Deployment: Invicti Platform on-demand
Introduction to internal site scanning
This document provides an introduction to the Internal scan agents feature available in Invicti Platform on-demand.
Overview
Invicti Platform includes an Agents feature that enables you to scan web applications that are inaccessible from the internet. You can install the internal scanning agent inside your network and manage it through Invicti to scan your internal resources. Scan results of the internal resources are automatically uploaded to your Invicti portal so that you can manage them together with the results of your other scans.
Prerequisites
System requirements
To run scans successfully, the agent requires sufficient system resources. The agent will only initiate a new scan if the following minimum resources are available:
- CPU: 2 free core CPU 64-bit processor
- Memory (RAM): 6 GB available
- Disk Space: 50 GB of free disk space
Access requirements
- Administrator privileges for command execution
- Invicti Platform Administrator role
Trustlisting requirements
Resource allocation behavior
When the agent starts, it checks the available system resources and allocates scan slots accordingly. Each scan slot requires:
- 6 GB of available RAM
- 2 CPU cores
- 50 GB of free disk space
The agent will determine how many scans can run in parallel based on these requirements.
If a machine has 15 GB RAM, 5 CPU cores, and 500 GB free disk space, the agent will allocate 2 scan slots. This means up to 2 scans can run simultaneously, while any additional scans will remain queued until a slot becomes available.
The agent dynamically manages resources before and during scan execution. If system resources drop below the required threshold, new scans will not begin until sufficient resources are available.
Step 1: Install the internal scan agent
Internal scanning agents can be installed on Windows or via Docker Desktop. Customers using Linux should install the agent through Docker Desktop. For Agent installation instructions, refer to the following documentation:
- Installing internal agents on Windows
- Installing internal agents using Docker
- Installing internal agents with proxy settings
Step 2: Assign internal scan agent to targets
After installing an internal scan agent, you need to assign the agent to a target in order to start scanning an internal site. This can be achieved either from the Scans > Agents page (where you can view a list of your internal agents) or the Targets page.
You need to add your internal target to Invicti before you can assign an internal scan agent to the target. For information about adding targets, refer to Configuring Targets.
From the Scans > Agents page:
- Choose an internal agent from the list of internal agents.
- Click the Targets tab from the drawer that slides out.
- Click + Assign Target.
- Use the drop-down menu to choose an internal target, then click Submit.
From the Inventory > Targets page:
- Select an internal target from the list of targets.
- Use the three-dot menu (⋮) to open the menu and select Edit target.
- In the Default Agent section, use the drop-down list to choose an internal agent.
- If required, Enable proxy and enter your proxy server details.
- Configure the other target settings as necessary, then click Save target configuration.
The internal scan agent is now assigned to an internal target. The internal agent is used the next time you launch a scan for that target.
When using internal agents with targets that contain login or business logic sequences, you need to use the Invicti standalone Login Sequence Recorder (rather than the LSR/BLR available in the Invicti UI). For more information, refer to the Standalone login sequence recorder overview.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center