Skip to content

Network Scanning

Network scanning enables discovery of services running on non-standard ports and detection of assets deployed directly via IP addresses. Two scanning modes are supported: Port Scanning and IP Range (CIDR) Scanning.

Port Scanning

Port scanning probes TCP ports on discovered hosts to identify web services and APIs operating beyond standard HTTP/HTTPS ports.

Default Behavior

A predefined set of common ports is scanned by default:

  • Standard web ports (80, 443)
  • Alternative web ports (8080, 8443)
  • Common service ports (22, 3306, 5432, 6379, 27017)

Custom Configuration

Port scanning is configured via the port_scanning.ports parameter in Global Configuration:

port_scanning:
  ports:
    - 80
    - 443
    - 8080
    - 8443
    - 3000
    - 5000

When ports is omitted or empty, the default port set is used.

IP Range (CIDR) Scanning

CIDR scanning monitors IPv4 ranges to detect assets deployed directly via IP addresses, including services not associated with domain names.

Configuration

  1. Navigate to ASM → Scope Management → Configure Scope
  2. Select IPv4 Range and specify a CIDR range (e.g., 192.168.1.0/24)
  3. For private networks, enable Private Network and select a Private Location

Scanning Behavior

All IPs within the specified range are scanned. Assets are automatically created for each IP with at least one open port. Discovered assets are integrated into the ASM inventory and subjected to standard vulnerability scanning and security checks.

Configuration Parameters

Parameter Description Default
port_scanning.ports TCP ports to scan 80, 443, 22, 8080, 8443, 3306, 5432, 6379, 27017
network.requests_per_second Scan rate limit 1000

Limitations

  • Maximum supported range: /24 (256 IPs)
  • Larger networks must be split into multiple /24 blocks