Network Scanning

Network vulnerability scanning for your external perimeter

Fencer discovers open ports and exposed services across your public IPs, then checks each for known vulnerabilities. Connect your cloud account and start scanning instantly.

Get Started Book a Demo

Why Fencer?

Network scanning made easy

Works in Minutes, NOt MOnths

Connect your cloud account and Fencer discovers your public IPs, maps open services, and runs vulnerability checks automatically. No target lists to configure.

Two phases, one Scan

Port discovery then vulnerability assessment, automatically. Every open service checked for known CVEs without any extra configuration.

Your Full Security Foundation

Network scanning sits alongside application security, cloud, identity, endpoint, and monitoring in Fencer's complete security platform.

Capabilities

Your external perimeter, mapped and checked daily

Service discovery

Automatically discover open ports and services

Fencer connects to your cloud accounts and domains and automatically extracts public IP addresses from EC2 instances, load balancers, RDS databases, and Redshift clusters. It then runs a port scan across the top 1,000 ports on each IP, recording every open service it finds.

Cloud-connected discovery: Public IPs extracted automatically from connected AWS accounts, domains, and other sources
Custom targets: Scan any IP, CIDR range, hostname, or domain expansion target you define manually
Full service inventory: Every open port recorded with hostname, port, protocol, detected service, product, version, and banner
Nightly scheduled scans: Scans run automatically every night and can be triggered on demand at any time

Vulnerability scanning

Scan every exposed service for known vulnerabilities

Once open services are discovered, Fencer automatically runs vulnerability checks against each one. Findings flow directly into your vulnerability pipeline with severity ratings and remediation guidance. Every service has a full scan history so your team can track whether things are getting better or worse over time.

SSL/TLS vulnerabilities: Heartbleed, POODLE, DROWN, CCS Injection, weak DH parameters, and deprecated cipher suites
Critical service exploits: EternalBlue (MS17-010), Shellshock, Struts RCE, and other high-impact known vulnerabilities
Unauthenticated service exposure: Redis, MongoDB, MySQL, Memcached, and FTP instances accessible without credentials
RDP and SSH issues: MS12-020, weak RSA key generation, and weak SSH authentication configurations
INFO filtering: Informational results are automatically filtered out so only actionable findings reach your queue

use Cases

What can you do with Fencer's network scanning?

See your external network the way an attacker does

Fencer scans from the outside in, surfacing open ports, exposed services, and known vulnerabilities on your public IPs before an attacker finds them.

Catch exposed services before they become incidents

An unauthenticated Redis or publicly accessible database is a breach waiting to happen. Fencer flags these as Critical findings immediately on first scan.

Meet SOC 2 external vulnerability scanning requirements

SOC 2 auditors ask for external vulnerability scanning evidence on production infrastructure. Fencer's nightly scan history and findings record give you that automatically.

Keep pace with your perimeter as infrastructure grows

New EC2 instances and load balancers are picked up automatically from your cloud account. Coverage grows with your infrastructure, without any manual updates.

"Almost immediately after working with Fencer, we found a couple critical vulnerabilities in our infrastructure that we were lucky to never have had a real outcome from."

— David Merritt
CTO, Watch Duty

Secure your startup’s momentum

Get started