Internal vs External Scans
An internal vulnerability scan is conducted from inside a LAN or other private network. The scanner sends requests over the private network to discover and test all of the devices on the network, even if they are not addressable via the public internet.
An external vulnerability scan is conducted from outside the network over the public internet. The scanner has the same view as an outside attacker.
Both external and internal scans are important components of cybersecurity programs and required by many certification standards.
Internal targets do not count against your target scanning limit. You can add and manually scan unlimited internal targets.
Running an Internal Vulnerability Scans with HostedScan
This guide covers internal scanning. Learn more about external vulnerability scanning.
Overview
HostedScan is compatible with the top open-source scanning tools in the world. To run vulnerability scans on an internal network, you will install trusted scanners that are widely used across the industry by millions of cybersecurity professionals and send the scan results to the HostedScan platform.
This secure solution does not require adding any permissions to your network. We believe it is of the utmost importance to conduct vulnerability scans without opening new potential security holes such as VPNs or other tunnels into the network.
How to run an internal vulnerability scan
- 01
Create a HostedScan API key
Navigate to https://hostedscan.com/settings/api and generate an API key.
- 02
Create a new Source in your HostedScan account for the network
HostedScan uses Sources to group related targets and vulnerability scan results. This keeps the scan results from one network separate from the results for other networks.
BashWindows Powershellcurl -H "Content-Type: application/json" -H "X-HOSTEDSCAN-API-KEY: <API KEY>" --request POST --data '{"source_type":"IMPORTED", "name":"My Network"}' https://api.hostedscan.com/v1/sources
Note the id in the response. It will be used in the next step to connect your scanner to this Source
{"data":{"id":"64c94d38714823ae20c1a9bc","source_type":"IMPORTED","name":"My Network"}}
You will also see the new Source in your account at https://hostedscan/targets
- 03
Run your first scan - Nmap port scan
Nmap is the most widely used port scanner in the world. Learn more about Nmap.
Nmap is available to install through most Linux package managers, homebrew for mac, and through an installer for Windows.
Once Nmap is installed, use the command below to run a port scan of the private ip addresses 10.0.0.0 - 10.0.0.15
BashWindows Powershellnmap -v -oX scan.xml 10.0.0.0/28
Here is an example of the Nmap command output.
Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-01 11:54 PDT Initiating Ping Scan at 11:54 Scanning 16 hosts [2 ports/host] Completed Ping Scan at 11:54, 1.53s elapsed (16 total hosts) Initiating Parallel DNS resolution of 1 host. at 11:54 Completed Parallel DNS resolution of 1 host. at 11:54, 0.03s elapsed Nmap scan report for 10.0.0.0 [host down] Nmap scan report for 10.0.0.2 [host down] Nmap scan report for 10.0.0.3 [host down] Nmap scan report for 10.0.0.4 [host down] Nmap scan report for 10.0.0.5 [host down] Nmap scan report for 10.0.0.6 [host down] Nmap scan report for 10.0.0.7 [host down] Nmap scan report for 10.0.0.8 [host down] Nmap scan report for 10.0.0.9 [host down] Nmap scan report for 10.0.0.10 [host down] Nmap scan report for 10.0.0.11 [host down] Nmap scan report for 10.0.0.12 [host down] Nmap scan report for 10.0.0.13 [host down] Nmap scan report for 10.0.0.14 [host down] Nmap scan report for 10.0.0.15 [host down] Initiating Connect Scan at 11:54 Scanning 10.0.0.1 [1000 ports] Discovered open port 443/tcp on 10.0.0.1 Discovered open port 80/tcp on 10.0.0.1 Discovered open port 53/tcp on 10.0.0.1 Discovered open port 49153/tcp on 10.0.0.1 Completed Connect Scan at 11:54, 4.38s elapsed (1000 total ports) Nmap scan report for 10.0.0.1 Host is up (0.010s latency). Not shown: 992 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp filtered ssh 23/tcp filtered telnet 53/tcp open domain 80/tcp open http 443/tcp open https 8080/tcp filtered http-proxy 8181/tcp filtered intermapper 49153/tcp open unknown Read data files from: /opt/homebrew/bin/../share/nmap Nmap done: 16 IP addresses (1 host up) scanned in 5.96 seconds
Finally, use this command to upload the result to HostedScan using your API key and the source ID you created earlier:
BashWindows Powershellcurl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=NMAP -F source_id=<SOURCE ID> -F file=@scan.xml https://api.hostedscan.com/v1/results
The data from the scan is populated into your HostedScan account
- 04
Run the OpenVAS network vulnerability scan
OpenVAS is a network vulnerability scanner that tests for tens of thousands of security vulnerabilities. It is run through the Greenbone Community Edition (GCE), an open-source project. The easiest way to get started running the Greenbone Community Edition is to install via Docker using the quick start script.
Use the GCE user interface, running at http://localhost:9392, to start the first scan. For detailed scan instructions see the documentation.
Once the scan has finished, save the XML report.
Then upload the saved XML report to HostedScan.
BashWindows Powershellcurl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=OPENVAS -F source_id=<SOURCE ID> -F file=@openvas-scan.xml https://api.hostedscan.com/v1/results
The data from the scan is populated into your HostedScan account.
- 04
Run the ZAP web application scan
ZAP is a popular web application scanner. It is open-source and has desktop application as well as APIs and docker images for automated scanning.
To import your ZAP results into HostedScan, use the Traditional JSON report template. Learn more about ZAP report generation here.
Then upload the saved JSON report to HostedScan.
BashWindows Powershellcurl -H "X-HOSTEDSCAN-API-KEY: <API KEY>" -F scan_type=OWASP_ZAP -F source_id=<SOURCE ID> -F target="https://example.com" -F file=@zap-scan.json https://api.hostedscan.com/v1/results
The data from the scan is populated into your HostedScan account.