Internal Vulnerability Scanning

Get broader coverage of your internal systems, including your remote employees. Easily meet compliance requirements. Automated to save you time.

Keep your internal systems secure without the complexity

While your external network is the easiest to access for hackers, your internal systems can also be reached with a little extra effort, especially with the rise in remote and hybrid working. Intruder helps you protect the inside like you protect the outside providing a second layer of defence against attackers. So it doesn’t matter where your devices are, you can keep your attack surface secure.

What is an internal vulnerability scanner?

An internal vulnerability scanner is a tool that checks for weaknesses from the perspective of an attacker who has breached an external security perimeter. This includes apps, devices, and servers operating within a private network.

Internal vulnerability scanning can find vulnerabilities that external scanning can’t, such as missing patches, weak passwords, and intranet vulnerabilities, helping organizations stay patched and protected.

Intruder is an agent-based scanner, which requires you to install software on each device to be scanned. This provides broader coverage than alternatives, such as network-based scanning.

How to start scanning your internal systems


Start scanning

To get started, install our agent-based scanner onto all of the devices you want to protect. Kick off or schedule a scan in just a few clicks.


Get the results

Review vulnerabilities prioritized by business context, send tickets and issues directly to your teams within hours.


Verify your fixes

Quickly rescan specific issues to check if your fixes worked. Set up automated scans for continuous security.

See how easy internal vulnerability scanning can be

Scan for vulnerabilities from a trusted position

Find critical vulnerabilities within your internal endpoints, including local misconfigurations, encryption weaknesses and vulnerable software packages. Our agent-based scanner ensures you can protect assets that aren’t on your network so you can keep your remote employees’ devices secure.

Save time with automated internal vulnerability scanning

Schedule scans to automatically run at times that suit you best. Noise filtered, concise, actionable reports help you focus on fixing what is making you most vulnerable.

Compliance without the effort

Audit ready reports easily demonstrate security to stakeholders and customers. Reduce your time to fix and track progress easily with our dashboard and cyber hygiene score.

Stop threats in their tracks

With 65+ new vulnerabilities discovered daily, most businesses don't have the time or expertise to stay on top of them.

Intruder works to protect customers of all sizes from known emerging threats and discovered threats in the wild. So, when attackers are alerted to emerging vulnerabilities, we are too - and we are already checking your systems for them.

How often should you scan?

The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. We explain why continuous vulnerability scanning has become essential and how you can best implement it.

Read our reviews on

Why is internal vulnerability scanning important?
faq arrow

While your external network is the easiest to access for hackers, and available for attack 24/7, your internal systems can also be reached with a little extra effort. For example by an email containing a malicious attachment, or link to a web page that exploits known unpatched software on an employee’s device. Similarly, unpatched software or the lack of hardening of internal systems can help an attacker move around internal systems once they’ve gained an initial foothold. Having a well patched and hardened internal environment will help you avoid this next level of attack, and can be important for compliance with many security standards, or customer security questionnaires. It also helps further protect perimeter systems, by providing next-level information that can’t be gained from the outside.

What is the difference between external and internal vulnerability scanning?
faq arrow

External vulnerability scanning assesses your internet-facing infrastructure for known vulnerabilities that an attacker, who doesn’t have access to your organization's private networks, could exploit.

On the flip side, internal vulnerability scanning is concerned with finding weaknesses in your internal endpoints, which are typically hidden behind a firewall and only accessible by your employees or trusted partners.

Learn more about the differences between internal vs external vulnerability scanning.

What systems can I scan with your internal scanner?
faq arrow

You can scan anything supporting Windows, Linux or MacOS operating systems. Our internal scanner uses an agent that you need to install onto each device that you wish to scan. You can read more about how our internal scanning works here.

Can I scan network devices with Intruder?
faq arrow

Our internal vulnerability scanner is agent-based and does not support the scanning of network devices such as routers and switches. Read our article to find out why we think agent-based scanning is the right approach for many modern organizations.

What is agent-based scanning?
faq arrow

Agent-based internal vulnerability scanning involves running ‘agents’ on your devices that report back to a central server. It is considered a more modern approach to internal scanning than network-based scanning. Learn all about agent-based scanning and why we think it’s the best approach in our blog.

How much does Intruder’s internal vulnerability scanning cost?
faq arrow

The internal vulnerability scanning feature is available to our Pro, Premium, and Vanguard subscribers. The price of internal vulnerability scanning is determined by the number of hosts/devices that you wish to scan, as each one is considered a separate target. Visit our pricing page to see how much it will cost for you to scan a set number of targets.

Can I add an Internal IP as a target?
faq arrow

No, it is not possible to add an internal IP as a target in the Intruder platform, instead, you need to install an agent onto each device that you wish to scan. It’s worth noting, the agent will only scan the device onto which it has been installed and nothing else.

Sign up for your free 14-day trial

7 days free trial