Installing Invicti Enterprise On-Premises in Silent Mode

NOTE: You will need administrator permissions to run the installation in silent mode.

IMPORTANT: Some antivirus or anti-malware software may prevent Invicti Enterprise On-Premises from working or cause it to run very slowly. To ensure you can use Invicti On-Premises effectively, we recommend adding Invicti files and folders to your antivirus (or other protection scanning software) exception list (also known as a 'whitelist' or 'allow-list').

For more information about the Invicti files and folders we recommend excluding from your antivirus software, refer to Excluding Invicti files from antivirus scans.

Server Requirement

• Change the Server Authentication method to SQL Server and Windows Authentication mode.

Database Requirement

• Create a new database.

Required Access

• A user must have a database owner role for the database created.

{

  "DatabaseSettings": {

    "Server": ".",

    "Catalog": "InvictiDatabase",

    "IntegratedSecurity": false,

    "UserId": "DbPass",

    "Password": "user-password",

    "MaxPoolSize": 500,

    "Encrypt": false

  },

 "EncryptionSettings": {

    "SecretKey": "",

  },

  "AccountSettings": {

    "Name": "Invicti Silent Mode User",

    "Email": "[email protected]",

    "Password": "p@$$w0rd_2020_Silent_Mode",

    "ConfirmPassword": "p@$$w0rd_2020_Silent_Mode",

    "TimezoneId": "America/New_York",

    "IsAgreementsAccepted": true

  },

  "GeneralSettings": {

    "General": {

      "ServerRootUrl": "http://localhost",

      "UpdateServerUrl": "https://www.netsparker.com/",

      "EnableServiceDiscovery": true,

      "RadarRootUrl": "https://services.netsparker.cloud/",

      "ScanDataPath": "~/App_Data/ScanData/",

      "ScreenshotsPath": "~/Content/images/screenshots/",

      "MaxUploadedFileSize": 10,

      "SalesContactMail": "[email protected]",

      "SupportContactMail": "[email protected]",

      "BlueGreenDeploymentEnabled": false,

      "IsAgentSelectionEnabled": true,

 "AgentInactivityTimeoutInMinutes": 60,

"HawkUrlEnabled": false, // if false, the default Hawk URL will be in use. Change false to enabled to add your own Hawk URL

        "HawkUrl": "https://r87.me OR enter your custom Hawk URL",

        "HawkUrlUpdateAll": true //If true, both default and custom scan policies are updated with your custom Hawk URL. If false, only the default scan policies are updated with your custom Hawk URL.

    },

    "Security": {

      "AllowedHostControlEnabled": false,

      "LocalhostScanEnabled": false,

      "IpAddresses": [

        {

          "Group": "Infrastructure",

          "Name": "Company Production",

          "Pattern": "^55.86.178.211$"

        },

        {

          "Group": "Proxy",

          "Name": "Local IIS (IPv4)",

          "Pattern": "^127.0.0.1$"

        },

        {

          "Group": "Proxy",

          "Name": "Local IIS (IPv6)",

          "Pattern": "^::1$"

        }

      ]

    }

  },

  "CloudSettings": {

    "Enabled": false,

    "ProviderType": "AWS",

    "WebsiteAccessKey": "Your Access Key",

    "WebsiteSecretKey": "Your Website Key",

    "AgentAccessKey": "Agent Access Key",

    "AgentSecretKey": "Agent Secret Key",

    "DeploymentBucketName": "Sample.Bucket.Deployment.Name/Sample.Name",

    "RegionEndpointName": "eu-west-128",

    "ScanDataBucketName": "Sample.Bucket.ScanData.Name",

    "ScreenshotBucketName": "Sample.Bucket.Screenshot.Name",

    "AgentBucketName": "Sample.Bucket.Agent.Name",

    "CustomizationsBucketName": "Sample.Bucket.Customization.Name",

    "Ec2AgentImageId": "ami-1a2b3c4d5e6f7g8h",

    "Ec2LinuxAgentImageId": "ami-1a2b3c4d5e6f7g8h",

    "Ec2AgentInstanceAssignedName": "Agent Service",

    "Ec2AgentInstanceSecurityGroup": "sg-sample123",

    "Ec2AgentInstanceType": "m5.xlarge",

    "Ec2AgentSubnetId": "subnet-123456",

    "Ec2KeyPairName": "SampleKeyPair"

  },

  "ScannerAgentSettings": {

    "SkipInstallation": true,

    "AccessToken": "Your Access Token"

  },

  "AuthenticationVerifierSettings": {

    "InstallAuthVerifier": false,

    "AccessToken": "Your Access Token",

    "AVServiceUrl": "http://localhost:5000/authverificationhub"

 },

  "EmailSettings": {

    "Enabled": false,

    "Host": "Host Information",

    "Port": 587,

    "UserName": "Your Username",

    "Password": "Your Password",

    "EnableEncryption": false,

    "AdminNotificationSender": "[email protected]",

    "AdminNotificationRecipients": "[email protected]",

    "ErrorNotificationRecipients": "[email protected]",

    "SupportNotificationRecipients": "[email protected]"

  },

  "SmsSettings": {

    "SmsEnabled": false,

    "AccountId": "Your Account ID",

    "AuthToken": "Your Auth Token",

    "PhoneNumber": "",

    "TestPhoneNumber": ""

  }

}

IMPORTANT: Ensure that you have entered the correct information into the JSON file so that the installation proceeds as expected.

Your password must be between 15-256 characters and must contain lowercase/uppercase letters, digits, and special characters.

TIP: To install the Invicti Enterprise Web Application Server to a different location, for example D:, use the following: WebAppSetup.exe /Q APPDIR="D:\Invicti Enterprise Web Application" /L*V "install-log.log"

IMPORTANT: This installation creates a secret_key.json file in the App_Data folder. After the installation, copy and store your secret key, then delete the secret_key.json file for your security.

NOTE: These instructions assume that ou installed the Invicti Enterprise Web Application to the default folder. If you did not install to the default folder, please change the relevant step in the PowerShell script accordingly.

# Go to the installation file path and run WebAppsetup.exe

$process = Start-Process -FilePath ./WebAppSetup.exe -ArgumentList "/exenoui /qn" -PassThru

for($i = 0; $i -le 100; $i = ($i + 1) % 100)

{

    Write-Progress -Activity "Invicti Enterprise Installer" -PercentComplete $i -Status "Installing"

    Start-Sleep -Milliseconds 100

    if ($process.HasExited) {

        Write-Progress -Activity "Installer" -Completed

        break

    }

}

Write-Host "Installing finished."

# Go to the license file source path and copy the file destination path

Write-Host "License file copy started."

Copy-Item "license.nsc" "C:\Program Files (x86)\Invicti Enterprise Web Application\App_Data"

Write-Host "License file copy finished."

# Go to the silent mode settings file source path and copy the file destination path

Write-Host "Silent mode settings file copy started."

Copy-Item "silent_mode_settings.json" "C:\Program Files (x86)\Invicti Enterprise Web Application\App_Data"

Write-Host "Silent mode settings file copy finished."

# Site restart on IIS

Stop-WebSite 'NetsparkerCloud'

Start-WebSite 'NetsparkerCloud'

IMPORTANT: This installation creates a secret_key.json file in the App_Data folder. After the installation, copy and store your secret key, then delete the secret_key.json file for your security.

Parameter

Description

/exenoui /qn

This parameter performs the silent installation without the user interface.

APPDIR

This parameter shows the location of the Agent.

APP_URL_PROP

This parameter shows the URL of the Web Application Server.

API_TOKEN_PROP

This parameter displays the API Token.

AGENT_NAME_PROP

This parameter displays the name of the Agent.

NOTE: To update, you do not need to create a new database or a new user. Before updating, make sure you enter the Secret Key, if any, into the JSON file.