Command-line local network analysis and security scanner.
This tool is intended only for networks you own or are authorized to scan. It discovers active devices with ICMP ping, checks selected TCP ports with Python sockets, performs basic service banner grabbing, estimates the operating system from ping TTL values, checks detected service banners against the NVD CVE API, and prints or exports the results as a clean report.
- Automatic local
/24subnet detection - Optional CIDR range input
- Multi-threaded ICMP host discovery
- Multi-threaded TCP port scanning
- Service banner grabbing for open ports
- HTTP
Server:header parsing with a lightweightHEADrequest - Lightweight OS fingerprinting from ICMP TTL values
- NVD CVE lookups for detected service/version banners
- JSON and HTML report export
- Clean Python implementation without large frameworks
- Professional table report
The scanner uses Python's standard library for network discovery and port
analysis. CVE lookups require requests.
python -m pip install -r requirements.txtScan the detected local network:
python .\lan_scanner.pyScan a specific network:
python .\lan_scanner.py --network 192.168.1.0/24Use a custom port list or port range:
python .\lan_scanner.py --network 192.168.1.0/24 --ports 22,80,443,8000-8010Print only the final report:
python .\lan_scanner.py --quietSkip online CVE checks:
python .\lan_scanner.py --skip-cveExport both JSON and HTML reports:
python .\lan_scanner.py --network 192.168.1.0/24 --export both--network: CIDR network to scan. If omitted, the scanner detects the local IP and uses/24.--ports: Comma-separated ports or port ranges.--threads: Number of concurrent worker threads. Default:64.--ping-timeout: Ping timeout in milliseconds. Default:800.--port-timeout: TCP connection and banner read timeout in seconds. Default:0.7.--skip-cve: Disable NVD CVE lookups.--cve-timeout: NVD API timeout in seconds. Default:6.0.--max-cves: Maximum CVE records to keep per banner. Default:5.--export: Export mode:ask,none,json,html, orboth. Default:ask.--quiet: Hide progress messages.
The scanner reads the TTL value from successful ping replies and uses a simple heuristic:
- TTL around
64: Linux, Android, or macOS - TTL around
128: Windows - TTL around
255: Router or network device
This is an estimate, not a guaranteed identification, because routers and NAT devices may reduce TTL values before the reply reaches the scanner.
When a banner is detected, the scanner sends it as a keywordSearch query to
the NVD CVE 2.0 API:
https://services.nvd.nist.gov/rest/json/cves/2.0
Matched CVEs are shown next to the relevant open port in the console table.
Critical findings are also repeated below the table as [CRITICAL WARNING]
lines.
At the end of an interactive scan, the scanner asks whether to export the
report. You can also force export with --export json, --export html, or
--export both.
report.json: structured scan data for automationreport.html: management-friendly visual report
LAN Security Scan Report
Network: 192.168.1.0/24
Live devices: 2
+---+--------------+-------------------------+-----+----------------------------------------------------------------------------+
| # | IP Address | Operating System | TTL | Open Ports |
+===+==============+=========================+=====+============================================================================+
| 1 | 192.168.1.1 | Router / Network Device | 255 | 80/HTTP -> Open (nginx 1.24.0) |
| 2 | 192.168.1.20 | Linux / Android / macOS | 64 | 22/SSH -> Open (OpenSSH 8.2p1 Ubuntu) | CVEs: CVE-2020-15778:CRITICAL 9.8 |
+---+--------------+-------------------------+-----+----------------------------------------------------------------------------+
[CRITICAL WARNING] 192.168.1.20 22/SSH (OpenSSH 8.2p1 Ubuntu) may be affected by CVE-2020-15778