Introduction to internal site scanning
This document provides an introduction to the Internal scan agents feature available in Invicti Platform.
Overview
Invicti Platfrom includes an Agents feature that enables you to scan web applications that are inaccessible from the internet. The internal scanning agent can be installed inside your network and managed through Invicti to scan your internal resources. Scan results of the internal resources are automatically uploaded to your Invicti portal so that they can be managed together with the results of your other scans.
Prerequisites
System requirements
- Windows running on at least a 2-core CPU 64-bit processor
- Dedicated memory: minimum of 2 GB RAM
- At least 50GB of HDD
Access requirements
- Administrator privileges for command execution
Whitelisting requirements
If you are running multiple concurrent scans with internal agents, your RAM and CPU need to be exponentially greater than the specified installation requirements.
Any additional concurrent scan requires +2 GB RAM and +1 core. |
Step 1: Install the internal scan agent
Internal scanning agents can be installed on Windows or via Docker Desktop. Customers using Linux should install the agent through Docker Desktop. For Agent installation instructions, refer to the following documentation:
- Installing internal agents on Windows
- Installing internal agents using Docker
- Installing internal agents with proxy settings
Step 2: Assign internal scan agent to targets
After installing an internal scan agent, you need to assign the agent to a target in order to start scanning an internal site. This can be achieved either from the Scans > Agents page (where you can view a list of your internal agents) or the Targets page.
You need to add your internal target to Invicti before you can assign an internal scan agent to the target. For information about adding targets, refer to Configuring Targets. |
From the Scans > Agents page:
- Select an internal agent from the list of internal agents.
- Select the Targets tab from the drawer that slides out.
- Click + Assign Target.
- Use the drop-down menu to select an internal target, then click Submit.
From the Inventory > Targets page:
- Select an internal target from the list of targets.
- Use the three dots to open the menu and select Edit target.
- In the Default Agent section, use the drop-down list to select an internal agent.
- If required, Enable proxy and enter your proxy server details.
- Configure the other target settings as necessary, then click Save target configuration.
The internal scan agent is now assigned to an internal target. The internal agent will be used the next time a scan is launched for that target.
When using internal agents with targets that contain login or business logic sequences, you need to use the Invicti standalone Login Sequence Recorder (rather than the LSR/BLR available in the Invicti UI). For more information, refer to the Standalone login sequence recorder overview. |