Scan every host at once
Scan all in the toolbar (or ⌘⇧R) runs every enrolled host sequentially with a live progress banner. Cancellable mid-flight, partial-failure-safe, and the right button to hit before a security review.
Start a batch
With the Hosts list focused, click Scan all in the toolbar. The progress banner appears at the top of the window with three lines:
- Now scanning — the current host's display name + IP.
- Progress — 3 of 12 with a thin determinate progress bar.
- Action — Cancel button + the elapsed time so far.
Sequential, not parallel
Hosts are scanned one at a time, in sidebar order. Sequential execution is deliberate — running 100 SSH probes simultaneously would saturate your network, exhaust local file descriptors, and trip per-host rate limits like fail2ban. Each host's six probes still run in parallel (see scan engine) — only the host-level loop is sequential.
Cancel mid-flight
Click Cancel in the progress banner. The current host's scan finishes its in-flight network calls (or unwinds via Swift Task cancellation if it's mid-handshake), then the coordinator stops without starting the next host. Hosts already scanned in this batch keep their findings; un-scanned hosts retain their previous scan state.
Per-host failures don't stop the batch
BatchScanCoordinator is explicit about this: an
individual host's scan failure is recorded as a per-host error
and the batch continues. Common failures:
- Host unreachable
- Records a
.failedscan with reason "Connection refused" or "Operation timed out". Surfaced as a red dot in the sidebar; the rest of the fleet still gets scanned. - SSH auth refused
- SSH inventory step fails, but the network probes (port scan, TLS, HTTP, admin surfaces) still run successfully — you get exposure data even without inventory data.
- Mid-batch app quit
- If you ⌘Q while a batch is running, the current host's scan is cancelled cleanly; un-scanned hosts retain their prior state. Re-launch and click Scan all again to resume the full fleet — Noxen doesn't track partial batches across launches.
Performance
Per-host scan time depends primarily on open-port count:
- Tight host (only port 22 open): ~10 seconds.
- Typical homelab box (ports 22 / 80 / 443 / 3000 / 8080): ~30 seconds.
- Wide-open NAS-style box (10+ open ports): 60–90 seconds.
A 25-host fleet (Noxen 1.x cap) finishes in ~10–20 minutes; a 100-host Live Feed fleet in ~40–60 minutes; a 500-host MSP fleet 2–4 hours. For larger fleets, the scheduled scan path is the right tool — it runs unattended at 03:00.
When to batch
- Before a security review — you want every host's findings to be from the same day.
- After a major OS upgrade — confirm the upgrade resolved the CVEs you expected.
- Once-off audit on a new fleet — populate the dashboard before flipping on scheduled scans.
For day-to-day "what changed since yesterday" usage, scheduled scans + the diff-from-yesterday view is the right pattern; batching manually is overkill.