Kikimora
← all integrations

Attack Surface

Network Scanner

Scan internal networks from the inside - no VPN, no exposed ports, no license.

✦ built-in

Core platform capability - included with every plan. No third-party account, license, or API key required.

TRY ASKING:

“Deploy the network scanner and map every device on the office subnet.”

  • “Scan the office subnet and list every host with an open management port.”
  • “Find devices on the network that we don't have an inventory record for.”
  • “Schedule a weekly internal scan and summarize what changed each time.”

Shodan shows the outside view; the Network Scanner covers the inside. A built-in, locally deployed scanner maps your private networks, without VPN tunnels, port mapping, or exposing anything to the internet.

Map your internal network from one conversation

The capability covers the inside of your network: discovering hosts, finding open ports, and surfacing exposed services on subnets the internet cannot see. It is activation-based and deployed locally, so it only runs when you want it to, and outbound-only by design, so adding it never widens your attack surface. The agent controls the scan scope, the schedule, and the results, which means an internal sweep is a sentence rather than a tooling project.

What you can do

  • Activate the scanner when you need it and deploy it locally, with no keys, no license, no third-party account.
  • Scan local subnets for hosts, open ports, and exposed services the internet can’t see.
  • Let the agent drive: scan scopes, schedules, and results are all controlled conversationally.

Things you might ask

  • “Deploy the scanner and map every device on the office subnet, then flag the unknown ones.” Unknown internal hosts are part of the same shadow-IT problem as forgotten external ones. Our guide on how to find every internet-facing asset you forgot you had covers the discovery mindset on both sides.
  • “Which internal hosts expose an admin or database port that should never be open on the LAN?”
  • “Run a weekly internal scan and tell me what is new compared to last week.”

How it connects

The scanner runs inside your network and calls out to Kikimora. Nothing is inbound. No VPN, no port forwarding, no firewall changes. You activate it; the agent does the rest.

The Network Scanner is the inside view. Pair it with the built-in Shodan integration, which shows what the internet already sees from the outside, so internal and external exposure line up in one conversation.

Use Network Scanner - included free Browse all integrations

[ faq ]

Do I need a license or a third-party account? +

No. The Network Scanner is built in. There are no keys to manage, no license to buy, and no third-party account. You activate it from within Kikimora.

Do I have to open ports or set up a VPN? +

No. The scanner runs inside your network and calls out to Kikimora. Nothing is inbound. There is no VPN tunnel, no port forwarding, and no firewall change required.

How is it activated and controlled? +

It is activation-based. You deploy it locally when you need it, in minutes, and the agent drives everything after that. Scan scopes, schedules, and results are all controlled conversationally.

What can it actually see? +

Hosts, open ports, and exposed services on your internal subnets, the parts of your network the internet cannot reach. That is the inside view that complements external tools.

More in Attack Surface

Shodan
Shodan