Deploying Invicti Shark agent for .NET Core
Invicti Shark enables you to carry out interactive security testing (IAST) in your web application in order to confirm more vulnerabilities and further minimize false positives.
For Invicti Shark to operate, you need to download an agent and deploy it on your server. Please note that this agent is generated uniquely for each target website for security reasons.
This topic explains how to download and copy the Shark files to your hard disk and install the Shark to your web application.
There are 4 steps to deploy the Shark agent for .NET Core.
1. Downloading the Shark agent
- You can find the required instructions to download the Shark agent in Deploying Invicti Shark.
Invicti Shark supports .NET versions from 3.1 to 5.0.
2. Prepare the .NET Core Shark
- Create a folder to host the Invicti Shark files. (For this example, we will assume the folder is C:\shark)
- Right-click on the downloaded Shark ZIP file.
- Select Extract All…
- Choose a destination folder and select Extract.
- Navigate to the destination folder and enter the .NET Core subfolder.
- Select all the items inside the subfolder, right-click on them, and select Copy.

- Navigate to the C:\Shark folder, right-click in the window, and select Paste.
3. Deploying into a Kestrel .NET Core website
- Navigate to your web application root folder.
- Create a new sitelauncher.bat file inside your web application root folder with the following contents:
SET CORECLR_ENABLE_PROFILING=1
SET CORECLR_PROFILER={7EF83539-BAB0-44D1-8E8C-48E6EC9938FA}
SET CORECLR_PROFILER_PATH=C:/shark/SensorProfiler.dll
SET SENSOR_SETTINGS_PATH=C:/shark/settings.ini
axexample-dotnetcore.exe --urls http://0.0.0.0:80
The said content assumes that the executable file for your web application is axexample-dotnetcore.exe.
- From the command line, navigate to your web application root folder and launch your web application.
4. Deploying into an IIS .NET Core website
- Navigate to your web application root folder.
- Edit your web.config file to add environment variables for using Shark:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModuleV2" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="dotnet" arguments=".\axexample-dotnetcore.dll" stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" hostingModel="inprocess">
<environmentVariables>
<environmentVariable name="CORECLR_PROFILER_PATH" value="C:/shark/SensorProfiler.dll" />
<environmentVariable name="CORECLR_ENABLE_PROFILING" value="1" />
<environmentVariable name="CORECLR_PROFILER" value="{7EF83539-BAB0-44D1-8E8C-48E6EC9938FA}" />
<environmentVariable name="SENSOR_INCLUDE_EXE" value="iisexpress.exe;w3wp.exe" />
<environmentVariable name="SENSOR_SETTINGS_PATH" value="C:/shark/settings.ini" />
</environmentVariables>
</aspNetCore>
</system.webServer>
</location>
</configuration>
<!--ProjectGuid: 16505b2e-7499-4c97-a9ff-d18e39913ad5-->
- Restart your web application from the IIS Manager.
