First Scan¶

Ready to scan your network? Follow this guide to run your first scan and understand the results.

Quick Start Checklist¶

Running a Scan¶

Web UICLIAPI

Open http://localhost:8080
Create admin account on first visit
Click Run Scan in the top-right
Select scan profile
Monitor progress in real-time

First Time?

Start with a Quick scan to verify everything works, then run Normal for full results.

# Quick scan (ping only, ~30 seconds)
python scan_cli.py scan --profile quick

# Normal scan (ports + services, 3-5 minutes)
python scan_cli.py scan --profile normal --detect-changes

# Specific subnet
python scan_cli.py scan --subnet 10.0.0.0/24

Press Ctrl+C to cancel a running scan.

# Trigger scan
curl -X POST "http://localhost:8080/api/scan/trigger?profile=quick"

# Check status
curl http://localhost:8080/api/scan/status

Scan Profiles¶

Profile	What it Does	Time (50 hosts)	Best For
Quick	Ping sweep only	~30 seconds	Device presence check
Normal	Ports 1-1000 + services	3-5 minutes	Regular security audits
Intensive	All ports + scripts	15-30 minutes	Deep analysis

Recommended Approach

Run Quick first to verify connectivity
Run Normal to establish a security baseline
Use Intensive sparingly for detailed analysis

Understanding Results¶

Risk Levels¶

Level	Color	Meaning	Example
Critical	Red	Immediate action needed	Telnet exposed
High	Orange	Significant risk	SMB, RDP open
Medium	Yellow	Moderate concern	Uncommon services
Low	Blue	Minor issue	Info disclosure
None	Green	No detected issues	Clean device

Risky Ports¶

Critical Risk Ports

These services should almost never be exposed on a home network:

Port	Service	Risk
23	Telnet	Cleartext credentials
21	FTP	Cleartext authentication
445	SMB	Common ransomware target
3389	RDP	Brute force attacks
5900	VNC	Often weak authentication

Other Ports of Interest

Port	Service	Notes
22	SSH	OK if properly secured
80/443	HTTP/HTTPS	Check what's being served
8080	Alt HTTP	Often admin interfaces
1883	MQTT	IoT protocol, often unsecured
5353	mDNS	Service discovery

Device Organization¶

Organize your devices for easier management and cleaner dashboards.

Zones¶

Group devices by function:

Zone	Purpose	Examples
Servers	Infrastructure	NAS, Docker hosts, VMs
Network	Network gear	Routers, switches, APs
Workstations	User devices	Desktops, laptops
IoT	Smart devices	Cameras, thermostats
DMZ	Exposed services	Web servers

Labels¶

Add descriptive names for quick identification:

proxmox-01
unifi-ap-garage
synology-nas
ring-doorbell

Trusted Devices¶

Reduce Noise

Mark known devices as trusted to filter them from security alerts. Trusted devices still appear in scans but won't trigger new device alerts.

Scheduled Scans¶

Automate regular scanning to catch changes.

Cron (Manual Install)Docker Environment

# Quick scan every 6 hours
0 */6 * * * cd /path/to/argus && python scan_cli.py scan --profile quick --detect-changes

# Normal scan nightly at 2 AM
0 2 * * * cd /path/to/argus && python scan_cli.py scan --profile normal --detect-changes

docker-compose.yml

environment:
  - SCAN_SCHEDULE=0 2 * * *

Intensive Scans

Don't schedule intensive scans frequently. They generate significant network traffic and can take 30+ minutes on larger networks.

What's Next?¶

Dashboard

Learn to navigate the dashboard and understand metrics

Dashboard Guide
API Reference

Automate Argus with the REST API

API Docs
Integrations

Connect UniFi, Pi-hole, AdGuard, and more

Set Up Integrations