Internal Network Vulnerability Scanning
Internal network security is critical yet often overlooked. Once attackers gain initial access through configuration drift, phishing, or compromised credentials, they can rapidly expand their foothold by exploiting internal vulnerabilities. This lateral movement can lead to devastating breaches, making internal vulnerability scanning as crucial as external assessments.
ProjectDiscovery offers two distinct approaches for internal network vulnerability scanning, each designed to fit different organizational needs while maintaining our core focus on exploitability and accurate detection.
Local Scanning & Upload
Run Nuclei locally and upload results to PDCP. Ideal for teams with existing scanning workflows or specific network restrictions.
Cloud-Managed Scanning
Use TunnelX for remote scan triggering through PDCP UI. Perfect for large networks and centralized security management.
Internal scanning helps identify misconfigurations, unpatched systems, and security gaps that could be exploited for lateral movement before attackers can leverage them.
Port Discovery with Naabu
Before running vulnerability scans, it’s recommended to first identify open ports in your internal network using Naabu - a fast and reliable port scanner. This ensures comprehensive vulnerability scanning coverage.
The discovered ports can be used as input for vulnerability scanning to ensure thorough coverage of all exposed services. Learn more about Naabu’s capabilities in our detailed documentation.
Naabu will soon be integrated directly into ProjectDiscovery’s internal vulnerability scanning capabilities. Contact our sales team to be notified when this feature becomes available.
Method 1: Local Scanning & Upload
This approach lets you run Nuclei locally and upload results to ProjectDiscovery Cloud Platform (ProjectDiscovery).
Set up your API Key
To connect your existing Nuclei results to PDCP you will need to create a free API Key:
- Visit https://cloud.projectdiscovery.io
- Open the setting menu from the top right and select “API Key” to create your API Key
- Use the
nuclei -auth
command, and enter your API key when prompted.
Configure Team (Optional)
If you want to upload the scan results to a team workspace instead of your personal workspace, you can configure the Team ID using either method:
-
Obtain Team ID:
- Navigate to https://cloud.projectdiscovery.io/settings/team
- Copy the Team ID from the top right section
-
CLI Option:
-
ENV Variable:
- Run your scan with the upload flag:
This method is ideal when you want to maintain complete control over scan execution or integrate with existing automation scripts.
Method 2: Cloud-Managed Scanning (Recommended)
TunnelX is our open-source tunneling solution, purpose-built by ProjectDiscovery to enable secure internal scanning. It establishes isolated SOCKS5 proxies that let you trigger scans directly from the ProjectDiscovery interface while ensuring your internal infrastructure remains protected and unexposed.
Cloud-managed internal scanning with TunnelX is an Enterprise-exclusive feature. Free and Pro users can still perform internal scans using the local scanning method described above.
Install TunnelX
Choose your preferred installation method:
Managing Multiple Networks
TunnelX allows you to create separate tunnels for different internal networks:
After successful connection, you’ll see your network appear as a selectable option in the network dropdown menu on the ProjectDiscovery Scans page.
Exploitability Focus
Every vulnerability includes proof of concept, eliminating false positives common in traditional scanners.
Multiple Networks
Scan different internal networks by running multiple TunnelX instances with unique names.
Secure Isolation
Each tunnel creates an isolated SOCKS5 proxy, ensuring network traffic remains protected.
Centralized Management
Monitor and manage all internal scans from a single ProjectDiscovery dashboard.
Choosing Your Approach
Use Local Scanning When:
- You need complete control over scan execution
- You have existing automation scripts
- Network policies restrict external connections
- You want to run scans on-demand
Use Cloud-Managed When:
- Managing large internal networks
- Need centralized scan management
- Want automated recurring scans
- Require multi-team collaboration
Always ensure you have proper authorization before scanning internal networks. Follow your organization’s security policies and compliance requirements.
Next Steps
- Learn how to create custom templates for internal assets
- Set up automated scanning workflows
- Explore AI-assisted template generation for your specific use cases
Was this page helpful?