Ravenscan FAQ
Common questions about Ravenscan, scanning, performance and troubleshooting.
What is Ravenscan?
A self-hosted network and web security scanner packaged as a single Go binary. It discovers hosts, scans ports, audits services (SSH, TLS, HTTP, SMB, RDP, LDAP, Kubernetes, Docker, DNS, FTP, SNMP, NTP), detects vulnerabilities (CVE + CISA KEV), tests web flaws (SQLi, XSS) and produces actionable reports (PDF, HTML, JSON).
How is Ravenscan different from Nmap or OpenVAS?
Ravenscan is a single Go binary with an embedded web UI, REST API and CVE/KEV database — no external dependencies, no database server, no Python stack. It adds attack path analysis, compliance mapping (ISO/NIST/CIS/PCI/HIPAA/SOC 2) and a modern React UI. It is commercial software, not a community tool.
Is Ravenscan "intrusive"?
By default it performs passive scanning: TCP connect, banner grab, no exploitation. Active checks (default credentials, web brute-force, SQLi) are opt-in via dedicated flags (--check-defaults, --web-scan).
How long does a scan take?
Quick profile: ~30s per host, ~3 min for a /24. Standard: ~2 min per host, ~15 min for a /24. Full: ~15 min per host, ~2h for a /24. Stealth: ~30 min per host. Tested up to /16 (65k hosts) in a single pass.
Which scan profiles are available?
Five built-in profiles: quick (top 100 ports), standard (top 1000 + service detection), full (65535 ports + all modules), stealth (slow and discreet, 10 max connections), compliance (standard + evidence + all compliance checks). Custom profiles via YAML.
Does Ravenscan work offline?
Almost entirely. The CVE database and CISA KEV list are embedded in the binary. Only licence validation requires network access (every 48h to license.coderaft.io).
Where does my data go?
Nowhere outside your infrastructure. Ravenscan only contacts license.coderaft.io for licence validation. No telemetry, no reports uploaded.
Is Docker required?
Yes for the platform deployment. Ravenscan runs as part of the CodeRaft Docker Compose stack. Install using curl -fsSL https://install.coderaft.io | bash (or irm https://install.coderaft.io/win | iex on Windows), then activate your licence in the Setup Wizard.
Does Ravenscan need root privileges?
Not by default. Advanced checks (SYN scan, ARP discovery, OS fingerprinting) require CAP_NET_RAW and CAP_NET_ADMIN. For Docker: cap_add: [NET_RAW, NET_ADMIN]. For systemd: AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN.
What are the minimum hardware requirements?
512 MB RAM, ~200 MB disk space. Runs on Linux amd64/arm64, macOS Intel/Apple Silicon, Windows amd64.
Which report formats are supported?
PDF, HTML, JSON, JSONL, Markdown, TXT. All can be generated via the CLI (-o flag) or the REST API.
Can I integrate Ravenscan into CI/CD?
Yes. Use --fail-on high (or critical) to exit with code 5 if findings of that severity are detected. Combine with --output for report artifacts.
What if the licence server is unreachable?
The licence is cached locally (AES-256-GCM encrypted, 48h TTL). Scans continue during the cache window. After 48h without validation, scans are blocked until the server is reachable.
"license_required" error at startup
Run the installer (curl -fsSL https://install.coderaft.io | bash), start the dashboard (cd coderaft && ./start.sh), then activate your licence key in the Setup Wizard at http://localhost:3000.
"permission denied" on SYN scan
Run with --privileged and grant CAP_NET_RAW capability. Docker: cap_add: [NET_RAW]. Systemd: AmbientCapabilities=CAP_NET_RAW.
Scan hangs on some hosts
Default timeout is 3s. Increase with --timeout 10s or use --skip-discovery if ICMP is blocked.
Port 8080 already in use
Use --listen :9090 or change the port in docker-compose.yml.