Agents in Invicti Enterprise On-Premises
To scan a website located on your internal network, you need to install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Invicti Enterprise.
- You can install scan agents in Windows and Linux and use the dockerization version of the scan agent. These agents execute scans and inform the Invicti Enterprise application.
- In addition to the scan agent, you can install an authentication verifier agent that will verify the form authentication on your website.
You can find agents’ installer files in the InvictiEnterprise.zip file you were emailed. OR, you can download them from the Invicti Enterprise user interface.
This topic explains how to download scan and authentication verifier agents from the Invicti Enterprise user interface and explains how to manage agents.
Downloading agents
On the Configure New Agent page, you can download the agents you want to install.
How to download agents from the Invicti Enterprise user interface
- Log in to Invicti Enterprise.
- From the main menu, go to Agents > Manage Agents > Configure New Agents.
- Select the agent you want to download. The download starts immediately.
Installing agents? See the following pages for further information:
- Windows
- Linux (Debian)
- Linux (Redhat)
- Docker
- Windows – Authentication Verifier
- Linux (Debian) – Authentication Verifier
- Linux (RedHat) – Authentication Verifier
Managing scanning agents
On the Manage Agents page, you can view all scanning agents’ details and their current state. You can also delete and disable them and add new agents to the list.
Manage Agents Fields
This table lists and explains the fields on the Manage Agents page.
| Field | Description |
| Name | This is the name of the agent. |
| State | This is whether the agent is online and waiting for a scan assignment.
|
| Launch Date | This is the date when the agent was first available. |
| Last Heartbeat | This is the last time the agent communicated with the web application. |
| Version | This is the version number of the scan agent. |
| Is Up To Date | This is whether the Agent is up-to-date. |
| VDB Version | This is the Vulnerability Database Version running on the Agent. |
| Operating System | This is the operating system on which the Agent is installed. |
| Installed Framework | This is the .NET environment on which the Agent is running. |
| Operating System Architecture | This represents the operating system architecture on which the Agent is installed. |
| Target URL | This is the target URL of the website, including the path. |
| Process Architecture | This represents the process architecture on which the Agent is installed. |
| IP Address | This is the IPv4 version of the Agent. |
How to delete a scanning agent
- Log in to Invicti Enterprise.
- From the main menu, select Agents > Manage Agents.
- Next to the relevant agent, select Delete.
- On the Delete Agent dialog box, select Yes, Delete.
Upon confirmation, Invicti deletes the agent.
How to disable a scanning agent
- From the main menu, select Agents > Manage Agents.
- Next to the relevant agent, select Disable.
- On the Disable Agent dialog box, select Yes, Disable.
How to view commands for a scanning agent
- From the main menu, select Agents > Manage Agents.
- On the Agents page, select the relevant agent.
- From the Commands drop-down, select View Agent Commands.
Setting proxy in agents
You can set a proxy for the scanning and authentication verifier agents in Invicti Enterprise.
You are required to enter proxy settings manually to the appsettings.json file with your preferred text editor. Invicti supports Basic Authentication but not Digest and NTLM.
This table lists and explains the entries in the Proxy settings.
| Field | Description |
| Proxy Mode | Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes:NoProxy: The Agent does not use a proxy even if you configure the server’s proxy settings.
SystemProxy: The Agent uses the System Proxy that was defined on the server. CustomProxy: The Agent uses Custom Proxy that you define in the appsettings.json file. |
| Use Default Credentials | Enter true if you authenticate to the proxy via the user that the Agent service is defined. |
| Username | Enter a username for authentication |
| Password | Enter a password for authentication |
| Domain | Enter a domain name |
| Address | Enter a proxy address. Only IP address or hostname without schema and port is allowed. |
| Port | Enter a port for the proxy |
| Bypass on Local | Enter a value that indicates whether to bypass the proxy server for local addresses. |
| Bypass List | Enter the address(es) that do not use the proxy server. |
Any changes in the appsetting.json file, such as setting proxy and changing API Token, require restarting the service so that the changes can take effect.
Accessing agent logs
The Invicti Enterprise Scanning Agent stores application logs in the Logs folder in the installation path.
With the latest version of the Agent, the last three days’ logs can be downloaded from the Manage Agents page. These logs are especially useful for troubleshooting.
How to request agent logs
- From the main menu, select Agents > Manage Agents.
- Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
- Once you confirm, the logs will be requested from the target agent and can be downloaded from the UI.
- Alternatively, when target logs are ready, you will receive a notification. Click the bell, then select the relevant notification.
- Select Download Logs. The download will start.
Managing Authentication Verifier Agents
On the Manage Verifiers page, you can view all verifier agents’ details and their current state. You can also delete and disable them and add new agents to the list.
Manage Authentication Verifier Agents fields
This table lists and explains the fields on the Authentication Verifier Agents page.
| Field | Description |
| Name | This is the name of the authentication verifier agent. |
| Launch Verification Date | This is the date when the authentication verifier agent was first available. |
| Last Heartbeat | This is the last time the authentication verifier agent communicated with the web application. |
| Auto Update Enabled | This is whether the Agent is configured to update itself when there is a new release. |
| Agent Version | This is the version number of the authentication verifier agent. |
| VdB Version | This is the Vulnerability Database Version running on the Authentication Verifier Agent. |
| Operating System | This is the operating system on which the Authentication Verifier Agent is installed. |
Managing authentication verifier agents
This page lists authentication verifier agents installed on your machine.
From this page, you can download the required files to install your verifier agents, delete your agents, and request agent logs.
How to access the Manage Authentication Verifier page
- Log in to Invicti Enterprise.
- From the main menu, select Agents > Manage Verifiers.
Accessing verifier agent logs
The Invicti Enterprise Authentication Verifier Agent stores the application logs in the Logs folder in the installation path.
The last three days’ logs can be downloaded from the Manage Authentication Verifier page. These logs are especially useful for troubleshooting.
How to access authentication verifier agent logs
- From the main menu, select Agents > Manage Verifier.
- Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.
- From the Request Verifier Logs dialog, select Yes. Wait.
- In the Save As window, choose a location and select Save.
Then, Invicti downloads the log to your preferred location.
Deleting the authentication verifier agent using the UI
You can delete an authentication verifier agent using Invicti Enterprise’s user interface.
How to delete an authentication verifier agent using the UI
- Log in to Invicti Enterprise.
- From the main menu, select Agents > Manage Verifiers.
- Next to the relevant agent, select Delete.
- From the Delete Agent dialog, select Yes, Delete to delete the verifier agent.