Skip to content

Kage-develop/lan-security-scanner

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

LAN Scanner

Command-line local network analysis and security scanner.

This tool is intended only for networks you own or are authorized to scan. It discovers active devices with ICMP ping, checks selected TCP ports with Python sockets, performs basic service banner grabbing, estimates the operating system from ping TTL values, checks detected service banners against the NVD CVE API, and prints or exports the results as a clean report.

Features

  • Automatic local /24 subnet detection
  • Optional CIDR range input
  • Multi-threaded ICMP host discovery
  • Multi-threaded TCP port scanning
  • Service banner grabbing for open ports
  • HTTP Server: header parsing with a lightweight HEAD request
  • Lightweight OS fingerprinting from ICMP TTL values
  • NVD CVE lookups for detected service/version banners
  • JSON and HTML report export
  • Clean Python implementation without large frameworks
  • Professional table report

Install

The scanner uses Python's standard library for network discovery and port analysis. CVE lookups require requests.

python -m pip install -r requirements.txt

Usage

Scan the detected local network:

python .\lan_scanner.py

Scan a specific network:

python .\lan_scanner.py --network 192.168.1.0/24

Use a custom port list or port range:

python .\lan_scanner.py --network 192.168.1.0/24 --ports 22,80,443,8000-8010

Print only the final report:

python .\lan_scanner.py --quiet

Skip online CVE checks:

python .\lan_scanner.py --skip-cve

Export both JSON and HTML reports:

python .\lan_scanner.py --network 192.168.1.0/24 --export both

Options

  • --network: CIDR network to scan. If omitted, the scanner detects the local IP and uses /24.
  • --ports: Comma-separated ports or port ranges.
  • --threads: Number of concurrent worker threads. Default: 64.
  • --ping-timeout: Ping timeout in milliseconds. Default: 800.
  • --port-timeout: TCP connection and banner read timeout in seconds. Default: 0.7.
  • --skip-cve: Disable NVD CVE lookups.
  • --cve-timeout: NVD API timeout in seconds. Default: 6.0.
  • --max-cves: Maximum CVE records to keep per banner. Default: 5.
  • --export: Export mode: ask, none, json, html, or both. Default: ask.
  • --quiet: Hide progress messages.

OS Fingerprinting

The scanner reads the TTL value from successful ping replies and uses a simple heuristic:

  • TTL around 64: Linux, Android, or macOS
  • TTL around 128: Windows
  • TTL around 255: Router or network device

This is an estimate, not a guaranteed identification, because routers and NAT devices may reduce TTL values before the reply reaches the scanner.

CVE Integration

When a banner is detected, the scanner sends it as a keywordSearch query to the NVD CVE 2.0 API:

https://services.nvd.nist.gov/rest/json/cves/2.0

Matched CVEs are shown next to the relevant open port in the console table. Critical findings are also repeated below the table as [CRITICAL WARNING] lines.

Report Export

At the end of an interactive scan, the scanner asks whether to export the report. You can also force export with --export json, --export html, or --export both.

  • report.json: structured scan data for automation
  • report.html: management-friendly visual report

Example Report

LAN Security Scan Report
Network: 192.168.1.0/24
Live devices: 2
+---+--------------+-------------------------+-----+----------------------------------------------------------------------------+
| # | IP Address   | Operating System        | TTL | Open Ports                                                                 |
+===+==============+=========================+=====+============================================================================+
| 1 | 192.168.1.1  | Router / Network Device | 255 | 80/HTTP -> Open (nginx 1.24.0)                                             |
| 2 | 192.168.1.20 | Linux / Android / macOS | 64  | 22/SSH -> Open (OpenSSH 8.2p1 Ubuntu) | CVEs: CVE-2020-15778:CRITICAL 9.8 |
+---+--------------+-------------------------+-----+----------------------------------------------------------------------------+

[CRITICAL WARNING] 192.168.1.20 22/SSH (OpenSSH 8.2p1 Ubuntu) may be affected by CVE-2020-15778

About

A Python CLI tool for authorized LAN discovery, port scanning, banner grabbing, OS fingerprinting, CVE lookup, and HTML/JSON reporting

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages