Skip to main content
This document is for:
Invicti Enterprise on-demand

Deploy Invicti Shark for PHP - Docker

Invicti Shark enables you to carry out interactive security testing (IAST) in your web application to confirm more vulnerabilities and further minimize false positives.

For Invicti Shark to operate, you need to download an agent and deploy it on your server. Note that this agent is generated uniquely for each target website for security reasons.

The most principled way of deploying Invicti Shark in a Docker scenario is to simply layer the Invicti Shark modifications onto your already existing container definition.

This simple example demonstrates how you can deploy Invicti Shark together with your web application. There are 4 steps to do this.

Step 1: create your target in Invicti Enterprise

For this example, assume that the URL for your target is http://sharkexample.com:60000.

  1. Go to Invicti Enterprise and create a new target with your URL.
  2. Select Scans > New Scan from the left-side menu and choose this URL for the scan.
  3. Enable Invicti Shark.
  4. Download the Shark agent file shark.php, and save this file for use later on.

Step 2: define the web application image

  1. This simple web application is defined through the following file structure:
/testphp-docker/
/testphp-docker/Dockerfile
/testphp-docker/websrc/
/testphp-docker/websrc/index.php
/testphp-docker/websrc/test.php
  1. Create your /testphp-docker/Dockerfile file to read as follows:
FROM php:7.3.28-apache

#setup the web pages
COPY --chown=www-data:www-data websrc/ /var/www/html
  1. Create your /testphp-docker/websrc/index.php file to read as follows:
<?php
    echo "<h1>Test PHP Site Example for Docker Deployment</h1>";
    echo "<br>";
    echo "Welcome to the main page.";
    echo "<br>";
    echo "<a href='test.php'>Go to the test page.</a>";
?>
  1. Create your /testphp-docker/websrc/test.php file to read as follows:
<?php
    echo "<h1>Test PHP Site Example for Docker Deployment</h1>";
    echo "<br>";
    echo "Welcome to the test page.";
    echo "<br>";
?>
  1. Build the image with:
cd /testphp-docker
docker build -t testphp-docker .

Step 3: define the Shark layer image

  1. The Shark layer is defined through the following file structure:
/testphp-docker-shark/
/testphp-docker-shark/Dockerfile
/testphp-docker-shark/shark.php

  1. Copy the shark.php file you created in the first step to your Docker host into the /testphp-docker-shark directory.

  2. Create your /testphp-docker-shark/Dockerfile file to read as follows:

FROM testphp-docker

# assumes the web application is in /var/www/html

# setup Invicti Shark
RUN mkdir /shark
WORKDIR /shark
COPY shark.php .

# add .htaccess file for Invicti Shark
RUN printf "\nphp_value auto_prepend_file /shark/shark.php\n" > /var/www/html/.htaccess \
  && chown www-data:www-data /var/www/html/.htaccess
  1. Build and run your image with:
cd /testphp-docker-shark
docker build -t testphp-docker-shark .
docker run -d -p 60000:80 --name mytestphp testphp-docker-shark

Step 4: test and scan your web application

  • Point your browser to your web application. In this example, http://sharkexample.com:6000 to confirm it's running as intended.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?