> ## Documentation Index
> Fetch the complete documentation index at: https://docs.projectdiscovery.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Internal Network Vulnerability Scanning

Internal network security is critical yet often overlooked. Once attackers gain initial access through configuration drift, phishing, or compromised credentials, they can rapidly expand their foothold by exploiting internal vulnerabilities. This lateral movement can lead to devastating breaches, making internal vulnerability scanning as crucial as external assessments.

ProjectDiscovery offers two distinct approaches for internal network vulnerability scanning, each designed to fit different organizational needs while maintaining our core focus on exploitability and accurate detection.

<CardGroup cols={2}>
  <Card title="Agent based Scanning" icon="cloud" color="blue">
    Use pd-agent for seamless internal scanning through our platform. Perfect for large networks and centralized security management.
  </Card>

  <Card title="Local Scanning & Upload" icon="upload">
    Run Nuclei locally and upload results to PD's platform. Ideal for teams with existing scanning workflows or specific network restrictions.
  </Card>
</CardGroup>

<Note>
  Internal scanning helps identify misconfigurations, unpatched systems, and security gaps that could be exploited for lateral movement before attackers can leverage them.
</Note>

## Method 1: Agent based Scanning (Recommended)

To use this feature you'll need to install and deploy pd-agent within your internal network. The agent acts as a bridge between your internal infrastructure and ProjectDiscovery's platform, enabling you to trigger and manage scans remotely.

### What is pd-agent?

pd-agent is a lightweight agent that you deploy within your internal network to execute scans and enumerations remotely. It establishes a secure connection between your internal infrastructure and ProjectDiscovery's platform, receives scan configurations and executes them locally using ProjectDiscovery's tools.

**Key Capabilities:**

* **Network Discovery**: Automatically discover assets, services, and open ports across your internal network
* **Vulnerability Scanning**: Execute Nuclei-based vulnerability scans using templates from the ProjectDiscovery's platform
* **Agent Tagging**: Organize agents with tags and networks for targeted execution
* **Passive Discovery**: Optional passive network discovery via libpcap/gopacket
* **Automatic Updates**: Receive and execute new scan configurations automatically

<Note>
  Agent based internal scanning is an Enterprise-exclusive feature. Free users can still perform internal scans using the local scanning method described below.
</Note>

<Note>
  **System Requirements**\
  The agent is designed to be lightweight and efficient. Minimum recommended specifications for optimal performance:

  * **CPU:** 2 vCPU
  * **Memory:** 4GB RAM
  * **Network:** 100Mbps network interface
  * **Storage:** 10GB available disk space
  * **Operating System:** Linux (recommended), macOS, or Windows

  These specifications are suitable for most deployment scenarios. A basic VPS (Virtual Private Server) meeting these requirements is sufficient for running pd-agent efficiently.
</Note>

### Step 1: Create a Network

Before installing the agent, you need to create a network in the ProjectDiscovery's platform. Each network represents a distinct internal environment (e.g., production, staging, office network) and generates a unique agent configuration.

1. Navigate to [https://cloud.projectdiscovery.io/networks](https://cloud.projectdiscovery.io/networks)
2. Click **"Create Network"**
3. Provide a network name
4. Save the network to generate your unique agent installation command

<Frame>
  <img src="https://mintcdn.com/projectdiscovery/E6D4D2v8a_5ITj-6/images/pdcp-create-network-demo.gif?s=94fffec2c276236a4da32d1451362676" alt="Creating a Network in PDCP" width="3024" height="1712" data-path="images/pdcp-create-network-demo.gif" />
</Frame>

<Info>
  You can create multiple networks for different environments or network segments. Each network can have one or more agents deployed.
</Info>

### Step 2: Install the agent

After creating your network, the platform will display a unique installation command pre-configured with your credentials and network settings.

<Note>
  **Prerequisites for Go installation method**

  If you're using the Go command option to install pd-agent, ensure you have:

  1. **Go installed** on your system ([download Go](https://go.dev/dl/))
  2. **pdtm (ProjectDiscovery Tool Manager)** installed

  To install pdtm, run:

  ```bash theme={null}
  go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
  pdtm -ia
  ```

  Or combine both commands:

  ```bash theme={null}
  go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest && pdtm -ia
  ```
</Note>

Finally copy and run the command (displayed when you create a network) in your internal environment where you want the agent deployed.

If you're using the Docker option, you can directly run the installation command without any additional prerequisites.

<Warning>
  Keep your installation command secure - it contains your API key and agent configuration. Anyone with this command can connect an agent to your network.
</Warning>

The installation command will:

* Download and configure the agent
* Establish a secure connection to ProjectDiscovery's platform
* Register the agent with your network

Once the agent runs successfully, it will appear in your network dashboard, indicating that it's ready to execute scans.

<Frame>
  <img src="https://mintcdn.com/projectdiscovery/E6D4D2v8a_5ITj-6/images/pd-agent-setup-demo.gif?s=4ae5bd1a51cd2495e8805c225895bd28" alt="Complete pd-agent Setup: Create Network, Install Agent, and Verify Connection" width="3024" height="1712" data-path="images/pd-agent-setup-demo.gif" />
</Frame>

<Note>
  The agent must remain running to execute scans. For production deployments, consider running it as a system service (systemd, Docker, or Kubernetes) to ensure it stays active.
</Note>

### Step 3: Discover Assets

Before running vulnerability scans, you can discover assets in your internal network. This helps you identify all hosts, services, and open ports that the agent can reach.

1. Navigate to your networks dashboard at [https://cloud.projectdiscovery.io/internal-network](https://cloud.projectdiscovery.io/internal-network)
2. Locate the network you want to discover assets for and click the **Discover assets** button under the **Action** column
3. Configure your discovery parameters (target ranges, ports, discovery methods, etc.)
4. Click on **Start Discovery** to initiate the discovery process. The pd-agent will scan your internal network and discovered assets will appear in your asset inventory

<Frame>
  <img src="https://mintcdn.com/projectdiscovery/aB4ILMhm5Rkll2Kf/images/pdcp-discover-assets-demo.gif?s=4e9cac0f72060359a4c2d4e8011d6e99" alt="Discovering Assets in Internal Network using pd-agent" width="3024" height="1712" data-path="images/pdcp-discover-assets-demo.gif" />
</Frame>

<Note>
  Asset discovery helps you build an accurate inventory of your internal infrastructure before running targeted vulnerability scans. This ensures comprehensive coverage of your attack surface.
</Note>

<Tip>
  **Scaling for Large Networks:** If your network has a large number of assets that need to be scanned, consider deploying multiple pd-agents across different network segments. This distributes the scanning load and improves performance for comprehensive vulnerability assessments.
</Tip>

### Step 4: Trigger Internal Scans

Once your pd-agent is connected and assets are discovered (optional), you can trigger vulnerability scans. The workflow is identical to external scanning - configure scans through the same interface and view results in the same dashboard.

1. Click on the **Scan** button for the network you want to scan, or go to the **Scans** menu ([https://cloud.projectdiscovery.io/scans](https://cloud.projectdiscovery.io/scans)) and click **Create New Scan**, choose **Internal** followed by the network
2. Select the Asset Group created from the previous discovery operation, or manually enter your targets (internal IPs, hostnames, or CIDR ranges like `192.168.1.0/24`, `internal-server.local`)
3. Select Nuclei templates (CVEs, misconfigurations, vulnerabilities, etc.) and configure scan settings (rate limits, headers, parameters)
4. Click **Create Scan** to start - the scan executes through pd-agent in your internal network and results appear in your dashboard

<Frame>
  <img src="https://mintcdn.com/projectdiscovery/aB4ILMhm5Rkll2Kf/images/pdcp-internal-scan-demo.gif?s=c58304db82a9d44ff5447de465c4773b" alt="Creating and Running an Internal Scan in PDCP" width="3024" height="1712" data-path="images/pdcp-internal-scan-demo.gif" />
</Frame>

<Note>
  Internal scanning provides the same experience as external scanning - identical template selection, scan configuration, results viewing, retesting capabilities, and integration options.
</Note>

<Note>
  **Important:** Only input targets that are accessible from where pd-agent is deployed. If the agent is running on a server in your 192.168.1.0/24 network, it can only scan hosts within that network or other networks it has routing access to.
</Note>

## Method 2: Local Scanning & Upload

This approach lets you run Nuclei locally and upload results to ProjectDiscovery Cloud Platform (ProjectDiscovery).

### Set up your API Key

To connect your existing Nuclei results to PDCP you will need to create a free API Key:

1. Visit [https://cloud.projectdiscovery.io](https://cloud.projectdiscovery.io)
2. Open the setting menu from the top right and select "API Key" to create your API Key

<img class="block" src="https://mintcdn.com/projectdiscovery/PrBSST-qkD3tzRi-/images/pdcp-api-key.png?fit=max&auto=format&n=PrBSST-qkD3tzRi-&q=85&s=4b4da5284cadf438603e461ad3ef0fe3" alt="PDCP API Key" width="2654" height="1078" data-path="images/pdcp-api-key.png" />

3. Use the `nuclei -auth` command, and enter your API key when prompted.

### Configure Team (Optional)

If you want to upload the scan results to a team workspace instead of your personal workspace, you can configure the Team ID using either method:

* **Obtain Team ID:**

  * Navigate to [https://cloud.projectdiscovery.io/settings/team](https://cloud.projectdiscovery.io/settings/team)
  * Copy the Team ID from the top right section

  <img class="block" src="https://mintcdn.com/projectdiscovery/PrBSST-qkD3tzRi-/images/platform/obtain-team-id.png?fit=max&auto=format&n=PrBSST-qkD3tzRi-&q=85&s=079687227c957bf26d5b4f43950d5a71" alt="Obtain Team ID" width="3600" height="1946" data-path="images/platform/obtain-team-id.png" />
* **CLI Option:**

  ```bash theme={null}
  nuclei -tid XXXXXX -cloud-upload
  ```
* **ENV Variable:**

  ```bash theme={null}
  export PDCP_TEAM_ID=XXXXX
  ```

2. Run your scan with the upload flag:

```bash theme={null}
# Single target
nuclei -u http://internal-target -cloud-upload

# Multiple targets
nuclei -l internal-hosts.txt -cloud-upload

# With specific templates
nuclei -u http://internal-target -t misconfiguration/ -cloud-upload
```

<Note>
  This method is ideal when you want to maintain complete control over scan execution or integrate with existing automation scripts.
</Note>