Catalyst / admin/Synapse-NetscanXi 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / Synapse-NetscanXi

public

Network Scanning, Vulnerability and Compliance Application

Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
Synapse-NetscanXi / NetscanXiVersion13 / docs / sales-sheet.html 16295 B · main
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>NetscanXi Version 13 - Sales Sheet</title>
<style>
  @page { size: A4; margin: 12mm 13mm 11mm 13mm; }
  * { box-sizing: border-box; }
  html { -webkit-print-color-adjust: exact; print-color-adjust: exact; }
  body {
    font-family: "Segoe UI", -apple-system, Roboto, Helvetica, Arial, sans-serif;
    color: #1c2430; font-size: 9pt; line-height: 1.32; margin: 0;
  }
  h1, h2, h3 { color: #0f2a47; font-weight: 700; }

  /* Header band */
  .hdr { background: #0f2a47; color: #fff; border-radius: 9px;
         padding: 14px 18px; display: flex; align-items: center;
         justify-content: space-between; }
  .hdr .left { display: flex; align-items: center; gap: 12px; }
  .hdr .logo { font-size: 30pt; line-height: 1; }
  .hdr h1 { color: #fff; font-size: 25pt; margin: 0; letter-spacing: -1px; }
  .hdr h1 .x { color: #2fd06a; }
  .hdr .sub { color: #b9c7d8; font-size: 9pt; margin-top: 2px; }
  .hdr .ver { display: inline-block; background: #1f9d3a; color: #fff;
              font-weight: 700; padding: 3px 13px; border-radius: 20px;
              font-size: 10pt; white-space: nowrap; }

  .tagline { font-size: 11.5pt; color: #14507a; font-weight: 700;
             margin: 12px 0 2px; }
  .lead { font-size: 9.2pt; color: #34404e; margin: 0 0 8px; }

  h2.sec { font-size: 11pt; margin: 12px 0 6px; padding-bottom: 3px;
           border-bottom: 2px solid #2496ed; }

  /* Two-column layout */
  .cols { display: flex; gap: 14px; }
  .col { flex: 1; }

  /* Value cards */
  .vcard { border: 1px solid #cfe0f0; border-left: 4px solid #2496ed;
           background: #f4f7fa; border-radius: 6px; padding: 7px 10px;
           margin-bottom: 7px; }
  .vcard b { color: #0f2a47; font-size: 9.4pt; }
  .vcard span { display: block; color: #45525f; font-size: 8.6pt; margin-top: 1px; }
  .vcard.green { border-left-color: #1f9d3a; }
  .vcard.purple { border-left-color: #7b46d1; }
  .vcard.amber { border-left-color: #9a6700; }

  ul { margin: 4px 0 4px 0; padding-left: 16px; }
  li { margin: 2px 0; }

  /* Badges */
  .badges { margin: 4px 0 2px; }
  .badge { display: inline-block; background: #eef3f8; border: 1px solid #cfe0f0;
           color: #14507a; border-radius: 12px; padding: 2px 9px; font-size: 8pt;
           margin: 2px 3px 2px 0; font-weight: 600; }

  /* Framework pills */
  .fw { display: inline-block; background: #0f2a47; color: #fff; border-radius: 5px;
        padding: 2px 8px; font-size: 8.4pt; font-weight: 600; margin: 2px 3px 2px 0; }
  .fw.green { background: #1f9d3a; }

  /* Audience table */
  table { width: 100%; border-collapse: collapse; margin: 4px 0; font-size: 8.4pt; }
  th, td { text-align: left; padding: 5px 8px; border: 1px solid #d4dae0;
           vertical-align: top; }
  th { background: #0f2a47; color: #fff; font-weight: 600; }
  tr:nth-child(even) td { background: #f4f7fa; }

  /* Callout */
  .tip { background: #eafaf0; border-left: 4px solid #1f9d3a; border-radius: 6px;
         padding: 7px 11px; margin: 8px 0; font-size: 8.8pt; }
  .tip b { color: #0f2a47; }

  /* CTA footer */
  .cta { background: #0f2a47; color: #fff; border-radius: 9px; padding: 11px 16px;
         margin-top: 11px; display: flex; align-items: center;
         justify-content: space-between; }
  .cta .big { font-size: 11.5pt; font-weight: 700; }
  .cta .big .x { color: #2fd06a; }
  .cta .det { font-size: 8.6pt; color: #cdd8e6; margin-top: 2px; }
  .cta .pill { display: inline-block; background: #1f9d3a; color: #fff;
               padding: 5px 14px; border-radius: 20px; font-weight: 700;
               font-size: 9.5pt; }
  .foot { text-align: center; color: #8b97a5; font-size: 7.8pt; margin-top: 7px; }
</style>
</head>
<body>

<!-- HEADER -->
<div class="hdr">
  <div class="left">
    <div class="logo">🛰️</div>
    <div>
      <h1><span class="x">N</span>etscanXi</h1>
      <div class="sub">Self-hosted network discovery, vulnerability &amp; compliance intelligence</div>
    </div>
  </div>
  <div class="ver">Version 13</div>
</div>

<div class="tagline">Turn one network scan into a board-ready compliance posture.</div>
<p class="lead">NetscanXi maps every device, service, container and vulnerability on your
network &mdash; then cross-references each finding against <b>eight regulatory frameworks</b>.
Self-hosted, multi-tenant, and deployed with a single <code>docker compose up</code>.
Your data never leaves your infrastructure.</p>

<div class="tip"><b>New in Version 13:</b> 🔧 <b>Patch and Remedy</b> &mdash; apply <b>operating-system updates &amp; upgrades</b> (apt / dnf / yum / zypper / apk, auto-detected) over SSH to a single asset, an asset group, or every asset &mdash; or update Docker images. NetscanXi now <b>acts</b> on what it finds, <b>auto-creates and updates a remediation record</b> for every run, and uses <b>per-run credentials that are never stored</b>. Don't just find the risk &mdash; fix it.</div>

<!-- FRAMEWORKS STRIP -->
<span class="fw green">NCSC CAF</span><span class="fw green">NIST CSF</span><span class="fw">PCI DSS</span><span class="fw">GDPR</span><span class="fw">ISO 27001</span><span class="fw">SOC 2</span><span class="fw">HIPAA</span><span class="fw">Cyber Essentials</span>

<!-- TWO COLUMNS -->
<div class="cols">
  <!-- LEFT -->
  <div class="col">
    <h2 class="sec">Why NetscanXi</h2>
    <div class="vcard green">
      <b>Compliance, not just a scan</b>
      <span>Every finding maps to named controls across 8 frameworks &mdash; the only
        affordable self-hosted tool with native <b>NCSC CAF</b> mapping.</span>
    </div>
    <div class="vcard purple">
      <b>Built for MSPs &amp; multi-team</b>
      <span>True multi-tenancy: one install, many isolated client tenants with
        scoped data. White-label-friendly recurring revenue.</span>
    </div>
    <div class="vcard">
      <b>Your data stays yours</b>
      <span>100% self-hosted on Debian. No cloud, no per-asset metering,
        no data egress &mdash; ideal for public sector &amp; CNI.</span>
    </div>
    <div class="vcard amber">
      <b>Evidence on demand</b>
      <span>Branded executive &amp; per-host PDF reports for audits, ticketing and
        system owners &mdash; generated from a single scan.</span>
    </div>

    <h2 class="sec">Capabilities</h2>
    <ul>
      <li><b>Asset discovery</b> &mdash; live hosts, OS, services &amp; software inventory</li>
      <li><b>Vulnerability scanning</b> with CVE enrichment &amp; CISA KEV tagging</li>
      <li><b>Risk scoring</b> + tailored, official mitigation guidance</li>
      <li><b>🔧 Patch and Remedy (v13)</b> &mdash; OS updates/upgrades over SSH (+ Docker images) per asset / group / all, auto-tracked, with credentials never stored</li>
      <li><b>🐳 Deep Docker scanning (v10r1)</b> &mdash; container &amp; image inventory, image CVE scanning (Trivy/Grype), CIS Docker audit</li>
      <li><b>AD / DC &amp; TLS certificate</b> auditing and expiry tracking</li>
      <li><b>Change detection</b> &amp; alerting between scans</li>
      <li><b>📡 Passive (zero-probe) discovery</b> for sensitive / OT segments <b>(v9)</b></li>
      <li><b>🆔 Unique asset IDs bound to MAC</b> &mdash; de-duplicated vuln tracking <b>(v9)</b></li>
      <li><b>🗓️ Day &amp; time scheduling</b> + editable asset type <b>(v9)</b></li>
      <li><b>Accounts · Roles · TOTP MFA · Activity audit log</b></li>
    </ul>
  </div>

  <!-- RIGHT -->
  <div class="col">
    <h2 class="sec">Who it's for</h2>
    <table>
      <tr><th>Buyer</th><th>The win</th></tr>
      <tr><td><b>MSPs / MSSPs</b></td>
          <td>One install, many tenants. Resell continuous scanning &amp; compliance as a managed service.</td></tr>
      <tr><td><b>UK public sector &amp; OES</b></td>
          <td>NCSC CAF posture from a scan. Fully self-hosted &mdash; data never leaves the network.</td></tr>
      <tr><td><b>Enterprise security</b></td>
          <td>NIST CSF + PCI / ISO / SOC 2 / HIPAA mapping without a per-asset cloud bill.</td></tr>
      <tr><td><b>SMB &amp; IT teams</b></td>
          <td>Enterprise-grade visibility from <code>docker compose up</code> &mdash; no heavy tooling.</td></tr>
    </table>

    <h2 class="sec">How it compares</h2>
    <table>
      <tr><th>&nbsp;</th><th>NetscanXi</th><th>Typical scanner</th></tr>
      <tr><td><b>Self-hosted</b></td><td>✓ Yes</td><td>Often cloud</td></tr>
      <tr><td><b>Multi-tenant</b></td><td>✓ Built-in</td><td>Add-on / no</td></tr>
      <tr><td><b>8-framework mapping</b></td><td>✓ Incl. CAF</td><td>Rare</td></tr>
      <tr><td><b>Passive (zero-probe) mode</b></td><td>✓ Built-in</td><td>Rare</td></tr>
      <tr><td><b>Deep container scanning</b></td><td>✓ Built-in</td><td>Add-on / no</td></tr>
      <tr><td><b>Per-asset fees</b></td><td>✗ None</td><td>Common</td></tr>
      <tr><td><b>Deploy time</b></td><td>Minutes</td><td>Hours+</td></tr>
    </table>

    <h2 class="sec">Deploy in minutes</h2>
    <div class="tip"><b>One command:</b> <code>docker compose up</code> on Debian.
      Then point it at your network and export your first branded compliance report the
      same day.</div>

    <div class="badges">
      <span class="badge">Flask + nmap</span>
      <span class="badge">Single-container</span>
      <span class="badge">No cloud dependency</span>
      <span class="badge">Free community tier</span>
      <span class="badge">Pro &amp; MSP licensing</span>
    </div>
  </div>
</div>

<!-- NEW IN VERSION 13 -->
<h2 class="sec">🔧 New in Version 13 &mdash; Patching &amp; Remediation</h2>
<div class="cols">
  <div class="col">
    <div class="vcard green"><b>🖥️ OS updates &amp; upgrades over SSH</b><span>The <b>Patch and Remedy</b> tab auto-detects the package manager (apt / dnf / yum / zypper / apk) and applies updates &mdash; with optional full distribution upgrade and a simulate (no-change) mode.</span></div>
    <div class="vcard"><b>🐳 Docker image updates</b><span>Or update Docker images: pulls the latest image for every running container over the same authenticated Engine API used for scanning, with an optional experimental recreate.</span></div>
    <div class="vcard amber"><b>🔒 Credentials never stored</b><span>SSH/sudo and registry credentials are entered per run, used once, then discarded &mdash; never written to the database, never logged, never returned.</span></div>
  </div>
  <div class="col">
    <div class="vcard purple"><b>🧾 Auto-tracked remediation</b><span>Every patch run creates a remediation item per asset and updates it to <b>resolved</b> or <b>blocked</b> &mdash; one source of truth for what was fixed, by whom.</span></div>
    <div class="vcard green"><b>👁️ Dry-run preview</b><span>Preview the targeted assets and detected OS (or images) with zero side effects &mdash; OS preview doesn't even contact SSH &mdash; before you commit.</span></div>
    <div class="vcard"><b>🛡️ Role-gated &amp; tenant-safe</b><span>Patching requires the operator role; scoped users can only ever target their own tenant's assets.</span></div>
  </div>
</div>

<!-- NEW IN VERSION 10r1 -->
<h2 class="sec">🐳 New in Version 10r1 &mdash; Deep Docker Container Scanning</h2>
<div class="cols">
  <div class="col">
    <div class="vcard green"><b>📦 Authenticated container &amp; image inventory</b><span>Agentless Docker Engine API inventory &mdash; containers, images, ports, privileged flags, docker.sock mounts and engine posture.</span></div>
    <div class="vcard"><b>🔎 Image vulnerability scanning</b><span>Per-image CVE scanning via <b>Trivy</b>/<b>Grype</b>, enriched with <b>CISA KEV</b> so exploited container CVEs rank first.</span></div>
    <div class="vcard amber"><b>🛡️ CIS Docker benchmark audit</b><span>Exposed API, no-TLS daemon, privileged containers, socket mounts, host net/PID, insecure registries &mdash; pass/warn/fail.</span></div>
  </div>
  <div class="col">
    <div class="vcard purple"><b>📊 Docker dashboard &amp; host views</b><span>A dedicated Docker dashboard panel plus deep per-host container detail &mdash; with every existing view kept.</span></div>
    <div class="vcard green"><b>🔄 Container drift detection</b><span>Flags new/removed containers, new-privileged or socket-mount changes, and new known-exploited image CVEs between scans.</span></div>
    <div class="vcard"><b>🧾 SBOM, registry &amp; orchestration</b><span>SBOM-capable scanning, insecure-registry flags and Swarm / Kubernetes awareness.</span></div>
  </div>
</div>

<!-- NEW IN VERSION 9.1 -->
<h2 class="sec">✨ New in Version 9.1</h2>
<div class="cols">
  <!-- LEFT -->
  <div class="col">
    <div class="vcard">
      <b>📊 Customisable interactive charts</b>
      <span>OS distribution, vulnerability severity, network risk &amp; compliance and
        regulatory compliance now sit in equal-sized tiles &mdash; switch any chart between
        <b>pie</b>, <b>horizontal</b> or <b>vertical bars</b>, resize and rearrange the tiles,
        then click a slice to filter the asset table.</span>
    </div>
    <div class="vcard green">
      <b>✅ Vulnerability lifecycle management</b>
      <span>Mark CVE findings <b>Remediated</b>, <b>Accepted Risk</b> or <b>False Positive</b> &mdash;
        cut the noise, track remediation and prove progress to auditors.</span>
    </div>
    <div class="vcard">
      <b>☑️ Multi-select asset table</b>
      <span>Act on many assets at once: bulk export and bulk re-scan in a couple of clicks
        instead of one host at a time.</span>
    </div>
    <div class="vcard purple">
      <b>👥 Tenant Admin role</b>
      <span>Delegate full administration inside a tenant for true multi-tenant operations &mdash;
        MSP/MSSP-friendly, with hard tenant isolation.</span>
    </div>
    <div class="vcard">
      <b>🔍 Global search</b>
      <span>Find any asset, CVE or software across the whole estate instantly
        from the top bar.</span>
    </div>
  </div>

  <!-- RIGHT -->
  <div class="col">
    <div class="vcard amber">
      <b>🗄️ Configurable data retention</b>
      <span>Set retention policies right in the Admin UI &mdash; control database growth
        and meet data-governance requirements.</span>
    </div>
    <div class="vcard green">
      <b>🩹 Patch-aware scanning</b>
      <span>Assess against installed patch levels, not just the distro version &mdash;
        dramatically more accurate results with far fewer false positives.</span>
    </div>
    <div class="vcard">
      <b>📈 Historical trend graphs</b>
      <span>Track network risk score and compliance posture as a historical trend line
        &mdash; or switch the same tile to a pie or bar view &mdash; to show measurable
        improvement over time.</span>
    </div>
    <div class="vcard purple">
      <b>🎟️ Native ITSM integrations</b>
      <span>Jira, ServiceNow and Zendesk &mdash; open remediation tickets for findings
        without ever leaving NetscanXi.</span>
    </div>
    <div class="vcard">
      <b>🧩 Customisable dashboard</b>
      <span>Drag, drop, pin or hide components &mdash; and resize, reorder and re-style each
        chart tile &mdash; so every team sees exactly what matters to them. Layout persists
        per user.</span>
    </div>
  </div>
</div>

<!-- CTA -->
<div class="cta">
  <div>
    <div class="big"><span class="x">N</span>etscanXi Version 13 &mdash; see your network <i>and</i> your containers the way an auditor would.</div>
    <div class="det">Free community tier · Pro (per-install) · MSP licensing (per managed network). Self-hosted &mdash; your data, your infrastructure.</div>
  </div>
  <div class="pill">Book a demo</div>
</div>
<div class="foot">Self-hosted · Flask + nmap · Built for Debian &nbsp;|&nbsp; Findings are advisory and support &mdash; not a substitute for &mdash; formal assessment. &nbsp;|&nbsp; © 2026</div>

</body>
</html>