Application Security Platform
Setup and Integration

Downloading the Invicti IAST Agent using the Invicti Platform API

This document is for:
Invicti Platform

This guide shows you how to download the Invicti IAST Agent using the Invicti Platform API. By following the steps outlined in this guide, you will learn how to acquire the Invicti IAST Agent file through interaction with the Platform API. Subsequently, the downloaded Invicti IAST Agent can be deployed and utilized for conducting thorough vulnerability scans.

Before downloading the Invicti IAST Agent, you need to:

How to download the Invicti IAST Agent

Follow these steps to first retrieve the Invicti IAST Agent token for a particular target and then download the Invicti IAST Agent:

  1. Replace [target_id] in the command below with the actual target_id obtained for your target.
  2. Replace [API-Key] with your valid Invicti Platform API key.

curl -i -k -X GET https://127.0.0.1:3443/api/v1/targets/[target_id]/configuration -H "Accept: application/json" -H "X-Auth: [API-Key]" 

After editing the command with the appropriate target_id and API key, execute it to obtain the Invicti IAST Agent token for the specified target.

  1. Locate the sensor_secret within the response and ensure that the sensor parameter displays the value of true for Invicti IAST to function correctly. Here's the relevant portion of the response:

"sensor": true,
"sensor_secret": "b320d4ab51111dde036cd9061ff99767",

In the above snippet, the sensor parameter is set to true, indicating that Invicti IAST is enabled, and the sensor_secret contains the unique secret key associated with Invicti IAST.

  1. To download the required Invicti IAST Agent using the sensor_secret obtained from the previous response, follow this example command:

curl -k -H "Accept: application/octet-stream" -JLO -X GET https://127.0.0.1:3443/api/v1/targets/sensors/net3/[sensor_secret]

In this case, we are using the parameter 'net3' to download the Invicti .NET IAST sensor. Replace [sensor_secret] with the actual sensor_secret value obtained from the previous response. This command will download the Invicti .NET IAST sensor file associated with the specified sensor_secret.

The Invicti IAST parameter_types are defined in our API documentation. The parameter types are:

  • php
  • java3
  • node
  • net3

To use any specific sensor you need, just substitute ‘net3’ with your desired sensor in the request.

  1. Using the provided command initiates the download of the Invicti IAST Agent to the current directory where the command is executed (in this case, the cmd location), and saves it with the appropriate filename.

For instance, if your cmd location is C:\, the Invicti IAST Agent will be downloaded to that file location. If you're specifically downloading the Invicti .NET IAST sensor, the downloaded file will be named dotnet-iastsensor.zip.

Share This Article