How to Use NetAudit AI

Head over to the dashboard and you'll see a text field waiting for a target. This can be anything — an IP address like 192.168.1.1, a hostname, or even a CIDR range like 10.0.0.0/24.

Below the input, pick a scan profile. Quick Audit hits the top 100 ports and finishes in under a minute. Deep Inspectionis more thorough — it scans ports 1 through 1000 and spends extra time fingerprinting services. Use Quick for regular check-ins, Deep when you're doing a proper audit.

Hit Run Audit and watch the radar animation tick through each phase: initializing, scanning, analyzing, inferring. No account needed, no setup — just paste and go.

Here's what happens under the hood. When you hit that button, the frontend sends your target to a backend server running Nmap. Nmap does what it does best — probes the target, figures out which ports are open, what services are listening, and sometimes even what operating system is running.

The raw scan output gets parsed into structured data: port numbers, service names, version strings. Then comes the AI part. A Groq-powered LLM takes that structured data and figures out what's worth worrying about. Instead of dumping a wall of CVEs, you get plain-English observations and specific steps to fix things.

The whole thing runs server-side, so your scan data exists only for that session. Close the tab, it's gone.

Once the scan finishes, you'll see a few things on screen. First, a donut chart that breaks down the vulnerability severity across all detected ports — a quick sense of how bad things are at a glance.

Below that, a table lists every open port with its service name, version, and a severity badge. The colors map to risk levels:

• Critical — needs immediate attention (exposed database, default credentials)
• High — fix soon (missing security headers, outdated software)
• Medium — worth addressing (weak ciphers, unnecessary services)
• Low — informational (HTTPS properly configured)
• Safe — no issues detected

If the scan finds any web servers, there's also an HTTP security headers section that checks for HSTS, CSP, X-Frame-Options, and the like. And finally, the AI remediation panel gives you a prioritized list of actions — each one tells you what's wrong, why it matters, and how to fix it.

You can export everything as a PDF if you need to share results with your team or keep records for compliance.

What kind of targets can I scan?

Any IP address or CIDR range you own or have explicit permission to test. We don't allow scanning random internet hosts.

How long does a scan take?

Quick audits finish in 30-60 seconds. Deep inspections can take 2-5 minutes depending on the target and network conditions.

Do you store my scan data?

No. Everything is ephemeral — once you close or refresh the page, the results are gone. We don't log targets or store scan history.

Which ports does Quick Audit check?

The top 100 most commonly targeted ports — things like SSH (22), HTTP (80), HTTPS (443), databases, and popular services. Deep Inspection covers 1 through 1000.

Why isn't SYN scan working?

SYN scan requires raw socket access, which most cloud and container environments don't provide. We use TCP Connect scan (-sT) instead — it's slightly louder but works everywhere.

I found something. What do I do next?

The AI generates specific remediation steps for each issue. For a broader strategy, check out our guide on securing open ports.