01
Distributed L4 Discovery
Run controlled TCP service discovery with per-worker capacity, per-asset policy, timeout boundaries, and explicit port profiles.
Professional distributed network and vulnerability exposure scanning
Controlled external scanning from the locations that matter.
Netharion helps CTI, MSSP, and security operations teams run authorized L4/L7 exposure scans from regional worker nodes, collect reproducible evidence, and understand how assets respond from different network geographies.
L4Port discovery with controlled concurrency
L7Protocol evidence and service context
GeoRegional workers and visible egress IPs
Scanner Cluster 4 workers online
Singaporeworker · online
Germanyworker · online
US Eastworker · online
Londonworker · standby
Master NodeQueue & Orchestration
scan_id: nth_9f42a7running
Platform
Purpose-built for customer-aware exposure validation.
Different customers have different network policies, geographic behavior, whitelist requirements, and tolerance for scan speed. Netharion is designed around those operational realities.
02
L7 Service Evidence
Collect HTTP, HTTPS, TLS, SSH, SMTP, FTP, MySQL and banner-level evidence without exploit execution or brute-force behavior.
03
Regional Scanner Selection
Expose scanner locations and egress IPs to customers so they can whitelist selected nodes and validate region-specific responses.
Architecture
Master orchestration. Worker execution.
The Master owns scheduling, health, queue state, scanner inventory, leases, and result APIs. Workers execute the scan policy and return schema-versioned evidence.
1
Register scanner nodesWorkers report location, public egress IP, capacity, and supported scan capabilities.
2
Create controlled scan requestsThe CTI service sends target, scan level, port profile, region preference, limits, and timeout policy.
3
Lease jobs safelyattempt_id and lease_until prevent duplicate or stale worker results from overwriting active scans.
4
Return stable evidenceResults are normalized into JSON for dashboards, enrichment, and downstream finding engines.
{
"schema_version": "1.0",
"scan_id": "scan_123",
"scanner": {
"region": "Singapore",
"egress_ip": "203.0.113.10"
},
"target": {
"input": "example.com",
"resolved_ips": ["93.184.216.34"]
},
"observations": [{
"port": 443,
"state": "open",
"service": { "name": "https", "confidence": 0.95 },
"tls": { "expired": false, "issuer": "Let's Encrypt" },
"http": { "status_code": 200, "title": "Example Domain" }
}]
}Controls
Designed for professional security operations.
Netharion favors safe defaults, auditability, and predictable scanning over noisy internet-wide behavior.
Customer-specific scan policy
Define per-asset scanner region, port profile, scan level, timeout, redirect limit, body-size limit, and concurrency boundaries.
top100top1000webmaildatabaseexplicit full_tcp
Operational safeguards
Use idempotent scan creation, job leases, attempt tracking, stale result rejection, partial completion, cancel APIs, and audit events.
attempt_idlease_untilidempotencypartial resultscancel API
Use Cases
For CTI, MSSP, and security operations teams.
Validate exposure continuously, enrich asset inventories, and produce defensible evidence for customer-facing security workflows.
EA
External Attack Surface Monitoring
Discover exposed services across customer-owned IPs, domains, and cloud-facing assets.
RG
Regional Exposure Verification
Check how assets respond from selected geographic worker nodes and egress IPs.
VI
Vulnerability Context Enrichment
Feed normalized service, TLS, HTTP, and banner observations into your finding pipeline.
Bring controlled distributed scanning into your CTI platform.
Use Netharion to provide regional visibility, reliable evidence, and customer-aware scanning without turning exposure validation into uncontrolled noise.