Getting Started

Follow these steps to set up your first network scan.

Prerequisites

mipo is deployed and accessible via HTTPS.
You have owner or admin access.
A target server is available for running the scanner. Build the scanner binary on (or copy it to) the scanner host — not the mipo server. From the cloned repo root on the scanner host:
```
cd scanner && go build -o mipo-scanner .
```
The binary is a static Go executable with no runtime dependencies beyond the kernel. Alternatively, use the install script generated in Config > Scanners (see Step 1 below).
The target server can reach mipo via HTTPS on port 443 (ensure firewalls allow outbound HTTPS from scanner hosts to the mipo server).

1

Register a Scanner

Scanners are remote agents that execute port scans on your target networks.

Navigate to Config > Scanners and click "Add Scanner".
Give it a descriptive name — mipo generates a one-time provisioning token (1-hour TTL).
On the scanner host, run the install script with the token: curl -sk https://<mipo-host>/scanner/install?token=<TOKEN> | bash
The scanner registers itself, receives an API key, and begins heartbeating.
The API key is shown once at registration — only the hash is stored server-side.

Go to Config > Scanners →

2

Define Target Subnets

Subnets define the network ranges you want to scan.

Create subnets using CIDR notation (e.g., 192.168.1.0/24).
IPv4 and IPv6 are both supported.
Scanners must be provisioned (Step 1) before they can be assigned to subnets.
Assign at least one scanner to each subnet.
Group related subnets for easier management.

Go to Config > Subnets →

3

Add Port Lists

Port lists define which ports to check on each target.

Built-in lists cover common services (web, database, mail, etc.).
Create custom lists for your specific services.
Ports default to TCP — use 53/udp syntax for UDP.
Port lists can be reused across multiple scan templates.

Go to Config > Port Lists →

4

Build a Scan Template

Templates combine subnets with port lists to define what gets scanned.

Select one or more subnets (the "where").
Select one or more port lists (the "what").
Optionally define expected results for compliance testing.
Templates are only eligible to run when their subnets have scanners assigned.

Go to Config > Scan Templates →

5

Run Your First Scan

Execute a scan template and view the results.

Select an eligible scan template.
Click "Run Scan" to start.
Monitor progress on the Status page.
View results by clicking on the completed scan.

Go to Scans > Run Scan →

6

Set Up Schedules

Automate recurring scans for continuous monitoring. Schedules are recommended for production deployments to ensure consistent coverage.

Create hourly, daily, weekly, or monthly schedules.
Assign scan templates or template groups to each schedule.
Jitter is automatically added to prevent simultaneous execution.
Disable/enable schedules without deleting them.

Go to Scans > Schedules →

Next Steps

Scanner Provisioning — Detailed guide for deploying scanners in production.
Scan Templates — Learn about templates, groups, and the scan lifecycle.
RBAC & Permissions — Set up users, roles, and access control.
Compliance & GRC — SOC 2 and ISO 27001 audit evidence.