Internal Vulnerability Scanning

Learn how to run internal vulnerability scans with HostedScan

Beta FeatureContact us for free access during the beta period.

Internal vs External Scans

An internal vulnerability scan is conducted from inside a LAN or other private network. The scanner sends requests over the private network to discover and test all of the devices on the network, even if they are not addressable via the public internet.

An external vulnerability scan is conducted from outside the network over the public internet. The scanner has the same view as an outside attacker.

Both external and internal scans are important components of cybersecurity programs and required by many certification standards.

Internal targets do not count against your target scanning limit. You can add and manually scan unlimited internal targets.

Running Internal Vulnerability Scans with HostedScan

This guide covers internal scanning. Learn more about external vulnerability scanning.

Overview

HostedScan is compatible with the top open-source scanning tools in the world. To run vulnerability scans on an internal network, you will install trusted scanners that are widely used across the industry by millions of cybersecurity professionals and send the scan results to the HostedScan platform.

This secure solution does not require adding any permissions to your network. We believe it is of the utmost importance to conduct vulnerability scans without opening new potential security holes such as VPNs or other tunnels into the network.

Steps

  1. 01

    Create a HostedScan API key

    Navigate to https://hostedscan.com/settings/api and generate an API key.

    Step 1. Create a HostedScan API key
  2. 02

    Create a new Source in your HostedScan account for the network

    HostedScan uses Sources to group related targets and vulnerability scan results. This keeps the scan results from one network separate from the results for other networks.

    Bash
    Windows Powershell
    curl -H "Content-Type: application/json" -H "X-HOSTEDSCAN-API-KEY: <API KEY>" --request POST --data '{"source_type":"IMPORTED", "name":"My Network"}' https://api.hostedscan.com/v1/sources}

    Note the id in the response. It will be used in the next step to connect your scanner to this Source

    {"data":{"id":"64c94d38714823ae20c1a9bc","source_type":"IMPORTED","name":"My Network"}}

    You will also see the new Source in your account at https://hostedscan/targets

    Step 2. Create a new Source in your HostedScan account for the network
  3. 03

    Run your first scan - Nmap port scan

    Nmap is the most widely used port scanner in the world. Learn more about Nmap.

    Nmap is available to install through most Linux package managers, homebrew for mac, and through an installer for Windows.

    Once Nmap is installed, use the command below to run a port scan of the private ip addresses 10.0.0.0 - 10.0.0.15

    Bash
    Windows Powershell
    nmap -v -oX scan.xml 10.0.0.0/28

    Here is an example of the Nmap command output.

    Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-01 11:54 PDT
    Initiating Ping Scan at 11:54
    Scanning 16 hosts [2 ports/host]
    Completed Ping Scan at 11:54, 1.53s elapsed (16 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 11:54
    Completed Parallel DNS resolution of 1 host. at 11:54, 0.03s elapsed
    Nmap scan report for 10.0.0.0 [host down]
    Nmap scan report for 10.0.0.2 [host down]
    Nmap scan report for 10.0.0.3 [host down]
    Nmap scan report for 10.0.0.4 [host down]
    Nmap scan report for 10.0.0.5 [host down]
    Nmap scan report for 10.0.0.6 [host down]
    Nmap scan report for 10.0.0.7 [host down]
    Nmap scan report for 10.0.0.8 [host down]
    Nmap scan report for 10.0.0.9 [host down]
    Nmap scan report for 10.0.0.10 [host down]
    Nmap scan report for 10.0.0.11 [host down]
    Nmap scan report for 10.0.0.12 [host down]
    Nmap scan report for 10.0.0.13 [host down]
    Nmap scan report for 10.0.0.14 [host down]
    Nmap scan report for 10.0.0.15 [host down]
    Initiating Connect Scan at 11:54
    Scanning 10.0.0.1 [1000 ports]
    Discovered open port 443/tcp on 10.0.0.1
    Discovered open port 80/tcp on 10.0.0.1
    Discovered open port 53/tcp on 10.0.0.1
    Discovered open port 49153/tcp on 10.0.0.1
    Completed Connect Scan at 11:54, 4.38s elapsed (1000 total ports)
    Nmap scan report for 10.0.0.1
    Host is up (0.010s latency).
    Not shown: 992 closed tcp ports (conn-refused)
    PORT      STATE    SERVICE
    22/tcp    filtered ssh
    23/tcp    filtered telnet
    53/tcp    open     domain
    80/tcp    open     http
    443/tcp   open     https
    8080/tcp  filtered http-proxy
    8181/tcp  filtered intermapper
    49153/tcp open     unknown
    
    Read data files from: /opt/homebrew/bin/../share/nmap
    Nmap done: 16 IP addresses (1 host up) scanned in 5.96 seconds

    Finally, use this command to upload the result to HostedScan using your API key and the source ID you created earlier:

    Bash
    Windows Powershell
    curl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=NMAP -F source_id=<SOURCE ID> -F file=@scan.xml https://api.hostedscan.com/v1/results

    The data from the scan is populated into your HostedScan account

    Step 3. Scan is populated in your accountStep 3. Risks are populated in your account
  4. 04

    Run the OpenVAS network vulnerability scan

    OpenVAS is a network vulnerability scanner that tests for tens of thousands of security vulnerabilities. It is run through the Greenbone Community Edition (GCE), an open-source project. The easiest way to get started running the Greenbone Community Edition is to install via Docker using the quick start script.

    Use the GCE user interface, running at http://localhost:9392, to start the first scan. For detailed scan instructions see the documentation.

    Step 3. Greenbone Community Edition new task wizard

    Once the scan has finished, save the XML report.

    Then upload the saved XML report to HostedScan.

    Bash
    Windows Powershell
    curl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=OPENVAS -F source_id=<SOURCE ID> -F file=@openvas-scan.xml https://api.hostedscan.com/v1/results

    The data from the scan is populated into your HostedScan account.

    Step 4. Scan is populated in your account
  5. 04

    Run the ZAP web application scan

    ZAP is a popular web application scanner. It is open-source and has desktop application as well as APIs and docker images for automated scanning.

    To import your ZAP results into HostedScan, use the Traditional JSON report template. Learn more about ZAP report generation here.

    ZAP report generation UI

    Then upload the saved JSON report to HostedScan.

    Bash
    Windows Powershell
    curl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=OWASP_ZAP -F source_id=<SOURCE ID> -F target="https://example.com" -F file=@zap-scan.json https://api.hostedscan.com/v1/results

    The data from the scan is populated into your HostedScan account.

Sign up to get started

HostedScan is 100% read-only, and will never make any modifications to your servers.

Trusted by these companies and 1000s more