Scantide Auditor Internal Network Scan Example Report

Scantide Local Network Scanner v 3.5.48 with CVE Intelligence
508 IP Addresses Scanned | Generated: 2026-05-29 10:16:25
Scan Duration
02:38
Live Hosts
90
click: show all rows
Found in DNS
79
unique live hosts with PTR/name
click: filter PTR/name found
Not in DNS
11
unique live hosts without PTR/name
click: filter missing PTR/name
DNS Coverage
87.8%
reverse DNS coverage
click: show all rows
Open Ports
256
14 unique port(s)
click: filter open services
Discovery-only Rows
2
ARP / mDNS / WSD only
click: filter discovery-only
Report Rows
258
open services + discovered hosts
click: show all rows
SSL/TLS Services
104
click: filter cert/TLS rows
Web Evidence
10
0 external script / 0 external beacon rows
click: filter web evidence
Header Issues
10
HTTP security headers
click: filter header issues
Browser Policies
10
policy / isolation rows
click: filter browser policy rows
Critical CVEs
7
click: filter critical CVEs
High CVEs
0
click: filter high CVEs
Medium CVEs
2
click: filter medium CVEs
Radio Findings
47
Wi-Fi / Direct / Bluetooth
click: open radio tab
Wi-Fi Networks
28
nearby SSIDs/BSSIDs
click: open radio tab
Wi-Fi Direct
0
candidate direct devices
click: open radio tab
Bluetooth
19
known/BLE observations
click: open radio tab
CMDB Assets
88
of 90 queried
click: filter in CMDB
Not in CMDB
2
click: filter missing CMDB
CMDB Coverage
97.8%
Valid HTTPS Certs
14
(excluding RDP)
click: filter valid certs
Expiring HTTPS
0
(excluding RDP)
click: filter expiring certs
Expired HTTPS
5
(excluding RDP)
click: filter expired certs
!
CRITICAL: Found 7 service(s) with CRITICAL CVEs!
!
MEDIUM: Found 2 service(s) with MEDIUM CVEs!
!
NOTICE: Found 8 ancient/untracked software version(s) - manual verification recommended.
?
CRITICAL: Found 5 expired SSL certificate(s) (excluding RDP)!
!
SECURITY HEADERS: Found missing or weak HTTP security headers on 10 service row(s). Expand Web Evidence for details.
!
BROWSER POLICIES: Found missing or weak browser policy/isolation headers on 10 service row(s), including CSP, frame, permissions, referrer, cross-origin, or CORS policy findings.
!
DNS INVENTORY: 11 of 90 unique live host(s) were not found in reverse DNS / PTR lookup. DNS coverage: 87.8%.

Anonymized internal network scan example report

This is a publishable, anonymized Scantide Auditor PowerShell example report. Real internal IP addresses, hostnames, domains, Wi-Fi names, Bluetooth device names, MAC/BSSID values and organization names have been replaced with generic example values while keeping the report structure, statistics and evidence style useful for evaluation.

Example coverage: internal network inventory, PowerShell network scanner output, open port review, TLS certificate audit, CVE intelligence, DNS coverage, CMDB comparison, ServiceNow-style asset coverage, Wi-Fi discovery and Bluetooth discovery.

IP Address Hostname Discovery CMDB Asset CMDB Status Port Service Server / Banner CVE Alert CVE Status Page Title Web Evidence Certificate CN Expiry Issuer TLS Versions
10.10.10.85
srv-071.corp.example.localICMP echoSRV-071[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.84
srv-070.corp.example.localICMP echoSRV-070[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-070.corp.example.local2026-07-31
VALID62 days		srv-070.corp.example.localTLS 1.3TLS 1.2
10.10.10.80
srv-066.corp.example.localICMP echoSRV-066[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-066.corp.example.local2026-11-14
VALID168 days		srv-066.corp.example.localTLS 1.2
10.10.10.81
srv-067.corp.example.localICMP echoSRV-067[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-067.corp.example.local2026-08-29
VALID91 days		srv-067.corp.example.localTLS 1.2
10.10.10.82
srv-068.corp.example.localICMP echoSRV-068[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-068.corp.example.local2026-08-29
VALID91 days		srv-068.corp.example.localTLS 1.2
10.10.10.83
srv-069.corp.example.localICMP echoSRV-069[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.83
srv-069.corp.example.localICMP echoSRV-069[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2022 (16.0.1000.6) [3 instances][-] Review (INFO) - Microsoft SQL Server 2022 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. Modern SQL Server release detected. Confirm current cumulative update/build before treating as clean. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.83
srv-069.corp.example.localICMP echoSRV-069[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-069.corp.example.local2026-09-30
VALID123 days		srv-069.corp.example.localTLS 1.2
10.10.10.81
srv-067.corp.example.localICMP echoSRV-067[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.82
srv-068.corp.example.localICMP echoSRV-068[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.79
srv-065.corp.example.localICMP echoSRV-065[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-065.corp.example.local2026-11-14
VALID168 days		srv-065.corp.example.localTLS 1.2
10.10.10.80
srv-066.corp.example.localICMP echoSRV-066[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.76
srv-062.corp.example.localICMP echoSRV-062[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.77
srv-063.corp.example.localICMP echoSRV-063[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-063.corp.example.local2026-07-15
VALID46 days		srv-063.corp.example.localTLS 1.2
10.10.10.78
SRV-064ICMP echoSRV-064[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.79
srv-065.corp.example.localICMP echoSRV-065[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.76
srv-062.corp.example.localICMP echoSRV-062[OK] In CMDB443HTTPSMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedsrv-062.corp.example.local2027-09-22
VALID480 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.78
SRV-064ICMP echoSRV-064[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-064.corp.example.local2026-08-09
VALID71 days		srv-064.corp.example.localTLS 1.2
10.10.10.71
srv-057.corp.example.localICMP echoSRV-057[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.74
srv-060.corp.example.localICMP echoSRV-060[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-060.corp.example.local2026-07-10
VALID41 days		srv-060.corp.example.localTLS 1.2
10.10.10.75
srv-061.corp.example.localICMP echoSRV-061[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-061.corp.example.local2026-07-11
VALID42 days		srv-061.corp.example.localTLS 1.2
10.10.10.77
srv-063.corp.example.localICMP echoSRV-063[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.77
srv-063.corp.example.localICMP echoSRV-063[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.73
srv-059.corp.example.localICMP echoSRV-059[OK] In CMDB22SSHSSH-2.0-OpenSSH_9.92 CVEs (CRITICAL)
Highest: CVE-1999-0661 (Score: 10)
Latest: CVE-2002-0083 (2002)		[OK] Verified
(2/20 applicable)		None capturedNone
10.10.10.76
srv-062.corp.example.localICMP echoSRV-062[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.69
srv-055.corp.example.localICMP echoSRV-055[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-055.corp.example.local2026-09-30
VALID123 days		srv-055.corp.example.localTLS 1.2
10.10.10.73
srv-059.corp.example.localICMP echoSRV-059[OK] In CMDB443HTTPSApacheTest Page for the HTTP Server on Red Hat Enterprise LinuxNone capturedsrv-077.corp.example.local2027-12-01
VALID550 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.74
srv-060.corp.example.localICMP echoSRV-060[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.76
srv-062.corp.example.localICMP echoSRV-062[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-062.corp.example.local2027-09-22
VALID480 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.69
srv-055.corp.example.localICMP echoSRV-055[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.70
srv-056.corp.example.localICMP echoSRV-056[OK] In CMDB80HTTPNetApp Application ServerLoading...None capturedNone
10.10.10.71
srv-057.corp.example.localICMP echoSRV-057[OK] In CMDB80HTTPHTTP Server (no Server header)Redirecting..None capturedNone
10.10.10.71
srv-057.corp.example.localICMP echoSRV-057[OK] In CMDB443HTTPSHTTPS Server (no Server header)Redirecting..None capturedSRV-0572026-07-25
VALID56 days		SRV-057TLS 1.3TLS 1.2
10.10.10.72
srv-058.corp.example.localICMP echoSRV-058[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-058.corp.example.local2026-10-21
VALID144 days		srv-058.corp.example.localTLS 1.2
10.10.10.73
srv-059.corp.example.localICMP echoSRV-059[OK] In CMDB80HTTPApacheTest Page for the HTTP Server on Red Hat Enterprise LinuxNone capturedNone
10.10.10.75
srv-061.corp.example.localICMP echoSRV-061[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.70
srv-056.corp.example.localICMP echoSRV-056[OK] In CMDB443HTTPSNetApp Application ServerLoading...None capturedsrv-056.corp.example.local2025-06-24
EXPIRED339 days ago		srv-056.corp.example.localTLS 1.3TLS 1.2
10.10.10.70
srv-056.corp.example.localICMP echoSRV-056[OK] In CMDB3306MySQLMySQL jHost '10.10.10.101' is not allowed to connect to this MySQL serverNone capturedNone
10.10.10.71
srv-057.corp.example.localICMP echoSRV-057[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-057.corp.example.local2026-10-22
VALID145 days		srv-057.corp.example.localTLS 1.2
10.10.10.72
srv-058.corp.example.localICMP echoSRV-058[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.66
srv-052.corp.example.localICMP echoSRV-052[OK] In CMDB9001HTTPSHTTPS Server (no Server header)[-] Review (INFO) - Product recognized, but no confirmed CVE range/exact-version match was found for version 9.0.82. Other versions have 20 documented CVEs, so treat this as a review item rather than clean.[!] ReviewApache Tomcat/9.0.82None capturedsrv-044.corp.example.local2028-04-07
VALID678 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.67
srv-053.corp.example.localICMP echoSRV-053[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.67
srv-053.corp.example.localICMP echoSRV-053[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-053.corp.example.local2026-09-26
VALID119 days		srv-053.corp.example.localTLS 1.2
10.10.10.68
srv-054.corp.example.localICMP echoSRV-054[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.68
srv-054.corp.example.localICMP echoSRV-054[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-054.corp.example.local2026-09-26
VALID119 days		srv-054.corp.example.localTLS 1.2
10.10.10.70
srv-056.corp.example.localICMP echoSRV-056[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.70
srv-056.corp.example.localICMP echoSRV-056[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-056.corp.example.local2026-10-27
VALID150 days		srv-056.corp.example.localTLS 1.2
10.10.10.12
srv-029.corp.example.localICMP echoSRV-029[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.12
srv-029.corp.example.localICMP echoSRV-029[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-029.corp.example.local2026-11-22
VALID176 days		srv-029.corp.example.localTLS 1.2
10.10.10.12
srv-029.corp.example.localICMP echoSRV-029[OK] In CMDB8080HTTPPayara Server 5.2022.5 #badassfish1 CVEs (CRITICAL)
Highest: CVE-2023-28462 (Score: 9.8)		[OK] Verified
(1/8 applicable)		Payara Server - Server RunningNone capturedNone
10.10.10.13
N/AICMP echoSRV-080[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.13
N/AICMP echoSRV-080[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-080.examplecorp.local2026-08-23
VALID85 days		SRV-080.examplecorp.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.14
N/AICMP echoSRV-081[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.14
N/AICMP echoSRV-081[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-081.examplecorp.local2026-08-23
VALID85 days		SRV-081.examplecorp.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.15
srv-001.corp.example.localICMP echoSRV-001[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.15
srv-001.corp.example.localICMP echoSRV-001[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-001.corp.example.local2026-07-31
VALID62 days		srv-001.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.16
SRV-082ICMP echoSRV-082[OK] In CMDB22SSHSSH-2.0-OpenSSH_7.23 CVEs (CRITICAL)
Highest: CVE-1999-0661 (Score: 10)
Latest: CVE-2002-0083 (2002)		[OK] Verified
(3/20 applicable)		None capturedNone
10.10.10.16
SRV-082ICMP echoSRV-082[OK] In CMDB25SMTP220 localhost ESMTPNone capturedNone
10.10.10.16
SRV-082ICMP echoSRV-082[OK] In CMDB80HTTPnginxNot FoundNone capturedNone
10.10.10.16
SRV-082ICMP echoSRV-082[OK] In CMDB443HTTPSnginxNot FoundNone capturedlegal.examplecorp.local2029-10-02
VALID1221 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.16
SRV-082ICMP echoSRV-082[OK] In CMDB8080HTTPnginx403 ForbiddenNone capturedNone
10.10.10.17
srv-003.corp.example.localICMP echoSRV-003[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NET | 4.0.30319 | 5.2Home Page - SAP Wrapping ServiceNone capturedNone
10.10.10.17
srv-003.corp.example.localICMP echoSRV-003[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.17
srv-003.corp.example.localICMP echoSRV-003[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-003.corp.example.local2026-09-20
VALID113 days		srv-003.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.17
srv-003.corp.example.localICMP echoSRV-003[OK] In CMDB8080HTTPMicrosoft-IIS/10.0 | ASP.NET | 4.0.30319 | 5.2Home Page - SAP Wrapping ServiceNone capturedNone
10.10.10.18
srv-004.corp.example.localICMP echoSRV-004[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NET | 4.0.30319 | 5.2Home Page - SAP Wrapping ServiceNone capturedNone
10.10.10.18
srv-004.corp.example.localICMP echoSRV-004[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.18
srv-004.corp.example.localICMP echoSRV-004[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-004.corp.example.local2026-09-09
VALID102 days		srv-004.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.18
srv-004.corp.example.localICMP echoSRV-004[OK] In CMDB8080HTTPMicrosoft-IIS/10.0 | ASP.NET | 4.0.30319Runtime ErrorNone capturedNone
10.10.10.19
srv-005.corp.example.localICMP echoSRV-005[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.19
srv-005.corp.example.localICMP echoSRV-005[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.19
srv-005.corp.example.localICMP echoSRV-005[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-005.corp.example.local2026-09-09
VALID102 days		srv-005.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.20
srv-006.corp.example.localICMP echoSRV-006[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NET[-] Review (UNKNOWN) - Ignored generic/short product token: "ce" is too ambiguous for reliable CVE lookup by itself. Capture the surrounding product context, for example pfSense CE, GitLab CE, Java SE, or the real server/banner name.[!] ReviewOT Intelligent Capture for SAP Solutions CE 23.4None capturedNone
10.10.10.20
srv-006.corp.example.localICMP echoSRV-006[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.20
srv-006.corp.example.localICMP echoSRV-006[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-006.corp.example.local2026-08-09
VALID71 days		srv-006.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.21
srv-035.corp.example.localICMP echoSRV-035[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.21
srv-035.corp.example.localICMP echoSRV-035[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-035.corp.example.local2026-11-22
VALID176 days		srv-035.corp.example.localTLS 1.2
10.10.10.22
srv-007.corp.example.localICMP echoSRV-007[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.22
srv-007.corp.example.localICMP echoSRV-007[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-007.corp.example.local2026-11-09
VALID163 days		srv-007.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.23
srv-008.corp.example.localICMP echoSRV-008[OK] In CMDB80HTTPHTTP Server (no Server header)None capturedNone
10.10.10.23
srv-008.corp.example.localICMP echoSRV-008[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.23
srv-008.corp.example.localICMP echoSRV-008[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-008.corp.example.local2026-07-26
VALID57 days		srv-008.corp.example.localTLS 1.2
10.10.10.24
srv-009.corp.example.localICMP echoSRV-009[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0None capturedNone
10.10.10.24
srv-009.corp.example.localICMP echoSRV-009[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.24
srv-009.corp.example.localICMP echoSRV-009[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-009.corp.example.local2026-07-28
VALID59 days		srv-009.corp.example.localTLS 1.2
10.10.10.25
srv-011.corp.example.localICMP echoSRV-011[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.25
srv-011.corp.example.localICMP echoSRV-011[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.25
srv-011.corp.example.localICMP echoSRV-011[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-011.corp.example.local2026-07-20
VALID51 days		srv-011.corp.example.localTLS 1.2
10.10.10.26
srv-013.corp.example.localICMP echoSRV-013[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.26
srv-013.corp.example.localICMP echoSRV-013[OK] In CMDB443HTTPSMicrosoft-IIS/10.0 | ASP.NET403 - Forbidden: Access is denied.None capturedsrv-013.corp.example.local2021-03-20
EXPIRED1896 days ago		srv-013.corp.example.localTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.26
srv-013.corp.example.localICMP echoSRV-013[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.26
srv-013.corp.example.localICMP echoSRV-013[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-013.corp.example.local2026-09-14
VALID107 days		srv-013.corp.example.localTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.26
srv-013.corp.example.localICMP echoSRV-013[OK] In CMDB8080HTTPMicrosoft-IIS/10.0 | ASP.NET403 - Forbidden: Access is denied.None capturedNone
10.10.10.27
srv-014.corp.example.localICMP echoSRV-014[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NET401 - Unauthorized: Access is denied due to invalid credentials.None capturedNone
10.10.10.27
srv-014.corp.example.localICMP echoSRV-014[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.27
srv-014.corp.example.localICMP echoSRV-014[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-014.corp.example.local2026-08-16
VALID78 days		srv-014.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.28
srv-015.corp.example.localICMP echoSRV-015[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.28
srv-015.corp.example.localICMP echoSRV-015[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.28
srv-015.corp.example.localICMP echoSRV-015[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-015.corp.example.local2026-08-30
VALID92 days		srv-015.corp.example.localTLS 1.2
10.10.10.29
srv-017.corp.example.localICMP echoSRV-017[OK] In CMDB80HTTPHTTP Server (no Server header)Login - CXO SoftwareNone capturedNone
10.10.10.29
srv-017.corp.example.localICMP echoSRV-017[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.29
srv-017.corp.example.localICMP echoSRV-017[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-017.corp.example.local2026-09-08
VALID101 days		srv-017.corp.example.localTLS 1.2
10.10.10.30
srv-019.corp.example.localICMP echoSRV-019[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.30
srv-019.corp.example.localICMP echoSRV-019[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-019.corp.example.local2026-09-09
VALID102 days		srv-019.corp.example.localTLS 1.2
10.10.10.30
srv-019.corp.example.localICMP echoSRV-019[OK] In CMDB8080HTTPHTTP Server (no Server header)
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.30
srv-019.corp.example.localICMP echoSRV-019[OK] In CMDB8443HTTPSHTTPS Server (no Server header)
Header issues: 9Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: missing
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • HIGH: Missing Strict-Transport-Security header on HTTPS service
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
SRV-0192030-11-01
VALID1616 days		SRV-019TLS 1.2TLS 1.1TLS 1.0
10.10.10.31
srv-020.corp.example.localICMP echoSRV-020[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.31
srv-020.corp.example.localICMP echoSRV-020[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-020.corp.example.local2026-09-20
VALID113 days		srv-020.corp.example.localTLS 1.2
10.10.10.31
srv-020.corp.example.localICMP echoSRV-020[OK] In CMDB8080HTTPHTTP Server (no Server header)
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.31
srv-020.corp.example.localICMP echoSRV-020[OK] In CMDB8443HTTPSHTTPS Server (no Server header)
Header issues: 9Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: missing
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • HIGH: Missing Strict-Transport-Security header on HTTPS service
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
SRV-0202030-11-07
VALID1622 days		SRV-020TLS 1.2TLS 1.1TLS 1.0
10.10.10.32
srv-022.corp.example.localICMP echoSRV-022[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.32
srv-022.corp.example.localICMP echoSRV-022[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-022.corp.example.local2026-09-28
VALID121 days		srv-022.corp.example.localTLS 1.2
10.10.10.33
srv-023.corp.example.localICMP echoSRV-023[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.33
srv-023.corp.example.localICMP echoSRV-023[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-023.corp.example.local2026-10-25
VALID148 days		srv-023.corp.example.localTLS 1.2
10.10.10.33
srv-023.corp.example.localICMP echoSRV-023[OK] In CMDB8080HTTPHTTP Server (no Server header)
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.34
srv-024.corp.example.localICMP echoSRV-024[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.34
srv-024.corp.example.localICMP echoSRV-024[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2022 (16.0.1000.6)[-] Review (INFO) - Microsoft SQL Server 2022 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. Modern SQL Server release detected. Confirm current cumulative update/build before treating as clean. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.34
srv-024.corp.example.localICMP echoSRV-024[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-024.corp.example.local2026-11-22
VALID176 days		srv-024.corp.example.localTLS 1.2
10.10.10.35
srv-026.corp.example.localICMP echoSRV-026[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.35
srv-026.corp.example.localICMP echoSRV-026[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.35
srv-026.corp.example.localICMP echoSRV-026[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-026.corp.example.local2026-11-22
VALID176 days		srv-026.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.36
srv-027.corp.example.localICMP echoSRV-027[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.36
srv-027.corp.example.localICMP echoSRV-027[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-027.corp.example.local2026-10-25
VALID148 days		srv-027.corp.example.localTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.36
srv-027.corp.example.localICMP echoSRV-027[OK] In CMDB8080HTTPWildFly (title evidence; Server header not captured)Welcome to WildFly
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.36
srv-027.corp.example.localICMP echoSRV-027[OK] In CMDB8443HTTPSHTTPS Server (no Server header)Welcome to WildFly
Header issues: 9Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: missing
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • HIGH: Missing Strict-Transport-Security header on HTTPS service
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
localhost2036-01-21
VALID3523 days		localhostTLS 1.2
10.10.10.37
N/AICMP echoSRV-083[OK] In CMDB80HTTPHTTP Server (no Server header)
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.37
N/AICMP echoSRV-083[OK] In CMDB443HTTPSHTTPS Server (no Server header)
Header issues: 9Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: missing
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • HIGH: Missing Strict-Transport-Security header on HTTPS service
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
localhost2036-01-20
VALID3522 days		localhostTLS 1.2
10.10.10.37
N/AICMP echoSRV-083[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.37
N/AICMP echoSRV-083[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.37
N/AICMP echoSRV-083[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-083.examplecorpexternal.com2026-10-26
VALID149 days		SRV-083.examplecorpexternal.comTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.38
srv-030.corp.example.localICMP echoSRV-030[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.38
srv-030.corp.example.localICMP echoSRV-030[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-030.corp.example.local2026-08-28
VALID90 days		srv-030.corp.example.localTLS 1.2
10.10.10.38
srv-030.corp.example.localICMP echoSRV-030[OK] In CMDB8000HTTPKestrelBPS Visualization webNone capturedNone
10.10.10.38
srv-030.corp.example.localICMP echoSRV-030[OK] In CMDB8080HTTPDelphiMVCFramework | DMVCFramework 3.2.1 (carbon)[?] Review (UNKNOWN) - Unmapped product: no reliable CVE product mapping was found for this banner. It may be proprietary, renamed, embedded, or device-specific.[!] ReviewDMVCFramework ExceptionNone capturedNone
10.10.10.39
srv-032.corp.example.localICMP echoSRV-032[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.39
srv-032.corp.example.localICMP echoSRV-032[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-032.corp.example.local2026-09-03
VALID96 days		srv-032.corp.example.localTLS 1.2
10.10.10.40
srv-033.corp.example.localICMP echoSRV-033[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.40
srv-033.corp.example.localICMP echoSRV-033[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-033.corp.example.local2026-09-03
VALID96 days		srv-033.corp.example.localTLS 1.2
10.10.10.40
srv-033.corp.example.localICMP echoSRV-033[OK] In CMDB8080HTTPHTTP Server (no Server header)
Header issues: 8Headers checked
Show scripts, beacons, cookies, inline code, and header evaluation
Captured HTTP security-relevant response headers
  • Server: not exposed
  • X-Powered-By: missing
  • Content-Security-Policy: missing
  • Strict-Transport-Security: not applicable on HTTP
  • X-Content-Type-Options: missing
  • X-Frame-Options: missing
  • Referrer-Policy: missing
  • Permissions-Policy: missing
  • Access-Control-Allow-Origin: missing
  • Access-Control-Allow-Credentials: missing
  • Cross-Origin-Opener-Policy: missing
  • Cross-Origin-Embedder-Policy: missing
  • Cross-Origin-Resource-Policy: missing
HTTP security header / browser policy evaluation
  • HIGH: Missing Content-Security-Policy header
  • LOW: Missing browser isolation header: Cross-Origin-Embedder-Policy
  • LOW: Missing browser isolation header: Cross-Origin-Opener-Policy
  • LOW: Missing browser policy header: Permissions-Policy
  • LOW: Missing browser resource policy header: Cross-Origin-Resource-Policy
  • LOW: Missing Referrer-Policy header
  • MEDIUM: Missing clickjacking protection: no X-Frame-Options and no CSP frame-ancestors
  • MEDIUM: Missing X-Content-Type-Options: nosniff
  • OK: Server header is not exposed
None
10.10.10.41
srv-031.corp.example.localICMP echoDEFR-SRV-174[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.41
srv-031.corp.example.localICMP echoDEFR-SRV-174[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2019 (15.0.2000.5)4 CVEs (CRITICAL)
Highest: CVE-2021-38159 (Score: 9.8)
Latest: CVE-2023-34362 (2023)		[OK] Verified
(4/6 applicable)		None capturedNone
10.10.10.41
srv-031.corp.example.localICMP echoDEFR-SRV-174[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-031.corp.example.local2026-09-02
VALID95 days		srv-031.corp.example.localTLS 1.2
10.10.10.42
srv-034.corp.example.localICMP echoSRV-034[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.42
srv-034.corp.example.localICMP echoSRV-034[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-034.corp.example.local2026-10-01
VALID124 days		srv-034.corp.example.localTLS 1.2
10.10.10.43
srv-040.corp.example.localICMP echoSRV-040[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.43
srv-040.corp.example.localICMP echoSRV-040[OK] In CMDB443HTTPSMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedsrv-040.corp.example.local2029-10-06
VALID1225 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.2
10.10.10.43
srv-040.corp.example.localICMP echoSRV-040[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.43
srv-040.corp.example.localICMP echoSRV-040[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-040.corp.example.local2026-07-16
VALID47 days		srv-040.corp.example.localTLS 1.2
10.10.10.44
srv-072.corp.example.localICMP echoSRV-072[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.44
srv-072.corp.example.localICMP echoSRV-072[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-072.corp.example.local2026-09-12
VALID105 days		srv-072.corp.example.localTLS 1.2
10.10.10.45
srv-037.corp.example.localICMP echoSRV-037[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.45
srv-037.corp.example.localICMP echoSRV-037[OK] In CMDB443HTTPSMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedsrv-037.corp.example.local2026-09-14
VALID107 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.2
10.10.10.45
srv-037.corp.example.localICMP echoSRV-037[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.45
srv-037.corp.example.localICMP echoSRV-037[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-037.corp.example.local2026-07-14
VALID45 days		srv-037.corp.example.localTLS 1.2
10.10.10.46
srv-038.corp.example.localICMP echoSRV-038[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedNone
10.10.10.46
srv-038.corp.example.localICMP echoSRV-038[OK] In CMDB443HTTPSMicrosoft-IIS/10.0 | ASP.NETIIS Windows ServerNone capturedsrv-038.corp.example.local2026-09-14
VALID107 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.2
10.10.10.46
srv-038.corp.example.localICMP echoSRV-038[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.46
srv-038.corp.example.localICMP echoSRV-038[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-038.corp.example.local2026-07-14
VALID45 days		srv-038.corp.example.localTLS 1.2
10.10.10.47
SRV-084.examplecorp.localICMP echoSRV-084[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.47
SRV-084.examplecorp.localICMP echoSRV-084[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-084.examplecorp.local2026-08-04
VALID66 days		SRV-084.examplecorp.localTLS 1.2
10.10.10.48
N/AICMP echoDEFRADXR001[OK] In CMDB139NetBIOSNetBIOS (SMB1)None capturedNone
10.10.10.48
N/AICMP echoDEFRADXR001[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.48
N/AICMP echoDEFRADXR001[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedDEFRADXR001.examplecorpexternal.com2026-08-12
VALID74 days		DEFRADXR001.examplecorpexternal.comTLS 1.2
10.10.10.49
srv-075.corp.example.localICMP echoSRV-074[OK] In CMDB21FTP220 Microsoft FTP ServiceNone capturedNone
10.10.10.49
srv-075.corp.example.localICMP echoSRV-074[OK] In CMDB22SSHSSH-2.0-9.39 FlowSsh: Bitvise SSH Server (WinSSHD) 9.391 CVEs (MEDIUM)
Highest: CVE-2002-0460 (Score: 5)		[OK] VerifiedNone capturedNone
10.10.10.49
srv-075.corp.example.localICMP echoSRV-074[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.49
srv-075.corp.example.localICMP echoSRV-074[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-074.corp.example.local2026-08-19
VALID81 days		srv-074.corp.example.localTLS 1.2
10.10.10.50
srv-073.corp.example.localICMP echoSRV-073[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.50
srv-073.corp.example.localICMP echoSRV-073[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-073.corp.example.local2026-08-07
VALID69 days		srv-073.corp.example.localTLS 1.2
10.10.10.51
SRV-085ICMP echoSRV-085[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.51
SRV-085ICMP echoSRV-085[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-0852026-08-12
VALID74 days		SRV-085TLS 1.2
10.10.10.52
srv-076.corp.example.localICMP echoSRV-086[OK] In CMDB80HTTPMicrosoft-IIS/10.0 | ASP.NETNone capturedNone
10.10.10.52
srv-076.corp.example.localICMP echoSRV-086[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.52
srv-076.corp.example.localICMP echoSRV-086[OK] In CMDB1433MS-SQLMicrosoft SQL Server (version detection failed)None capturedNone
10.10.10.52
srv-076.corp.example.localICMP echoSRV-086[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-086.examplecorpexternal.com2026-09-13
VALID106 days		SRV-086.examplecorpexternal.comTLS 1.2
10.10.10.53
N/AICMP echoSRV-087[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.53
N/AICMP echoSRV-087[OK] In CMDB443HTTPSMicrosoft-HTTPAPI/2.0Not FoundNone capturedDealerweb2016.example.local2024-09-04
EXPIRED632 days ago		Dealerweb2016.example.localTLS 1.2
10.10.10.53
N/AICMP echoSRV-087[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.53
N/AICMP echoSRV-087[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-087.examplecorpexternal.com2026-07-27
VALID58 days		SRV-087.examplecorpexternal.comTLS 1.2
10.10.10.54
N/AICMP echoSRV-088[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.54
N/AICMP echoSRV-088[OK] In CMDB443HTTPSMicrosoft-HTTPAPI/2.0Not FoundNone captureddealerweb2016.example.local2024-09-15
EXPIRED621 days ago		dealerweb2016.example.localTLS 1.2
10.10.10.54
N/AICMP echoSRV-088[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.54
N/AICMP echoSRV-088[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-088.examplecorpexternal.com2026-08-26
VALID88 days		SRV-088.examplecorpexternal.comTLS 1.2
10.10.10.55
N/AICMP echoSRV-090[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.55
N/AICMP echoSRV-090[OK] In CMDB443HTTPSMicrosoft-HTTPAPI/2.0Not FoundNone captureddealerweb.example.local2025-10-15
EXPIRED226 days ago		ExampleCorp Internal Issuing CA 01 G2TLS 1.2
10.10.10.55
N/AICMP echoSRV-090[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.55
N/AICMP echoSRV-090[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-090.examplecorpexternal.com2026-08-26
VALID88 days		SRV-090.examplecorpexternal.comTLS 1.2
10.10.10.56
srv-042.corp.example.localICMP echoSRV-042[OK] In CMDB80HTTPMicrosoft-IIS/10.01 CVEs (CRITICAL)
Highest: CVE-1999-0561 (Score: 10)		[OK] Verified
(1/20 applicable)		srv-042.corp.example.local - /None capturedNone
10.10.10.56
srv-042.corp.example.localICMP echoSRV-042[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.56
srv-042.corp.example.localICMP echoSRV-042[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-042.corp.example.local2026-11-22
VALID176 days		srv-042.corp.example.localTLS 1.2
10.10.10.57
srv-078.corp.example.localICMP echoSRV-079[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.57
srv-078.corp.example.localICMP echoSRV-079[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-079.corp.example.local2026-08-04
VALID66 days		srv-079.corp.example.localTLS 1.2
10.10.10.58
srv-044.corp.example.localICMP echoSRV-044[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.58
srv-044.corp.example.localICMP echoSRV-044[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-044.corp.example.local2026-09-25
VALID118 days		srv-044.corp.example.localTLS 1.2
10.10.10.58
srv-044.corp.example.localICMP echoSRV-044[OK] In CMDB9001HTTPSHTTPS Server (no Server header)[-] Review (INFO) - Product recognized, but no confirmed CVE range/exact-version match was found for version 9.0.82. Other versions have 20 documented CVEs, so treat this as a review item rather than clean.[!] ReviewApache Tomcat/9.0.82None capturedsrv-044.corp.example.local2028-04-07
VALID678 days		ExampleCorp Internal Issuing CA 01 G2TLS 1.3TLS 1.2
10.10.10.59
srv-045.corp.example.localICMP echoSRV-045[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.59
srv-045.corp.example.localICMP echoSRV-045[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-045.corp.example.local2026-09-26
VALID119 days		srv-045.corp.example.localTLS 1.2
10.10.10.60
srv-046.corp.example.localICMP echoSRV-046[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.60
srv-046.corp.example.localICMP echoSRV-046[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-046.corp.example.local2026-09-26
VALID119 days		srv-046.corp.example.localTLS 1.2
10.10.10.61
srv-047.corp.example.localICMP echoSRV-047[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.61
srv-047.corp.example.localICMP echoSRV-047[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-047.corp.example.local2026-09-28
VALID121 days		srv-047.corp.example.localTLS 1.2
10.10.10.62
srv-048.corp.example.localICMP echoSRV-048[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.62
srv-048.corp.example.localICMP echoSRV-048[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-048.corp.example.local2026-09-25
VALID118 days		srv-048.corp.example.localTLS 1.2
10.10.10.63
srv-049.corp.example.localICMP echoSRV-049[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.63
srv-049.corp.example.localICMP echoSRV-049[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-049.corp.example.local2026-09-26
VALID119 days		srv-049.corp.example.localTLS 1.2
10.10.10.64
srv-050.corp.example.localICMP echoSRV-050[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.64
srv-050.corp.example.localICMP echoSRV-050[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-050.corp.example.local2026-09-25
VALID118 days		srv-050.corp.example.localTLS 1.2
10.10.10.65
srv-051.corp.example.localICMP echoSRV-051[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.65
srv-051.corp.example.localICMP echoSRV-051[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-051.corp.example.local2026-09-25
VALID118 days		srv-051.corp.example.localTLS 1.2
10.10.10.66
srv-052.corp.example.localICMP echoSRV-052[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.66
srv-052.corp.example.localICMP echoSRV-052[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-052.corp.example.local2026-09-25
VALID118 days		srv-052.corp.example.localTLS 1.2
10.10.10.83
srv-069.corp.example.localICMP echoSRV-069[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.84
srv-070.corp.example.localICMP echoSRV-070[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.85
srv-071.corp.example.localICMP echoSRV-071[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0None capturedNone
10.10.10.86
N/AICMP echoSRV-091[OK] In CMDB22SSHSSH-2.0-OpenSSH_8.71 CVEs (MEDIUM)
Highest: CVE-2016-20012 (Score: 5.3)		[OK] VerifiedNone capturedNone
10.10.10.85
srv-071.corp.example.localICMP echoSRV-071[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-071.corp.example.local2026-07-27
VALID58 days		srv-071.corp.example.localTLS 1.3TLS 1.2
10.10.10.85
srv-071.corp.example.localICMP echoSRV-071[OK] In CMDB443HTTPSMicrosoft-HTTPAPI/2.0None capturedsrv-071.corp.example.local2027-03-02
VALID276 days		Sectigo Public Server Authentication CA DV R36TLS 1.3TLS 1.2
10.10.10.11
N/AICMP echo[!] Not in CMDBDiscovered Host
Discovered host
No checked TCP service answered.
None capturedNone
10.10.10.88
srv-002.corp.example.localICMP echoSRV-002[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.89
srv-010.corp.example.localICMP echoSRV-010[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.90
srv-012.corp.example.localICMP echoSRV-012[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.90
srv-012.corp.example.localICMP echoSRV-012[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2016 (13.0.7080.1) [2 instances][-] Review (WARNING) - Microsoft SQL Server 2016 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.90
srv-012.corp.example.localICMP echoSRV-012[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-012.corp.example.local2026-08-16
VALID78 days		srv-012.corp.example.localTLS 1.2TLS 1.1TLS 1.0
10.10.10.91
srv-016.corp.example.localICMP echoSRV-016[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.91
srv-016.corp.example.localICMP echoSRV-016[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2016 (13.0.7080.1)[-] Review (WARNING) - Microsoft SQL Server 2016 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.91
srv-016.corp.example.localICMP echoSRV-016[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-016.corp.example.local2026-08-28
VALID90 days		srv-016.corp.example.localTLS 1.2
10.10.10.92
srv-018.corp.example.localICMP echoSRV-018[OK] In CMDB80HTTPMicrosoft-HTTPAPI/2.0Not FoundNone capturedNone
10.10.10.92
srv-018.corp.example.localICMP echoSRV-018[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.92
srv-018.corp.example.localICMP echoSRV-018[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2022 (16.0.1000.6)[-] Review (INFO) - Microsoft SQL Server 2022 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. Modern SQL Server release detected. Confirm current cumulative update/build before treating as clean. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.92
srv-018.corp.example.localICMP echoSRV-018[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-018.corp.example.local2026-10-12
VALID135 days		srv-018.corp.example.localTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.93
srv-021.corp.example.localICMP echoSRV-021[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.93
srv-021.corp.example.localICMP echoSRV-021[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.93
srv-021.corp.example.localICMP echoSRV-021[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-021.corp.example.local2026-09-21
VALID114 days		srv-021.corp.example.localTLS 1.2
10.10.10.94
srv-025.corp.example.localICMP echoSRV-025[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.94
srv-025.corp.example.localICMP echoSRV-025[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.94
srv-025.corp.example.localICMP echoSRV-025[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-025.corp.example.local2026-07-15
VALID46 days		srv-025.corp.example.localTLS 1.2
10.10.10.95
srv-028.corp.example.localICMP echoSRV-028[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.95
srv-028.corp.example.localICMP echoSRV-028[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2022 (16.0.1000.6)[-] Review (INFO) - Microsoft SQL Server 2022 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. Modern SQL Server release detected. Confirm current cumulative update/build before treating as clean. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.95
srv-028.corp.example.localICMP echoSRV-028[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-028.corp.example.local2026-10-25
VALID148 days		srv-028.corp.example.localTLS 1.3TLS 1.2TLS 1.1TLS 1.0
10.10.10.96
srv-039.corp.example.localICMP echoSRV-039[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.96
srv-039.corp.example.localICMP echoSRV-039[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2017 (14.0.1000.169)[-] Review (WARNING) - Microsoft SQL Server 2017 was recognized, but the banner/year alone is not enough to prove exact CVE applicability. This SQL Server generation is older and should be reviewed for support status, cumulative updates and exposure. Other SQL Server versions have 20 documented CVEs in the current lookup result. Treat this as a tracked review item, not as unmapped and not as clean.[!] ReviewNone capturedNone
10.10.10.96
srv-039.corp.example.localICMP echoSRV-039[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-039.corp.example.local2026-07-14
VALID45 days		srv-039.corp.example.localTLS 1.2
10.10.10.97
srv-036.corp.example.localICMP echoSRV-036[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.97
srv-036.corp.example.localICMP echoSRV-036[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2019 (15.0.2000.5)4 CVEs (CRITICAL)
Highest: CVE-2021-38159 (Score: 9.8)
Latest: CVE-2023-34362 (2023)		[OK] Verified
(4/6 applicable)		None capturedNone
10.10.10.97
srv-036.corp.example.localICMP echoSRV-036[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-036.corp.example.local2026-11-22
VALID176 days		srv-036.corp.example.localTLS 1.2
10.10.10.98
srv-041.corp.example.localICMP echoSRV-041[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.98
srv-041.corp.example.localICMP echoSRV-041[OK] In CMDB1433MS-SQLMicrosoft SQL Server (version detection failed)None capturedNone
10.10.10.98
srv-041.corp.example.localICMP echoSRV-041[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-041.corp.example.local2026-07-16
VALID47 days		srv-041.corp.example.localTLS 1.2
10.10.10.99
N/AICMP echoSRV-089[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.99
N/AICMP echoSRV-089[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedSRV-089.examplecorpexternal.com2026-08-26
VALID88 days		SRV-089.examplecorpexternal.comTLS 1.2
10.10.10.100
srv-043.corp.example.localICMP echoSRV-043[OK] In CMDB1433MS-SQLMicrosoft SQL Server 2019 (15.0.2000.5)4 CVEs (CRITICAL)
Highest: CVE-2021-38159 (Score: 9.8)
Latest: CVE-2023-34362 (2023)		[OK] Verified
(4/6 applicable)		None capturedNone
10.10.10.100
srv-043.corp.example.localICMP echoSRV-043[OK] In CMDB445SMBSMB2/3None capturedNone
10.10.10.89
srv-010.corp.example.localICMP echoSRV-010[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-010.corp.example.local2026-07-27
VALID58 days		srv-010.corp.example.localTLS 1.2
10.10.10.100
srv-043.corp.example.localICMP echoSRV-043[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-043.corp.example.local2026-09-25
VALID118 days		srv-043.corp.example.localTLS 1.2
10.10.10.88
srv-002.corp.example.localICMP echoSRV-002[OK] In CMDB3389RDP-TLSRDP with TLS encryptionNone capturedsrv-002.corp.example.local2026-08-03
VALID65 days		srv-002.corp.example.localTLS 1.2
10.10.10.89
srv-010.corp.example.localICMP echoSRV-010[OK] In CMDB1433MS-SQLMicrosoft SQL Server (version detection failed)None capturedNone
10.10.10.88
srv-002.corp.example.localICMP echoSRV-002[OK] In CMDB1433MS-SQLMicrosoft SQL Server (version detection failed)None capturedNone
10.10.10.87
N/AICMP echo[!] Not in CMDBDiscovered Host
Discovered host
No checked TCP service answered.
None capturedNone

How to read this report

The summary cards at the top are clickable. A clicked card applies a matching table filter, for example Critical CVEs shows the affected rows, Not in DNS shows live hosts without a useful reverse DNS/PTR name, and Open Ports shows rows where a checked TCP service answered. Use Clear card filter to return to the full table.

Open PortsRows where a checked TCP port answered. These rows may also include banners, TLS details, HTTP titles, web evidence and CVE checks when the service exposed enough information.Why it matters: every open service is a reachable attack surface, even when the service is legitimate.Suggestion: verify ownership, close unused ports, restrict admin ports to management networks or VPN, and patch services that must remain exposed.
Found in DNSLive hosts where reverse DNS/PTR lookup produced a useful hostname. This is similar to what admins often check with ping -a IP_Address, but the report stores it as PTR/reverse DNS evidence.Why it matters: good names make assets easier to identify, assign, monitor and investigate.Suggestion: compare the hostname with CMDB, DHCP reservations and naming standards. Rename stale or misleading records.
Not in DNS / PTR missingLive hosts where reverse DNS/PTR did not return a useful name. This does not prove the host is rogue, and it does not prove forward DNS is missing; it means the reverse lookup did not identify it clearly.Why it matters: unnamed live hosts are harder to patch, harder to prove ownership for, and slower to handle during incidents. They can also hide old appliances, temporary systems and forgotten test machines.Suggestion: add or fix PTR records for managed assets, document intentionally unnamed devices, and investigate unknown hosts that also have open ports.
Discovery-only RowsHosts seen through ARP/neighbor cache, mDNS, SSDP or WS-Discovery where none of the checked TCP ports answered.Why it matters: printers, IoT, workstations and appliances can be visible locally even when the scanned service ports are closed.Suggestion: review whether the device belongs on the subnet, whether local discovery protocols should be enabled, and whether segmentation is correct.
Web EvidenceHTTP/HTTPS evidence from the first response: scripts, inline scripts, beacon-like endpoints, cookies and security header findings. External destinations are highlighted when detected.Why it matters: web services can leak technology, depend on third parties, expose weak cookies, or send telemetry outside the expected environment.Suggestion: review external scripts/beacons, remove unnecessary dependencies, and fix cookie attributes such as Secure, HttpOnly and SameSite where applicable.
Header Issues / Browser PoliciesMissing or weak browser-side controls such as Content-Security-Policy, X-Frame-Options, Referrer-Policy, Permissions-Policy, cross-origin controls and exposed Server/X-Powered-By headers.Why it matters: these controls reduce clickjacking, data leakage, script injection impact and unnecessary technology disclosure.Suggestion: start with safe baseline headers, test with business applications, and avoid overly broad CSP or CORS rules.
SSL/TLS and CertificatesCertificate identity, issuer, expiry and TLS protocol evidence for TLS-speaking services.Why it matters: expired certificates cause outages, weak TLS can expose legacy risk, and mismatched names can indicate wrong bindings or unexpected services.Suggestion: renew expiring certificates, remove obsolete TLS versions, and confirm that certificate names match the intended service.
CVE CardsRows where banner/title parsing matched CVE intelligence. Critical, High and Medium cards filter directly to the affected service rows.Why it matters: banner-based CVE matching is useful for prioritization, but banners can be incomplete, masked or misleading.Suggestion: verify high-risk rows manually, confirm exact product versions on the host, and patch or isolate confirmed affected services first.

Suggested review order

  • Start with Critical and High CVEs. Confirm whether the detected product/version is really installed, then patch, isolate or disable the affected service.
  • Check unknown live hosts. Use Not in DNS, Discovery-only Rows and CMDB missing rows to find systems that need ownership, naming or documentation.
  • Review exposed services. Open Ports is not automatically bad, but unnecessary listening services should be closed or restricted.
  • Fix outage risks. Expired or soon-expiring certificates should be handled before they break users or integrations.
  • Clean up web-facing evidence. Header issues, weak cookies, exposed server banners and unexpected external scripts are usually quick hardening wins.
  • Export filtered CSV when assigning work. Click a summary card, verify the rows, then use Export filtered CSV to hand the exact findings to the responsible team.

Scantide product guidance

This local network report shows what answered during the subnet scan. The other Scantide tools are useful when the next question is: what is exposed on public domains, what happens inside the browser, or what does a mobile device/application reveal?

Scantide AuditorThe Windows/PowerShell auditor is the tool behind this local network report. It is best for internal subnets, server rooms, VLANs, branch offices and environments where you need evidence about live hosts, open services, banners, certificates, PTR/DNS naming and CVE prioritization.Why it matters: internal exposure is often where forgotten services, old appliances, test systems and weak inventory practices become real operational risk.Suggestion: run it from a controlled admin workstation on each relevant subnet, export filtered CSV files for owners, and repeat scans after remediation to prove what changed.
Scantide Auditor for AndroidThe Android auditor is useful for quick checks from a phone or tablet, especially when validating local networks, Wi-Fi segments, printer/IoT areas or field locations where a full workstation is not convenient.Why it matters: many risks are location-specific. A device connected to the same Wi-Fi or local segment can reveal discovery data and reachable services that central tools may miss.Suggestion: use it for spot checks, on-site validation and before/after confirmation. For formal reporting, follow up with the full Auditor or Scantide Online where deeper evidence is needed.
Scantide OnlineScantide Online is for public-facing domain and server reports. It complements this local scan by checking externally reachable hosts, redirects, certificates, DNS, mail posture, web evidence, jurisdiction/compliance signals and public exposure.Why it matters: an internal host may look fine locally while the public domain has weak headers, expired certificates, risky redirects, unexpected third-party scripts or mail/DNS issues.Suggestion: use Scantide Online for internet-facing systems, customer portals, supplier portals, landing pages and before publishing anonymized showcase reports or compliance evidence.
Scantide ObserveScantide Observe is the browser extension for checking the page you are currently visiting. It focuses on browser-visible security and privacy signals such as HTTPS/HSTS, headers, cookies, third-party scripts, trackers, beacons, jurisdictions and page-level evidence.Why it matters: a port scan can show that HTTPS is open, but the browser view shows what the user is actually exposed to after the page loads.Suggestion: use Observe when reviewing websites, SaaS portals, supplier pages and login pages. It is especially useful for explaining privacy/security risk to non-technical users with a clear score and evidence.
Scantide Observe MobileObserve Mobile brings the browser/page-review idea to Android workflows, mainly by analyzing pages or links shared from mobile browsers and apps.Why it matters: users increasingly open business links on phones, and mobile browsing often hides details that are easier to inspect on desktop.Suggestion: use it when validating mobile user journeys, supplier links, QR-code destinations, phishing-like URLs, or public pages that employees commonly open from phones.
How the tools fit togetherAuditor answers: what exists on the network? Online answers: what is exposed from the internet? Observe answers: what does the browser/user actually receive? Mobile tools help validate the same questions from the device and network context where users really work.Why it matters: no single scan view is complete. Network, public exposure and browser evidence often explain different parts of the same risk.Suggestion: use the local report to identify systems, Scantide Online for public-facing domains, Observe for page-level privacy/security, and Android tools for on-site or mobile validation.

CVE status guide

CVE matching is banner-based and version-aware where possible. A green or grey status does not mean the service is automatically safe; it means the scanner did not find a confirmed CVE match for the detected version. Use the confidence label to decide what needs manual review.

[OK] VerifiedDetected product/version was checked against CVE data. The scanner did not find a confirmed applicable CVE match for that detected version, or the listed CVEs were filtered to applicable entries.
[CVE] MatchedExact version or affected-version range matched. This is the strongest automated CVE finding.
[REVIEW] Product-levelCVEs exist for the product, but the exact detected version was not proven affected. Review before escalating.
[WARN] PotentialNearby versions or inferred range evidence suggest possible exposure. Treat as likely affected until verified.
[!] ReviewProduct is recognized, but no confirmed exact-version or affected-range match was returned. This is a review item, not a clean result.
[REVIEW] Version gapProduct is known, but this exact version was not listed by the CVE source. This is a version-data gap, not proof of safety.
[REVIEW] Ambiguous versionThe detected version may be a compatibility prefix, firmware branch, partial banner, or rewritten product string.
[REVIEW] LegacyVery old version detected. Check vendor lifecycle and patch history even if no exact CVE is returned.
[INFO] UnmappedNo reliable CVE product mapping was found for the banner. Common with printers, embedded devices and OEM-renamed services.

Radio / Wi-Fi security and local RF evidence

Nearby Wi-Fi, Wi-Fi Direct candidate networks/devices and Bluetooth observations collected from the scanning workstation. The evidence table comes first; the interpretation guide is below it.

28Wi-Fi network row(s)
0Wi-Fi Direct candidate(s)
19Bluetooth/BLE row(s)
5critical/high radio finding(s)
23medium radio finding(s)
Highobserved channel congestion

Channel congestion

Ch 100
8
Ch 6
5
Ch 11
5
Ch 36
5
Ch 60
5
Top observed channel: Channel 100 with 8 visible BSSID row(s). Channels with 3+ visible BSSIDs are worth reviewing; 6+ usually means heavy local contention or many APs sharing the same channel.

Band distribution

2.4 GHz
10
5 GHz / high band
18
Other/unknown
0
2.4 GHz channels are more prone to overlap and congestion. 5 GHz / high-band rows usually give better capacity, but still need channel planning.

Security mode mix

WPA2-Personal
11
WPA2-Enterprise
6
WPA3-Enterprise
6
Open
5
Open: 5, weak/legacy: 0, personal/PSK: 11, enterprise/802.1X: 12. Windows does not reliably expose WPS/PIN status, so the helper records it only when visible.
TypeName / SSIDAddress / BSSIDVendorSignalChannelAuthenticationEncryptionRiskFindingsSecurity evaluationEvidence
WiFiNetworkExampleCorp02:00:00:00:00:0ALocally administered / randomized24%100WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp02:00:00:00:00:0BLocally administered / randomized70%60WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp02:00:00:00:00:0CLocally administered / randomized82%36WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp02:00:00:00:00:07Locally administered / randomized72%11WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp02:00:00:00:00:08Locally administered / randomized80%6WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:14Locally administered / randomized26%100WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:16Locally administered / randomized70%60WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:15Locally administered / randomized24%100WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:12Cisco Meraki72%11WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Vendor matched from BSSID OUI: Cisco Meraki; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:17Locally administered / randomized82%36WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkCorporate-SSID02:00:00:00:00:13Cisco Meraki80%6WPA2-EnterpriseCCMPMediumWPA2 with AES/CCMP advertised; Enterprise authentication; Vendor matched from BSSID OUI: Cisco Meraki; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:04Locally administered / randomized26%100WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:05Locally administered / randomized70%60WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:06Locally administered / randomized82%36WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:01Locally administered / randomized72%11WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:02Locally administered / randomized80%6WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp_Guest02:00:00:00:00:10Locally administered / randomized70%60OpenNoneHighOpen Wi-Fi network; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDNo link-layer encryption is advertised. Treat as unsafe unless this is an intentionally isolated guest/onboarding network. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp_Guest02:00:00:00:00:0FLocally administered / randomized24%100OpenNoneHighOpen Wi-Fi network; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDNo link-layer encryption is advertised. Treat as unsafe unless this is an intentionally isolated guest/onboarding network. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp_Guest02:00:00:00:00:0DLocally administered / randomized72%11OpenNoneHighOpen Wi-Fi network; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDNo link-layer encryption is advertised. Treat as unsafe unless this is an intentionally isolated guest/onboarding network. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp_Guest02:00:00:00:00:0ELocally administered / randomized80%6OpenNoneHighOpen Wi-Fi network; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDNo link-layer encryption is advertised. Treat as unsafe unless this is an intentionally isolated guest/onboarding network. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp_Guest02:00:00:00:00:11Locally administered / randomized82%36OpenNoneHighOpen Wi-Fi network; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDNo link-layer encryption is advertised. Treat as unsafe unless this is an intentionally isolated guest/onboarding network. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkWarehouse-WiFi02:00:00:00:00:18Locally administered / randomized72%11WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkWarehouse-WiFi02:00:00:00:00:1CLocally administered / randomized82%36WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkWarehouse-WiFi02:00:00:00:00:19Locally administered / randomized80%6WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkWarehouse-WiFi02:00:00:00:00:1BLocally administered / randomized70%60WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp02:00:00:00:00:09Locally administered / randomized26%100WPA3-EnterpriseCCMPMediumWPA3 advertised; Enterprise authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA3 is advertised; still verify configuration, client compatibility and management frame protection policy. Enterprise/802.1X authentication is advertised; verify certificate validation and EAP settings on clients. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkExampleCorp-IoT02:00:00:00:00:03Locally administered / randomized26%100WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
WiFiNetworkWarehouse-WiFi02:00:00:00:00:1ALocally administered / randomized24%100WPA2-PersonalCCMPMediumWPA2 with AES/CCMP advertised; Personal/PSK authentication; Randomized/locally administered BSSID; Possible rogue AP indicator: randomized/locally administered BSSID present for this SSIDWPA2 with AES/CCMP is a reasonable baseline when configured with strong credentials or 802.1X. PSK networks depend heavily on passphrase quality and rotation. Corporate networks should normally prefer 802.1X/Enterprise. BSSID uses a locally administered/randomized prefix, so vendor attribution is weaker and manual validation is recommended. WPS/PIN status was not exposed by Windows netsh for this observation; verify on the AP/controller if WPS/PIN is disabled. At least one BSSID for this SSID uses a locally administered/randomized prefix, which weakens vendor attribution and deserves manual validation.Native WlanScan refresh + netsh wlan show networks mode=bssid
BluetoothMobile Device AVRCP TransportInfoKnown/paired/installed Bluetooth deviceBTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothMobile DeviceInfoKnown/paired/installed Bluetooth deviceBTHENUM\DEV_CC2119A7C775\7&923F0F0&1&BLUETOOTHDEVICE_CC2119A7C775
BluetoothPersonal Area Network ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{00001115-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothBluetooth LE Generic Attribute ServiceInfoKnown/paired/installed Bluetooth deviceBTHLEDEVICE\{0000180F-0000-1000-8000-00805F9B34FB}_DEV_VID&02413C_PID&3026_REV&0001_C80C062075FA\8&2A5CB5FC&0&0012
BluetoothGeneric Access ProfileInfoKnown/paired/installed Bluetooth deviceBTHLEDEVICE\{00001800-0000-1000-8000-00805F9B34FB}_DEV_VID&02413C_PID&3026_REV&0001_C80C062075FA\8&2A5CB5FC&0&0001
BluetoothDevice Information ServiceInfoKnown/paired/installed Bluetooth deviceBTHLEDEVICE\{0000180A-0000-1000-8000-00805F9B34FB}_DEV_VID&02413C_PID&2511_REV&0001_C90D89369F17\8&2F7FD925&0&000B
BluetoothMicrosoft Bluetooth EnumeratorInfoKnown/paired/installed Bluetooth deviceBTH\MS_BTHBRB\6&C17656B&0&1
BluetoothMicrosoft Bluetooth LE EnumeratorInfoKnown/paired/installed Bluetooth deviceBTH\MS_BTHLE\6&C17656B&0&3
BluetoothSim Access ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{0000112D-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothIntel(R) Wireless Bluetooth(R)InfoKnown/paired/installed Bluetooth deviceUSB\VID_8087&PID_0032\5&1A90396&0&10
BluetoothGeneric Attribute ProfileInfoKnown/paired/installed Bluetooth deviceBTHLEDEVICE\{00001801-0000-1000-8000-00805F9B34FB}_DEV_VID&02413C_PID&3026_REV&0001_C80C062075FA\8&2A5CB5FC&0&000A
BluetoothObject Push ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothBluetooth Device (RFCOMM Protocol TDI)InfoKnown/paired/installed Bluetooth deviceBTH\MS_RFCOMM\6&C17656B&0&0
BluetoothHeadset Audio Gateway ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothPersonal Area Network NAP ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{00001116-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothWireless KeyboardInfoKnown/paired/installed Bluetooth deviceBTHLE\DEV_C90D89369F17\7&38A468DE&1&C90D89369F17
BluetoothPhonebook Access Pse ServiceInfoKnown/paired/installed Bluetooth deviceBTHENUM\{0000112F-0000-1000-8000-00805F9B34FB}_VID&00010075_PID&0100\7&923F0F0&1&CC2119A7C775_C00000000
BluetoothWireless MouseLowKnown/paired/installed Bluetooth device; Bluetooth HID/input deviceBTHLE\DEV_C80C062075FA\7&38A468DE&1&C80C062075FA
BluetoothLEBLE live advertisement scan unavailable in Windows PowerShellInfoWindows PowerShell cannot subscribe to Windows Runtime Bluetooth LE events; Known/paired Bluetooth inventory is still collectedRegister-ObjectEvent does not support WinRT events in Windows PowerShell 5.1

How to read Radio / Wi-Fi evidence

Radio findings are evidence-based and local to the scanner position. Treat open/weak encryption, duplicate SSIDs with different security, vendor mismatches and randomized BSSIDs as review indicators, not automatic proof of compromise. Confirm suspected rogue/evil-twin rows against your approved AP inventory/controller before taking action.

Open or weak Wi-FiOpen authentication, WEP, legacy WPA or TKIP encryption should be reviewed first.Why it matters: weak wireless protection can allow local interception, unauthorized access or easier credential attacks.Suggestion: prefer WPA3 where possible, otherwise WPA2-AES. Avoid open, WEP, TKIP and legacy WPA for business networks.
Enterprise vs personalEnterprise/802.1X usually gives better identity control than shared PSK networks, but both still need sane configuration.Why it matters: shared keys are hard to revoke per-user and often stay unchanged too long.Suggestion: use 802.1X for corporate access, separate guest/IoT networks, and rotate PSKs where they are unavoidable.
Channel congestionMany BSSIDs on the same or overlapping channels can indicate poor channel planning or a noisy RF environment.Why it matters: congestion hurts reliability and may look like application or network instability.Suggestion: validate with your controller/site survey tools, reduce unnecessary SSIDs, and tune channels/transmit power.
Duplicate SSIDs and evil-twin hintsThe scanner flags duplicate SSIDs, mixed security modes and vendor differences as review evidence.Why it matters: legitimate roaming APs can look similar, but an unexpected AP using the same SSID can also be a rogue or evil-twin candidate.Suggestion: compare BSSID, vendor, security mode and location against your approved AP inventory before escalating.
Vendor/OUI evidenceBSSID vendors are matched from OUI data when possible. Some devices randomize MAC addresses or use OEM/chipset OUIs.Why it matters: vendor evidence helps inventory review, but it is not definitive ownership proof.Suggestion: use vendor mismatch as a triage clue, then confirm in the WLAN controller, switch table or physical AP inventory.
Windows radio limitsWindows exposes Wi-Fi data unevenly depending on adapter, driver, WLAN AutoConfig cache and timing. Bluetooth/BLE and Wi-Fi Direct are best-effort.Why it matters: a missing row does not prove a network or radio device is absent.Suggestion: run multiple passes, scan from realistic user locations, and compare with Android Auditor or WLAN controller data when precision matters.

Wi-Fi Aware is intentionally reported by the Android Auditor where the platform exposes the required discovery APIs. On Windows, this helper reports Wi-Fi Direct candidates and Bluetooth/BLE observations on a best-effort basis.

Network: Manual network: 10.10.10.10/23 (Scanned in 2 subnets)

Scantide Local Network Scanner with CVE Intelligence

Web Evidence Column: scripts are parsed from <script src> tags, inline scripts are counted and expandable with safe snippets, beacon-like endpoints are extracted from common browser calls and telemetry URL patterns, cookies are read from Set-Cookie response headers, and HTTP security headers are captured and evaluated for missing, exposed, or weak controls, including Server/X-Powered-By exposure. External script and beacon destinations are highlighted. JavaScript execution is not simulated, so treat this as response-based evidence rather than a full browser crawl.

Important: The report is based on reachable services, banners, DNS/PTR lookups, HTTP responses, TLS evidence and optional local discovery data. Software versions may be masked, modified, or incorrectly identified.

CVE Status Column:


SSL/TLS configuration and certificate validation results should be verified independently. This report is intended as a preliminary assessment tool and should not replace comprehensive security auditing or manual verification by qualified security professionals.