Update internal scan documentation

cloud/scanning/internal-scan.mdx

@@ -5,19 +5,19 @@
 
 Internal network security is critical yet often overlooked. Once attackers gain initial access through configuration drift, phishing, or compromised credentials, they can rapidly expand their foothold by exploiting internal vulnerabilities. This lateral movement can lead to devastating breaches, making internal vulnerability scanning as crucial as external assessments.
 
 ProjectDiscovery offers two distinct approaches for internal network vulnerability scanning, each designed to fit different organizational needs while maintaining our core focus on exploitability and accurate detection.
 
 <CardGroup cols={2}>
   <Card title="Agent based Scanning" icon="cloud" color="blue">
     Use pd-agent for seamless internal scanning through our platform. Perfect for large networks and centralized security management.
   </Card>
   <Card title="Local Scanning & Upload" icon="upload">
     Run Nuclei locally and upload results to PD's platform. Ideal for teams with existing scanning workflows or specific network restrictions.
   </Card>
 </CardGroup>
 
 <Note>
   Internal scanning helps identify misconfigurations, unpatched systems, and security gaps that could be exploited for lateral movement before attackers can leverage them.
 </Note>
 
 ## Method 1: Agent based Scanning (Recommended)
@@ -26,14 +26,14 @@
 
 ### What is pd-agent?
 
 pd-agent is a lightweight agent that you deploy within your internal network to execute scans and enumerations remotely. It establishes a secure outbound connection to ProjectDiscovery's platform, receives scan configurations, and runs them locally. Nuclei, httpx, naabu, dnsx, and tlsx are all built into the agent — there's nothing else to install on the host, and nothing in your network needs to be exposed publicly.
 
 **Key Capabilities:**
 
 - **Multi-Tool Scanning**: Runs Nuclei, httpx, naabu, dnsx, and tlsx — vulnerability scanning, port discovery, HTTP probing, DNS enumeration, and TLS inspection, all from a single agent
 - **Network Discovery**: Automatically discovers the host's subnets on registration. Inside Kubernetes it discovers node IPs, pod CIDRs, and service CIDRs and reports them to the platform
 - **Vulnerability Scanning**: Execute Nuclei-based scans using templates from the ProjectDiscovery platform
 - **Network Routing**: Assign each agent a network name (`-agent-network`) to route scans to specific sites, data centers, or VPCs
 - **Parallel Execution**: Splits each scan into chunks and runs them concurrently, auto-tuning parallelism to the host's available CPU for faster completion
 
 <Note>
@@ -54,20 +54,20 @@
 </Note>
 
 <Warning>
   **Distribute large scans and discoveries across multiple agents.** For large networks, deploy **several agents with the same `-agent-network` name** instead of one big agent. Agents sharing a network name automatically fan in on the same scans and discoveries — work is split across them with no leader and no manual sharding, so two agents finish in roughly half the time. This is the recommended setup for any sizeable internal environment. See the [scaling guide](https://github.com/projectdiscovery/pd-agent/blob/main/docs/scaling.md) for autoscaling.
 </Warning>
 
 ### Step 1: Create a Network
 
 Before installing the agent, you need to create a network in the ProjectDiscovery's platform. Each network represents a distinct internal environment (e.g., production, staging, office network) and generates a unique agent configuration.
 
-1. Navigate to [https://cloud.projectdiscovery.io/networks](https://cloud.projectdiscovery.io/networks)
+1. Navigate to [https://cloud.projectdiscovery.io/internal-network](https://cloud.projectdiscovery.io/internal-network)
 2. Click **"Create Network"**
 3. Provide a network name
 4. Save the network to generate your unique agent installation command
 
 <Frame>
-  <img src="/images/pdcp-create-network-demo.gif" alt="Creating a Network in PDCP" />
+  <img src="/images/internal_scan_create_network_demo.gif" alt="Creating a Network in PDCP" />
 </Frame>
 
 <Info>
@@ -78,20 +78,37 @@
 
 After creating your network, the platform displays a ready-to-run installation command pre-configured with your `PDCP_API_KEY`, `PDCP_TEAM_ID`, and network name. Copy it and run it on a machine inside the network you want to scan.
 
-The Docker command is the fastest way to get going — no prerequisites beyond Docker itself:
-
-```bash
-docker run -d --name pd-agent \
-  --network host --cap-add NET_RAW --cap-add NET_ADMIN \
-  -e PDCP_API_KEY=your-api-key \
-  -e PDCP_TEAM_ID=your-team-id \
-  ghcr.io/projectdiscovery/pd-agent:latest \
-  -agent-network your-network-name
-```
-
-- `--network host` lets the agent see your real network interfaces for subnet discovery.
-- `NET_RAW` / `NET_ADMIN` enable naabu SYN scanning; drop them if you only need full-connect scans.
-- `-agent-network` is the routing label scans are dispatched to — give each network a distinct name.
+<Tabs>
+  <Tab title="GO">
+    If you have Go installed, you can run the agent directly:
+
+    ```bash
+    PDCP_API_KEY=your-api-key PDCP_TEAM_ID=your-team-id \
+    go run github.com/projectdiscovery/pd-agent/cmd/pd-agent@main \
+      -agent-network your-network-name
+    ```
+
+    - `PDCP_API_KEY` and `PDCP_TEAM_ID` are set as environment variables to authenticate with the platform.
+    - `-agent-network` is the routing label scans are dispatched to — give each network a distinct name.
+  </Tab>
+
+  <Tab title="Docker">
+    The Docker command is the fastest way to get going — no prerequisites beyond Docker itself:
+
+    ```bash
+    docker run -d --name pd-agent \
+      --network host --cap-add NET_RAW --cap-add NET_ADMIN \
+      -e PDCP_API_KEY=your-api-key \
+      -e PDCP_TEAM_ID=your-team-id \
+      ghcr.io/projectdiscovery/pd-agent:latest \
+      -agent-network your-network-name
+    ```
+
+    - `--network host` lets the agent see your real network interfaces for subnet discovery.
+    - `NET_RAW` / `NET_ADMIN` enable naabu SYN scanning; drop them if you only need full-connect scans.
+    - `-agent-network` is the routing label scans are dispatched to — give each network a distinct name.
+  </Tab>
+</Tabs>
 
 <Warning>
   Keep your installation command secure - it contains your API key and agent configuration. Anyone with this command can connect an agent to your network.
@@ -102,7 +119,7 @@
 
   <CardGroup cols={2}>
     <Card title="Install guide" icon="github" href="https://github.com/projectdiscovery/pd-agent/blob/main/docs/install.md">
       Docker, Kubernetes, systemd, launchd, and Windows (NSSM) service installs.
     </Card>
     <Card title="Configuration" icon="sliders" href="https://github.com/projectdiscovery/pd-agent/blob/main/docs/configuration.md">
       Every environment variable and CLI flag the agent accepts.
@@ -110,10 +127,10 @@
   </CardGroup>
 </Tip>
 
 Once the agent runs successfully, it appears in your network dashboard along with the subnets it discovered on the host, indicating that it's ready to execute scans.
 
 <Frame>
-  <img src="/images/pd-agent-setup-demo.gif" alt="Complete pd-agent Setup: Create Network, Install Agent, and Verify Connection" />
+  <img src="/images/internal_scan_setup_demo.gif" alt="Complete pd-agent Setup: Create Network, Install Agent, and Verify Connection" />
 </Frame>
 
 ### Step 3: Discover Assets
@@ -126,7 +143,7 @@
 4. Click on **Start Discovery** to initiate the discovery process. The pd-agent will scan your internal network and discovered assets will appear in your asset inventory
 
 <Frame>
-  <img src="/images/pdcp-discover-assets-demo.gif" alt="Discovering Assets in Internal Network using pd-agent" />
+  <img src="/images/internal_scan_discovery_demo.gif" alt="Discovering Assets in Internal Network using pd-agent" />
 </Frame>
 
 <Note>
@@ -138,12 +155,12 @@
 Once your pd-agent is connected and assets are discovered (optional), you can trigger vulnerability scans. The workflow is identical to external scanning - configure scans through the same interface and view results in the same dashboard.
 
 1. Click on the **Scan** button for the network you want to scan, or go to the **Scans** menu (https://cloud.projectdiscovery.io/scans) and click **Create New Scan**, choose **Internal** followed by the network
 2. Select the Asset Group created from the previous discovery operation, or manually enter your targets (internal IPs, hostnames, or CIDR ranges like `192.168.1.0/24`, `internal-server.local`)
 3. Select Nuclei templates (CVEs, misconfigurations, vulnerabilities, etc.) and configure scan settings (rate limits, headers, parameters)
 4. Click **Create Scan** to start - the agent runs the scan locally using its embedded toolset (nuclei, httpx, naabu, dnsx, tlsx) and streams results back to your dashboard
 
 <Frame>
-  <img src="/images/pdcp-internal-scan-demo.gif" alt="Creating and Running an Internal Scan in PDCP" />
+  <img src="/images/internal_scan_vuln_scan_demo.gif" alt="Creating and Running an Internal Scan in PDCP" />
 </Frame>
 
 <Note>