agents > Configure New Agents.
- Select the agent you want to download. The download starts immediately.
Installing agents? See the following pages for further information:
- Windows
- Linux (Debian)
- Linux (Redhat)
- Docker
- Windows - Authentication Verifier
- Linux (Debian) - Authentication Verifier
- Linux (RedHat) - Authentication Verifier
Managing scanning agents
In the Manage Agents window, you can view the details and current state of all Agents. You can also disable them and add new Agents to the list.
Manage Agents Fields
This table lists and explains the fields in the Agents window.
Field | Description |
Name | This is the name of the agent. |
State | This is whether the agent is online and waiting for a scan assignment.
|
Launch Date | This is the date when the agent was first available. |
Last Heartbeat | This is the last time the agent communicated with the web application. |
Version | This is the version number of the scan agent. |
Is Up To Date | This is whether the Agent is up-to-date. |
VDB Version | This is the Vulnerability Database Version running on the Agent. |
Operating System | This is the operating system on which the Agent is installed. |
Installed Framework | This is the .NET environment on which the Agent is running. |
Operating System Architecture | This represents the operating system architecture on which the Agent is installed. |
Target URL | This is the target URL of the website, including the path. |
Process Architecture | This represents the process architecture on which the Agent is installed. |
IP Address | This is the IPv4 version of the Agent. |
How to Configure an Agent for a Website
- From the main menu, select Agents > Manage Agents.
- On the Agents page, select Configure New Agent.
- Copy the Agent Token to the appsetting.json file of the other Agent that you manually installed.
How to Disable an Agent
- From the main menu, select Agents > Manage Agents.
- On the Agents page, select the Agent you want to disable, and select Disable in their field. The Disable Agent dialog is displayed.
- Click Yes, Disable.
Setting Proxy in Scanner Agents
You can set a proxy for the scanning agent in Acunetix 360. You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor.
Acunetix 360 supports Basic Authentication but not Digest and NTLM.
"ProxySettings": {
"ProxyMode": "SystemProxy",
"UseDefaultCredentials": true,
"Username": "",
"Password": "",
"Domain": "",
"Address": "127.0.0.1",
"Port": "8888",
"ByPassOnLocal": false,
"ByPassList": []
},
This table lists and explains the entries in the Proxy settings.
Field | Description |
Proxy Mode | Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes: NoProxy: The Agent does not use a proxy even if you configure the server's proxy settings. SystemProxy: The Agent uses the System Proxy that was defined on the server. CustomProxy: The Agent uses Custom Proxy that you define in the appsettings.json file. |
Use Default Credentials | Enter true if you authenticate to the proxy via the user that the Agent service is defined. |
Username | Enter a username for authentication |
Password | Enter a password for authentication |
Domain | Enter a domain name |
Address | Enter a proxy address. Only IP address or hostname without schema and port is allowed. |
Port | Enter a port for the proxy |
Bypass on Local | Enter a value that indicates whether to bypass the proxy server for local addresses. |
Bypass List | Enter the address(es) that do not use the proxy server. |
Warning Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect. |
Managing Authentication Verifier Agents
On the Manage Verifiers page, you can view all verifier agents' details and their current state. You can also delete and disable them and add new agents to the list.
Manage Authentication Verifier Agents fields
This table lists and explains the fields on the Authentication Verifier Agents page.
Field | Description |
Name | This is the name of the authentication verifier agent. |
Launch Verification Date | This is the date when the authentication verifier agent was first available. |
Last Heartbeat | This is the last time the authentication verifier agent communicated with the web application. |
Auto Update Enabled | This is whether the Agent is configured to update itself when there is a new release. |
Agent Version | This is the version number of the authentication verifier agent. |
VdB Version | This is the Vulnerability Database Version running on the Authentication Verifier Agent. |
Operating System | This is the operating system on which the Authentication Verifier Agent is installed. |
Managing authentication verifier agents
This page lists authentication verifier agents installed on your machine.
From this page, you can download the required files to install your verifier agents, delete your agents, and request agent logs.
How to access the Manage Authentication Verifier page
- Log in to Acunetix 360.
- From the main menu, select Agents > Manage Verifiers.
Accessing verifier agent logs
The Acunetix 360 Authentication Verifier Agent stores the application logs in the Logs folder in the installation path.
The last three days’ logs can be downloaded from the Manage Authentication Verifier page. These logs are especially useful for troubleshooting.
How to access authentication verifier agent logs
- From the main menu, select Agents > Manage Verifier.
- Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
- From the Request Verifier Logs dialog, select Yes. Wait.
- In the Save As window, choose a location and select Save.
Then, Acunetix 360 downloads the log to your preferred location.
Deleting authentication verifier agent using the UI
You can delete an authentication verifier agent using Acunetix 360's user interface.
How to delete an authentication verifier agent using the UI
- Log in to Acunetix 360.
- From the main menu, select Agents > Manage Verifiers.
- Next to the relevant agent, select Delete.
- From the Delete Agent dialog, select Yes, Delete to delete the verifier agent.