Managing Authentication Verifier Agents

You can download and install authentication verifier agents to verify that you run authenticated scans in your local environment.

• To scan a website located on your internal network, and not accessible from the internet, you need to install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Invicti Enterprise.
• You can download and install an internal verifier agent to perform the authentication, so you can make sure that your scan is authenticated.

For further information about the internal authentication verifier, see Streamline authenticated scanning with Invicti’s verifier agents.

This topic explains how to manage authentication verifier agents in Invicti Enterprise. Downloading authentication verifier agent? See Installing Authentication Verifier Agents.

Manage Authentication Verifier Agents fields

This table lists and explains the fields on the Authentication Verifier Agents page.

Starting with the 7 December 2022 dated release, internal agents are bundled with the required .NET framework. So, you don’t need to install .NET into your environment. Also, the installed framework version and your .NET version can be different.

Managing authentication verifier agents

This page lists authentication verifier agents installed on your machine. From this page, you can download the required files to install your verifier agents, delete your agents, and request agent logs.

How to access the Manage Authentication Verifier page

1. Log in to Invicti Enterprise.
2. From the main menu, select Agents > Manage Verifiers.

Accessing verifier agent logs

The Invicti Enterprise Authentication Verifier Agent stores the application logs in the Logs folder in the installation path.

The last three days’ logs can be downloaded from the Manage Authentication Verifier page. These logs are especially useful for troubleshooting.

How to access authentication verifier agent logs

1. From the main menu, select Agents > Manage Verifier.
2. Next to the relevant Agent, select the Command drop-down, then Request Agent Logs.

3. From the Request Verifier Logs dialog, select Yes. Wait.
4. In the Save As window, choose a location and select Save.

Then, Invicti downloads the log to your preferred location.

Deleting authentication verifier agent using the UI

You can delete an authentication verifier agent using Invicti Enterprise’s user interface.

How to delete an authentication verifier agent using the UI

1. Log in to Invicti Enterprise.
2. From the main menu, select Agents > Manage Verifiers.
3. Next to the relevant agent, select Delete.
4. From the Delete Agent dialog, select Yes, Delete to delete the verifier agent.

This action only deletes the agent from the user interface and stops the service in your machine.

Verifying form authentication with a verifier agent

After the installation, you can use your agent to authenticate forms.

How to verify form authentication with a verifier agent

1. Log in to Invicti Enterprise.
2. From the main menu, select Scans > New Scan.
3. In the Target URL field, enter the URL.
4. From the Scan Options section, select Form Authentication.
5. Select the Form Authentication checkbox.

6. In the Login Form URL field, enter the URL of the login form whose credentials you want to configure.
7. In the Personas section, select New Persona. Then, enter a username and password.
8. Select Verify Login & Logout so the verifier agent can test the login.

If there is more than one authentication verifier agent installed in your machine, Invicti shows a drop-down to select the verifier agent you want to use.

Scanning your website with an internal scan agent? See Defining and Scanning an Internal Website in Invicti Enterprise.