Whitelisting requirements for Invicti Enterprise On-Demand – CA: https://ca.netsparker.cloud
To ensure the proper functioning of cloud agents and integrations, configure inbound and outbound traffic rules to allow access to the URLs in this document. Correctly configuring network access is a prerequisite for successful and accurate scans of your targets.
These are the whitelisting configuration steps to consider:
- Your browser outbound connections
- Invicti Enterprise Online Scanning Agent outbound connections
- Invicti Enterprise Online Auth Verifier Agent outbound connections
- Shark outbound connections
Outbound connections
Your browser outbound connections
Accessing Invicti Enterprise On-Demand may be restricted by an outbound firewall or web proxy, especially within a corporate LAN or behind a corporate VPN. To resolve this, ensure that your firewall, proxy, or VPN permits outbound connections to:
Scope | Destination |
Browser access to Invicti Enterprise Online | https://ca.netsparker.cloud |
Invicti Enterprise Online Scanning Agent outbound connections
If you have deployed a Scanning Agent, verify that your network infrastructure permits it to establish outbound connections to:
Scope | Destination |
API Calls to Invicti Enterprise Online | https://ca.netsparker.cloud |
API Calls to the Hawk service for out-of-band vulnerability checking | https://r87.me |
VDB Database Download | https://www.invicti.com |
API Calls to the IAST Bridge | https://iast.invicti.com |
Scanning requests to your Target | IP Address / URL for your Target, including destination port |
Invicti Enterprise Online Auth Verifier Agent outbound connections
Ensure that your network infrastructure permits any deployed Auth Verifier agent to establish outbound connections to:
Scope | Destination |
Auth Verifier Registration | https://ca-avservice.netsparker.cloud |
Scanning requests to your Target | IP Address / URL for your Target, including destination port |
ZeroDiscovery requests to your Targets | IP Address / URL for your Targets (default port list is 80, 81, 443, 3000, 5000, 7000, 8000, 8008, 8080, 8081, 8083, 8088, 8090, 8181, 8443, 8888) |
Shark outbound connections
To ensure proper functionality of a Shark agent deployed in your target web application, confirm that your network infrastructure permits it to establish outbound connections to:
Scope | Destination |
API Calls to the IAST Bridge | https://iast.invicti.com |
Inbound connections
Your target accepting inbound connections
Ensure that your target's network infrastructure allows incoming connections from:
Scope | Source |
Incoming scanning and verification requests | 35.182.99.171 |
Incoming scanning requests | IP Address / URL of your Internal Scanning Agent(s) |
Incoming verification requests; Incoming API Discovery requests | IP Address / URL of your Internal Auth Verifier Agent(s) |
Your integration server accepting inbound connections
Ensure that your integrations server's network infrastructure allows incoming connections from:
Scope | Source |
Integration API calls | 15.223.111.146 |