A local WiFi network security analysis tool for Windows. Discovers connected devices, scans open ports, detects vulnerabilities, and generates a risk score — available as a rich terminal CLI or an interactive real-time web dashboard.
Part of the NotNulled Labs project.
| Category | Details |
|---|---|
| WiFi Info | SSID, BSSID, encryption type (WEP/WPA/WPA2/WPA3), signal strength, IP, gateway, network range, band |
| Device Discovery | ARP/ping sweep + MAC vendor lookup |
| Port Scanning | Async TCP scan across 27 common ports per device, with service identification |
| Risk Scoring | 0–100 score per device and overall network (LOW / MEDIUM / HIGH / CRITICAL) |
| Security Alerts | Detects Telnet, FTP, SMB, RDP, VNC, MySQL, open WiFi, WEP, and more — with remediation steps |
| Dual Interface | Rich CLI output in terminal + Bootstrap 5 dark theme web dashboard |
| Real-Time Updates | WebSocket push — the dashboard updates live as the scan progresses |
| Auto Re-scan | Automatic background re-scan every 5 minutes |
| REST API | Full JSON API to integrate results into other tools |
| Bilingual (i18n) | Automatically displays in English or Spanish based on the OS language |
╭────────────────────────────────────────────────────╮
│ WiFi Network Analyzer │
│ Local network security analysis │
╰────────────────────────────────────────────────────╯
╭─── WiFi Network ───────────────────────────────────╮
│ SSID: HomeNetwork_5GHz │
│ BSSID: AA:BB:CC:DD:EE:FF │
│ Encryption: WPA2-Personal (WPA2) │
│ Signal: [████████░░] 82% │
│ IP: 192.168.x.x │
│ Gateway: 192.168.x.x │
│ Network: 192.168.x.0/24 │
╰────────────────────────────────────────────────────╯
Scanning devices in 192.168.x.0/24...
✅ 6 devices found
Scanning ports on 6 devices...
[1/6] 192.168.x.1... 🟢 LOW (12)
[2/6] 192.168.x.5... 🟡 MEDIUM (45)
[3/6] 192.168.x.8... 🔴 HIGH (68)
[4/6] 192.168.x.10... 🚨 CRITICAL (85)
[5/6] 192.168.x.12... 🟢 LOW (5)
[6/6] 192.168.x.20... 🟢 LOW (10)
╭─── Devices on Network ─────────────────────────────────────────────────────────────────────────────────────╮
│ IP Hostname MAC Vendor Type Open Ports Risk │
│ 192.168.x.1 router.local AA:BB:CC:11:22:33 Nokia Router 80/HTTP 🟢 LOW │
│ 192.168.x.5 desktop-abc DD:EE:FF:44:55:66 Dell PC 445/SMB,3389/RDP 🟡 MED │
│ 192.168.x.8 — GG:HH:II:77:88:99 Unknown Unknown 23/Telnet,21/FTP 🔴 HIGH │
│ 192.168.x.10 printer.local JJ:KK:LL:00:11:22 Brother Printer 23/Telnet,21/FTP 🚨 CRIT │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─── Security Score ─────╮
│ 🚨 CRITICAL — 85/100 │
╰────────────────────────╯
Alerts detected:
▶ Telnet open on printer.local (192.168.x.10)
Telnet transmits everything in plaintext, including passwords.
→ Disable Telnet on the device and use SSH instead.
▶ FTP open on printer.local (192.168.x.10)
FTP transmits credentials in plaintext.
→ Replace FTP with SFTP for secure file transfers.
The web dashboard provides the same analysis in a Bootstrap 5 dark-themed interface with:
- Real-time scan progress via WebSocket
- Device cards with risk badges
- Expandable alert details with remediation steps
- Manual re-scan trigger button
| Port | Service | Risk Weight |
|---|---|---|
| 21 | FTP | Medium |
| 22 | SSH | Low |
| 23 | Telnet | Critical |
| 80 / 8080 | HTTP | Low |
| 135 | RPC/DCOM | High |
| 139 | NetBIOS | High |
| 443 / 8443 | HTTPS | Minimal |
| 445 | SMB (EternalBlue) | Critical |
| 554 | RTSP (IP cameras) | Medium |
| 1883 | MQTT (IoT) | Medium |
| 3306 | MySQL | High |
| 3389 | RDP | Critical |
| 5900 | VNC | High |
| 7547 | TR-069 (router mgmt) | Medium |
| 9100 | RAW Print | Low |
| + 12 more | … | … |
| Score | Band | Description |
|---|---|---|
| 0 – 30 | 🟢 LOW | Well-configured network |
| 31 – 60 | 🟡 MEDIUM | Some risks present |
| 61 – 80 | 🔴 HIGH | Significant vulnerabilities |
| 81 – 100 | 🚨 CRITICAL | Immediate action required |
- OS: Windows 10 / 11
- Python: 3.10 or higher
- Admin privileges: Recommended (requested automatically via UAC on launch)
- Npcap: Optional — required for Scapy-based ARP scanning
Without Npcap, the tool falls back to Windows-native
SendARP(ctypes) + ping sweep, which covers most use cases.
git clone https://github.com/your-username/wifi-network-analyzer.git
cd wifi-network-analyzer
pip install -r requirements.txtDownload and install Npcap to enable Scapy-based scanning.
# Full analysis in terminal (CLI)
python main.py
# Interactive web dashboard (auto-opens browser)
python main.py --web
# Web dashboard on a custom port
python main.py --web --port 9000
# Custom host and port
python main.py --web --host 0.0.0.0 --port 8080
# Help
python main.py --helpYou can also use the included batch scripts:
start.bat → CLI mode
start_web.bat → Web dashboard mode
When running in --web mode, the following endpoints are available at http://127.0.0.1:8000:
| Method | Endpoint | Description |
|---|---|---|
GET |
/ |
Web dashboard |
GET |
/api/status |
Server status and scan state |
GET |
/api/network |
Current WiFi info |
GET |
/api/devices |
Discovered devices list |
GET |
/api/security |
Full security report |
POST |
/api/scan |
Trigger a manual scan |
GET |
/api/progress |
Live scan progress messages |
WS |
/ws |
WebSocket for real-time events |
| Event | Direction | Description |
|---|---|---|
connected |
Server → Client | Initial full state on connect |
scan_started |
Server → Client | Scan has begun |
scan_progress |
Server → Client | Progress message |
wifi_info |
Server → Client | WiFi info ready |
devices_updated |
Server → Client | Device list updated |
security_report |
Server → Client | Security report ready |
scan_completed |
Server → Client | Scan finished with summary |
ping / pong |
Both | Keep-alive |
wifi-network-analyzer/
├── main.py # Entry point — CLI and web launcher
├── config.py # Global config: ports, risk scores, scan intervals
├── i18n.py # Language detection + t() translation function
├── requirements.txt
├── start.bat # Quick-launch CLI (Windows)
├── start_web.bat # Quick-launch web dashboard (Windows)
├── locales/
│ ├── en.py # English strings
│ └── es.py # Spanish strings
├── core/
│ ├── network_info.py # WiFi info via PowerShell + netsh
│ ├── device_scanner.py # ARP/ping sweep + MAC vendor lookup
│ ├── port_scanner.py # Async TCP port scanner
│ └── security_analyzer.py # Risk scoring engine + alerts
├── api/
│ └── app.py # FastAPI app + WebSocket + REST endpoints
└── static/
└── index.html # Bootstrap 5 dark theme dashboard
| Package | Purpose |
|---|---|
fastapi + uvicorn |
Web server and REST API |
rich |
Enhanced terminal output |
psutil |
System information |
scapy |
ARP scanning (requires Npcap) |
requests |
MAC vendor API lookup |
typer |
CLI argument parsing |
python-nmap |
Advanced port scanning (requires nmap installed) |
netifaces |
Network interface info (optional fallback to ipconfig) |
The tool automatically detects the OS language and displays all output — CLI, web dashboard, alerts, and recommendations — in English or Spanish without any configuration.
Detection method (3-step fallback for Windows 10/11 compatibility):
- Python
locale.getdefaultlocale()— standard locale detection - Windows Registry
HKCU\Control Panel\International\LocaleName— most reliable on modern Windows - Environment variables (
LANG,LANGUAGE,LC_ALL,LC_MESSAGES) — fallback for edge cases
If the detected locale starts with es (e.g. es-ES, es-MX, es-AR), everything is shown in Spanish. All other locales default to English.
Coverage:
| Layer | What is translated |
|---|---|
| CLI terminal | Panel titles, table headers/columns, progress messages, alerts, recommendations |
| Web dashboard | All static labels, dynamic content, toasts, badges, risk bands |
| Security alerts | Titles, descriptions, remediation steps, categories |
| Port scanner | Port risk descriptions |
| Device scanner | Scan progress messages, vendor/device type labels |
File structure:
i18n.py # Language detection engine + t() translation function
locales/
├── en.py # English strings (~150+ keys)
└── es.py # Spanish strings (~150+ keys)
The t(key, **kwargs) function is used throughout the Python codebase. The frontend (index.html) fetches the detected language from /api/status on startup and applies it before any content is rendered.
- No Npcap required for basic scanning — device discovery uses Windows native
SendARPvia ctypes as the primary method; Scapy is a fallback. - Bilingual output parsing —
ipconfigandarp -aoutput in Spanish is fully supported alongside English. - UAC elevation — the tool detects if it's running without admin privileges and automatically requests elevation via
ShellExecuteW("runas"). - Python 3.12+ compatibility — if
netifacesfails to compile,ipconfigis used as a fallback for interface detection. - Thread-safe WebSocket broadcast — uses
asyncio.run_coroutine_threadsafe()to safely push events from background scanner threads.
This tool is intended for authorized security auditing of your own network. Only use it on networks you own or have explicit permission to test. Unauthorized network scanning may violate local laws and regulations.
MIT License — see LICENSE for details.
Part of the NotNulled Labs project — network analysis and security tools.