Skip to content

Network Scanning

Network scanning discovers services running on non-standard ports and detects assets deployed directly via IP addresses. Two scanning modes are supported: Port Scanning and IP Range (CIDR) Scanning.

Port Scanning

Port scanning probes TCP ports on discovered hosts to identify web services, APIs, and other network services operating beyond standard HTTP/HTTPS ports.

Default Behavior

By default, Escape scans over 1,400 commonly observed TCP ports spanning web services, databases, remote access protocols, message brokers, industrial control systems, and more.

Custom Port List

You can narrow or extend the scanned ports via port_scanning.ports in Global Configuration. When this list is set, it replaces the default port set:

port_scanning:
  ports:
    - 80
    - 443
    - 8080
    - 8443
    - 3000
    - 5000

When ports is omitted or empty, the default port set is used.

Security Issue Detection

After open ports are identified, Escape performs active checks against the detected services. Two categories of issues are raised:

Insecure technologies: Services that transmit data in cleartext or use fundamentally unsafe protocols (for example, FTP). Escape flags these as insecure_technology_used findings and recommends secure alternatives.

Default credentials: Services reachable with vendor-default or well-known credentials. Escape attempts a curated set of common username/password pairs and raises a default_credentials_used finding when login succeeds.

IP Range (CIDR) Scanning

CIDR scanning monitors IPv4 ranges to detect assets deployed directly via IP addresses, including services not associated with domain names.

Configuration

  1. Navigate to ASM → Scope Management → Configure Scope
  2. Select IPv4 Range and specify a CIDR range (for example, 192.168.1.0/24)
  3. For private networks, enable Private Network and select a Private Location

Scanning Behavior

All IPs within the specified range are scanned. Assets are automatically created for each IP with at least one open port. Discovered assets are integrated into the ASM inventory and subjected to standard vulnerability scanning and security checks.

Configuration Parameters

Parameter Description Default
port_scanning.ports TCP ports to scan (replaces the default port set) ~1,400 commonly observed ports
network.requests_per_second Scan rate limit 100

Limitations

  • Maximum supported range: /24 (256 IPs)
  • Larger networks must be split into multiple /24 blocks