Scheduled Nmap Port Scanner
Port scans can be scheduled to run on a recurring basis daily or weekly depending on your requirements.
Get alerted to changes in Internet facing systems and networks
- Monitor changes to firewalls and network perimeters
- Receive email alerts with detected port changes
- Tactical reports to correlate with Firewall Change Control
- Discover new services. Backdoor, or simply #YOLO devops?
- Access to 27 Vulnerability Scanners and OSINT Tools
- Trusted Open Source Tools
Selecting Your Targets
Using this automated Port Scan you are able to scan a single IP address
192.123.x.x, a hostname
scanme.nmap.org or a range of IP addresses
192.168.0.0/24. It is also possible to schedule a list of targets in one hit using the bulk add option as noted below.
If you wish to target a range of IP addresses you may use the format
192.168.1.1-50 or in CIDR
192.168.1.0/24. This can be up to a full /24 net block. 254 IP addresses are the maximum amount that can be scanned on one scan profile.
Warning: Please ensure any subnets do not overlap onto targets you do not have permission to scan.
Adding targets in bulk
Multiple targets can be added by submitting a list of targets. All targets from list will have scan properties as selected in the form. It is not possible to add both IPv4 and IPv6 targets as a list (create two lists). Note that adding multiple targets with different labels is possible by having the list contain comma separated values.
Example csv for adding a list of targets 192.168.1.1,target1-label 192.168.1.2,target2-label 192.168.1.3 192.168.1.4,target4-label
Determining the number of available Scans
The number of IP addresses that can be scanned is based on a weekly quota. If you scan a full
Class C net block every day, this is adds up to 7 x 254 = 1778 weekly count. Alternatively you could scan 4 x Class C once per week and still stay under a weekly quota of 2000 per week.
Time of Scheduled Scans
The scans can be scheduled for any hour during the day. Port scans are then queued on that hour, and will run in sequence. If you scheduled 20 scans for 13:00 UTC they will not all run simultaneously right on 13:00, they will be queued at 13:00 and run as scan servers are available.
Viewing Results and Status
The status is determined by comparing two most recent
Nmap scans. The scans can be initiated manually through the web interface or launched as part of a scheduled scan operation. The comparison of the results is simply the result of using the
ndiff and determining if there is a difference in the responding
hosts as well as the
|No Change||This indicates the previous two scans are identical.|
|Changed||This indicates there is a difference in results of the previous two scans.|
|No Data||There is not enough data to determine the status (results not available for comparison).|
|Running||An Nmap scan is currently running, progress will be indicated in the table above.|
|Queued||The scan is currently queued to run when the next available server is available.|
|Error||There was a problem running the scan, try again or contact support if this continues|
Results are delivered to the user in an email, depending on the user selected email option in the scan profile.
- Results after every scan: If a user chooses to receive results every time then an email is dispatched following the completion of the scan
- If change detected (default): Emails are only sent if a change is detected in the scan results. This could be a change in
filteredports or if a host is no longer responding to Nmap's host detection.
- If open ports change: Depending on the target network and other factors some clients find that they get a number of false positives in closed vs filtered ports. To minimise alerts on false positives this option only sends an email if the change is detected in the
openports on the target network or host.
All results are able to be accessed through the web interface.
Load balanced hosts or hostnames that resolve to multiple IP addresses
Hostnames that resolve to multiple IP address are scanned across each of the IP addresses. This ensures that alerts are only generated on changes on any of the resolved IP addresses. Uses the
--resolve-all that was introduced in Nmap 7.70.
Understanding "0 hosts UP"?
If you are testing open ports daily or weekly and find Nmap is returning 0 hosts up. There are a few possibilities. If your external facing system is not responding to Ping from external sources then the IP Address will not be scanned. Nmap first attempts to discover if your system is UP by sending an
ICMP ping; so in the event that your border firewall or router is dropping
ICMP packets the scanning will not continue as your systems will be classed as being down.
A second thing to check is that you have specified the correct protocol
IPv4 or IPv6 depending on your system. A system wrongly classified will be reported as being down, as the Nmap scanning engine will not receive a Ping response from the invalid IP Address.
Intrusion Prevention Systems are also a possible cause of the lack of response, if you are using a system with a IPS in place. The IPS may detect the scan and block packets from our IP Address. Check your IPS for alerts or if you are a hosted customer check with your service provider to see if they have any IPS blocking mechanisms in place.
Skipping host x.x.x.x due to host timeout
In the results you may encounter host timeout errors from Nmap. This indicates that the scan of that particular host did not complete within the maximum timeout, which is set to 90 minutes. It is unusual for this to occur under normal conditions. We do sometimes see it happen on target networks that are slow, or networks that have Intrusion Prevention Systems in place that detect the incoming port scan and throttle the traffic significantly slowing down the scan.
If you continue to receive these messages, and are confident your local network is not causing the delays in the port scan, contact support and we will investigate from this end.