Application Security Platform
Agent management

Install internal agent on Windows

This document is for:
Invicti Platform

Invicti Platform allows you to use internal agents to scan targets within your internal environment that are not publicly accessible from the internet. This is also useful when you prefer not to whitelist Invicti cloud agents.

This document explains how to install the Invicti internal agent in a Windows environment. You can also install internal agents using Docker Desktop. For more information, refer to:

Limitations for internal agents

When the site is internal, and you prefer using internal agents for the scan, you cannot create a new Login Sequence Record (LSR) or Business Logic Record. However, you can import them. For further information about recording and downloading an LSR, refer to the Standalone login sequence recorder overview.

Prerequisites

System requirements

  • At least 2-core CPU 64bit processor
  • Dedicated memory: minimum of 2 GB RAM
  • At least 50GB of HDD

Access requirements

  • Administrator privileges for command execution
  • Invicti Platform Administrator role

Whitelisting requirements

If you are running multiple concurrent scans with internal agents, your RAM and CPU need to be exponentially greater than the specified installation requirements.

  • Running 2 concurrent scans requires 6 GB RAM + a 2-core CPU free
  • Running 3 concurrent scans requires 8 GB RAM + a 3-core CPU free
  • Running 4 concurrent scans requires 10 GB RAM + a 4-core CPU free

Any additional concurrent scan requires +2 GB RAM and +1 core.

Steps to install the internal agent

  1. Select Scans > Agents from the left-side menu.
  2. Click Agent Installation Instructions.

  1. Select Windows.

  1. Enter a name for your internal agent.

  1. Create a folder where you will save the internal agent.

  1. Click Download Windows Agent. When the invicti-agent.exe file is downloaded, move it to the folder created in Step 6 above.

  1. Copy the command from Step 5 in the Agent Installation Instructions.

  1. As a user without administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'

  1. Paste and execute the command copied in Step 7 above to register the internal agent with your Invicti account.

  1. Copy the command from Step 6 in the Agent Installation Instructions.

  1. As a user with administrative privileges, open Terminal and navigate to the folder where you saved the downloaded invicti-agent.exe file. Alternatively, right-click the folder with the file and select 'Open in Terminal.'

  1. Paste and run the command copied in Step 10 above. This installs the agent as a service so that it is ready to start executing scans.

  1. Your internal agent is now installed. You can view it in Invicti by going to the Scans > Agents page.

You can now assign targets to the installed internal agent and commence testing your website.

Troubleshooting

To troubleshoot any issues, check the logs located in the logs folder within the agent installation directory you created.

If you encounter an error when starting the agent, try adding Local Service permission inside the agent folder. To do this, right-click on your agent folder and select Properties > Security > Edit > Add. Then type Local Service in the text field and click OK > Apply. Once completed, navigate to Services to start the agent service.

For further assistance, contact our Support team.

Uninstall the service

If you need to uninstall the service, run the following command as a user with administrative privileges:

.\invicti-agent.exe service -u --log-level=info --log-file


Share This Article