A comprehensive cybersecurity tool for network reconnaissance and analysis. This tool provides advanced network scanning capabilities with host discovery, port scanning, service detection, vulnerability assessment, and network topology mapping.
Author: Zeid Mahmoud
Email: ZeidMahmoud@proton.me
- Host Discovery: Ping sweep and network discovery
- Multi-Protocol Scanning: TCP, UDP, and combined scanning
- Service Detection: Automatic service identification and version detection
- Banner Grabbing: Enhanced banner collection and service fingerprinting
- OS Detection: Basic OS fingerprinting using TTL analysis
- Device Profiling: Hostname resolution and device identification
- Vulnerability Assessment: Automatic detection of common security issues
- Network Topology Mapping: Complete network device and service mapping
- Router Information: Gateway detection and web interface analysis
- Progress Monitoring: Real-time scan progress and status updates
- Export Capabilities: JSON, CSV, and TXT output formats
- Security Warnings: Built-in security awareness
- Input Validation: Comprehensive parameter validation
- Resource Limits: Thread and timeout controls
- Graceful Interruption: Clean shutdown with Ctrl+C
- Python 3.7+
- No external dependencies - uses only standard library modules
- Cross-platform: Windows, Linux, macOS
- Clone or download the script:
git clone https://github.com/zeidmahmoud/advanced-network-scanner
cd network-scanner- Make executable (Linux/macOS):
chmod +x network_scanner.py- Run directly:
python3 network_scanner.py# Scan local network automatically
./network_scanner.py
# Scan specific host
./network_scanner.py 192.168.1.1
# Scan network with host discovery
./network_scanner.py 192.168.1.0/24 --discover
# Scan specific ports
./network_scanner.py 192.168.1.1 -p 80,443,8080
# Scan port range
./network_scanner.py 192.168.1.1 -p 1-1000# UDP scanning
./network_scanner.py --scan-type udp
# Both TCP and UDP scanning
./network_scanner.py --scan-type both
# Aggressive scanning mode
./network_scanner.py --aggressive
# High-thread scanning
./network_scanner.py -t 500
# Custom timeout
./network_scanner.py --timeout 2.5# Export to JSON
./network_scanner.py -o results.json
# Export to CSV
./network_scanner.py -o results.csv --format csv
# Export to TXT
./network_scanner.py -o results.txt --format txt
# Verbose output
./network_scanner.py -v# Full network reconnaissance
./network_scanner.py --discover --scan-type both --aggressive -o network_scan.json
# Stealth scan with custom ports
./network_scanner.py 192.168.1.1 -p 22,80,443,3306,8080 --timeout 3
# Network discovery only
./network_scanner.py 192.168.1.0/24 --discover[+] Starting network scan at 2024-01-15 10:30:00
[+] Target: 192.168.1.0/24
[+] Scan Type: TCP
[+] Ports: 19 ports
[+] Threads: 100
[+] Timeout: 1s
[+] Aggressive Mode: No
--------------------------------------------------
[+] Router IP: 192.168.1.1
[+] Router Hostname: router.local
[+] Router HTTP Banner: HTTP/1.1 200 OK
[+] Discovering hosts in network: 192.168.1.0/24
[+] Host alive: 192.168.1.1
[+] Host alive: 192.168.1.5
[+] Host alive: 192.168.1.10
[+] Scanning host: 192.168.1.1
[+] 192.168.1.1:80 (HTTP) - open (TCP)
[+] 192.168.1.1:443 (HTTPS) - open (TCP)
[+] Scanning host: 192.168.1.5
[+] 192.168.1.5:22 (SSH) - open (TCP)
[+] 192.168.1.5:80 (HTTP) - open (TCP)
--------------------------------------------------
[+] Scan completed in 45.23 seconds
[+] Found 4 open ports
[!] Potential Vulnerabilities Found:
MEDIUM: 2 issues
- 192.168.1.1:80 - HTTP (unencrypted)
- 192.168.1.5:80 - HTTP (unencrypted)
[+] Network Topology:
192.168.1.1 (router.local) - Network Device
Open ports: 2
- 80/tcp (HTTP)
- 443/tcp (HTTPS)
192.168.1.5 (desktop.local) - Linux/Unix
Open ports: 2
- 22/tcp (SSH)
- 80/tcp (HTTP)
{
"scan_info": {
"target": "192.168.1.0/24",
"scan_type": "tcp",
"timestamp": "2024-01-15T10:30:00",
"total_open_ports": 4
},
"results": [
{
"host": "192.168.1.1",
"hostname": "router.local",
"os": "Network Device",
"port": 80,
"service": "HTTP",
"version": "Apache/2.4.41",
"banner": "HTTP/1.1 200 OK",
"status": "open",
"protocol": "tcp",
"timestamp": "2024-01-15T10:30:15"
}
],
"vulnerabilities": {
"critical": [],
"high": [],
"medium": ["192.168.1.1:80 - HTTP (unencrypted)"],
"low": []
},
"network_map": {
"192.168.1.1": {
"hostname": "router.local",
"os": "Network Device",
"services": [...],
"open_ports": 2
}
}
}| Option | Description | Default |
|---|---|---|
target |
Target host or network | Auto-detected local network |
-p, --ports |
Ports to scan (e.g., 80,443 or 1-1000) | Common ports |
-t, --threads |
Number of threads | 100 |
--timeout |
Connection timeout in seconds | 1 |
--discover |
Discover live hosts before scanning | False |
--scan-type |
Scan type: tcp, udp, both | tcp |
--aggressive |
Aggressive scanning mode | False |
-o, --output |
Output file name | None |
--format |
Output format: json, csv, txt | json |
-v, --verbose |
Verbose output | False |
- Security Warnings: Displays legal and ethical warnings
- Input Validation: Comprehensive parameter validation
- Resource Limits: Thread and timeout controls
- Error Handling: Graceful error recovery
- Standard Mode: Balanced speed and stealth
- Aggressive Mode: More thorough but potentially detectable
- Custom Timeouts: Adjustable timing for different environments
# Use more threads for faster scanning
./network_scanner.py -t 500
# Increase timeout for slower networks
./network_scanner.py --timeout 3
# Use aggressive mode for thorough scanning
./network_scanner.py --aggressive# Use longer timeouts to avoid detection
./network_scanner.py --timeout 5
# Scan fewer ports
./network_scanner.py -p 22,80,443,8080
# Use fewer threads
./network_scanner.py -t 50The scanner can identify and analyze:
- Web Services: HTTP, HTTPS, HTTP-Proxy
- Remote Access: SSH, Telnet, RDP, VNC
- Database Services: MySQL, PostgreSQL, MongoDB, Redis
- Mail Services: SMTP, POP3, IMAP, IMAPS, POP3S
- Network Services: DNS, SNMP, LDAP, LDAPS
- File Services: FTP, NetBIOS
- Application Services: RPC, PPTP, Elasticsearch, Memcached
- Authorized Use Only: This tool is for authorized network testing only
- Legal Compliance: Ensure compliance with local laws and regulations
- Permission Required: Only scan networks you own or have explicit permission to test
- Responsible Disclosure: Report vulnerabilities to system owners
- Get Permission: Always obtain written permission before scanning
- Document Everything: Keep records of authorized testing
- Respect Limits: Don't exceed agreed-upon scanning scope
- Report Findings: Share results with network owners
- Secure Storage: Protect scan results and findings
Permission Denied
# Make script executable
chmod +x network_scanner.pyNo Hosts Found
# Check network connectivity
ping 192.168.1.1
# Try with discovery mode
./network_scanner.py --discoverSlow Scanning
# Increase threads
./network_scanner.py -t 200
# Decrease timeout
./network_scanner.py --timeout 0.5False Positives
# Use aggressive mode for UDP
./network_scanner.py --scan-type udp --aggressive
# Increase timeout for better accuracy
./network_scanner.py --timeout 3- Code Quality: Follow PEP 8 style guidelines
- Testing: Test on multiple platforms
- Documentation: Update README for new features
- Security: Review for security implications
- Stealth Enhancements: Advanced evasion techniques
- Service Detection: Additional service fingerprints
- Output Formats: New export options
- Performance: Optimization improvements
This project is licensed under the MIT License - see the LICENSE file for details.
- Zeid Mahmoud: Primary developer and maintainer (ZeidMahmoud@proton.me)
- Network Security Community: For feedback and testing
- Open Source Tools: Inspired by nmap and other security tools
- Python Community: For excellent standard library modules