Update to Scan Engine release v7.5

Version 7.5 of the scan engine is now available to AppSpider Pro and AppSpider enterprise users. Following update to the latest version of the scan engine, you will have access to the the following new and enhanced functionality:

  • In addition to the existing crawler, ChromeHost, you also will have the option of new crawling technology in R7Crawler
  • New REST service
  • Swagger/OpenAPI upgrade
  • Swagger UI vulnerability detection
  • Encryption enhancements
  • Change of default database to SQLite

For more details on this engine release, see the AppSpider Pro and AppSpider Enterprise release notes.

Complete the following steps to upgrade your scan engines to version 7.5 for AppSpider Pro or AppSpider Enterprise.

Update AppSpider Pro and AppSpider Enterprise to 7.5 engines

Update 7.5 engines for AppSpider Pro

  1. Run the AppSpider Pro uninstaller as Administrator. The uninstaller can be found at Program Files\Rapid7\AppSpider7\uninst_AppSpider_7.exe.
  2. Run the AppSpider Pro installer as Administrator.
  3. You require .NET Framework 4.8 with the 7.5 engines. If this is not found the installer will attempt to install this component automatically. Alternatively you can install this prior to the update by downloading the installer from Microsoft support. Reboot following the installation of .NET 4.8.

Install 7.5 engines for AppSpider Enterprise

Prerequisite ASE 3.8 support of 7.5 engines (SOAP Service)

To be able to import a scan config from AppSpider Pro and run against a different engine, as well as regenerate a report using a different engine from the one that ran the scan, the 7.5 engines used by AppSpider Enterprise require a common encryption token stored in a registry key. This is because the database will also encrypt values using the environment-based token.

You need to complete a fresh install and reboot when Installing 7.5 engines. If you have more than one engine, you need to follow the process below to get the encrypted token from one engine and apply it to another engine.

GET the token

  1. Make sure the engine you want to get the encrypted token key from already has one generated in the registry. You can generate it by starting a scan. This scan does not need to run to completion or succeed for the key to be generated.
  2. Save the AppSpiderToken.bat file into a new folder ‘C:\AppSpiderToken’.
  3. Double-click the batch file and when prompted, enter ‘Get’.
  4. A zip file called ‘AppSpiderToken’ will be generated with the .bat file and the text file that contains the encrypted value.

SET the token

  1. Save the AppSpiderToken.bat and the AppSpiderToken.zip file into a new folder C:\AppSpiderToken on the machine where you want to copy the encrypted token.
  2. Extract the zip file to folder C:\AppSpiderToken.
  3. Double-click the batch file and when prompted, enter Set. The new encrypted key is set in the registry.
  4. Repeat steps 1 to 3 for each machine you need to add the encryption token.

  • Customers who import a scan configuration from an on-premises engine will not be able to run the scan using a cloud engine and vice versa
  • Customers who run a scan using an on-premises engine will not be able to regenerate the report using a cloud engine and vice versa