Application Security Platform
Introduction

Introduction to internal site scanning

This document is for:
Invicti Platform

This document provides an introduction to the Internal scan agents feature available in Invicti Platform.

Overview

Invicti Platfrom includes an Agents feature that enables you to scan web applications that are inaccessible from the internet. The internal scanning agent can be installed inside your network and managed through Invicti to scan your internal resources. Scan results of the internal resources are automatically uploaded to your Invicti portal so that they can be managed together with the results of your other scans.

Prerequisites

System requirements

  • Windows running on at least a 2-core CPU 64-bit processor
  • Dedicated memory: minimum of 2 GB RAM
  • At least 50GB of HDD

Access requirements

  • Administrator privileges for command execution

Whitelisting requirements

If you are running multiple concurrent scans with internal agents, your RAM and CPU need to be exponentially greater than the specified installation requirements.

  • Running 2 concurrent scans requires 6 GB RAM + 2-core CPU
  • Running 3 concurrent scans requires 8 GB RAM + 3-core CPU
  • Running 4 concurrent scans requires 10 GB RAM + 4-core CPU

Any additional concurrent scan requires +2 GB RAM and +1 core.

Step 1: Install the internal scan agent

Internal scanning agents can be installed on Windows or via Docker Desktop. Customers using Linux should install the agent through Docker Desktop. For Agent installation instructions, refer to the following documentation:

Step 2: Assign internal scan agent to targets

After installing an internal scan agent, you need to assign the agent to a target in order to start scanning an internal site. This can be achieved either from the Scans > Agents page (where you can view a list of your internal agents) or the Targets page.

You need to add your internal target to Invicti before you can assign an internal scan agent to the target. For information about adding targets, refer to Configuring Targets.

From the Scans > Agents page:

  1. Select an internal agent from the list of internal agents.
  2. Select the Targets tab from the drawer that slides out.
  3. Click + Assign Target.
  4. Use the drop-down menu to select an internal target, then click Submit.

From the Inventory > Targets page:

  1. Select an internal target from the list of targets.
  2. Use the three dots to open the menu and select Edit target.
  3. In the Default Agent section, use the drop-down list to select an internal agent.
  4. If required, Enable proxy and enter your proxy server details.
  5. Configure the other target settings as necessary, then click Save target configuration.

The internal scan agent is now assigned to an internal target. The internal agent will be used the next time a scan is launched for that target.

When using internal agents with targets that contain login or business logic sequences, you need to use the Invicti standalone Login Sequence Recorder (rather than the LSR/BLR available in the Invicti UI). For more information, refer to the Standalone login sequence recorder overview.


Share This Article