Network Scanner
Discover and identify devices on local or remote networks using nmap. Gathers IP addresses, hostnames (via reverse DNS), MAC addresses, and vendor identification.
Safety First: Includes built-in protection against accidentally scanning public IP ranges or networks without proper private routing — preventing abuse reports from hosting providers.
Requirements
- -
nmap - Network scanning (apt install nmap or brew install nmap) - INLINECODE3� - DNS lookups (usually pre-installed)
- INLINECODE4� access recommended for MAC address discovery
Quick Start
CODEBLOCK0
Configuration
Configure named networks in ~/.config/network-scanner/networks.json:
CODEBLOCK1
Then scan by name:
CODEBLOCK2
Safety Features
The scanner includes multiple safety checks to prevent accidental abuse:
- 1. Blocklist — Networks in the
blocklist config array are always blocked - Public IP check — Scanning public (non-RFC1918) IP ranges is blocked
- Route verification — For ad-hoc CIDRs, verifies the route uses private gateways
Trusted networks (configured in networks.json) skip route verification since you've explicitly approved them.
CODEBLOCK3
Commands
CODEBLOCK4
Output Formats
Markdown (default):
�CODEBLOCK5
JSON (--json):
�CODEBLOCK6
Use Cases
- - Device inventory: Keep track of all devices on your network
- Security audits: Identify unknown devices
- Documentation: Generate network maps for documentation
- Automation: Integrate with home automation to detect device presence
Tips
- - Use
sudo for accurate MAC address detection (nmap needs privileges for ARP) - Configure your local DNS server for better hostname resolution
- Add configured networks to skip route verification on every scan
- Add networks you can't reach privately to the blocklist to prevent accidents
- Extend
MAC_VENDORS in the script for better device identification
网络扫描器
使用nmap发现并识别本地或远程网络上的设备。收集IP地址、主机名(通过反向DNS)、MAC地址和厂商信息。
安全第一: 内置保护机制,防止意外扫描公共IP范围或没有正确私有路由的网络——避免来自托管提供商的滥用投诉。
系统要求
- - nmap - 网络扫描(apt install nmap 或 brew install nmap)
- dig - DNS查询(通常预装)
- 建议使用sudo权限以获取MAC地址
快速开始
bash
自动检测并扫描当前网络
python3 scripts/scan.py
扫描特定CIDR
python3 scripts/scan.py 192.168.1.0/24
使用自定义DNS服务器进行反向查询
python3 scripts/scan.py 192.168.1.0/24 --dns 192.168.1.1
输出为JSON格式
python3 scripts/scan.py --json
配置
在~/.config/network-scanner/networks.json中配置命名网络:
json
{
networks: {
home: {
cidr: 192.168.1.0/24,
dns: 192.168.1.1,
description: 家庭网络
},
office: {
cidr: 10.0.0.0/24,
dns: 10.0.0.1,
description: 办公网络
}
},
blocklist: [
{
cidr: 10.99.0.0/24,
reason: 此主机无私有路由
}
]
}
然后按名称扫描:
bash
python3 scripts/scan.py home
python3 scripts/scan.py office --json
安全特性
扫描器包含多重安全检查以防止意外滥用:
- 1. 黑名单 — blocklist配置数组中的网络始终被阻止
- 公网IP检查 — 扫描公共(非RFC1918)IP范围被阻止
- 路由验证 — 对于临时CIDR,验证路由使用私有网关
受信任网络(在networks.json中配置)跳过路由验证,因为您已明确批准。
bash
被阻止 - 公网IP范围
$ python3 scripts/scan.py 8.8.8.0/24
❌ 已阻止:目标 8.8.8.0/24 是公网IP范围
被阻止 - 在黑名单中
$ python3 scripts/scan.py 10.99.0.0/24
❌ 已阻止:10.99.0.0/24 在黑名单中
允许 - 已配置的受信任网络
$ python3 scripts/scan.py home
✓ 正在扫描 192.168.1.0/24...
命令
bash
创建示例配置
python3 scripts/scan.py --init-config
列出已配置的网络
python3 scripts/scan.py --list
不使用sudo扫描(可能无法获取MAC地址)
python3 scripts/scan.py home --no-sudo
输出格式
Markdown(默认):
家庭网络
上次扫描:2026-01-28 00:10
| IP | 名称 | MAC | 厂商 |
|---|
| 192.168.1.1 | router.local | AA:BB:CC:DD:EE:FF | Ubiquiti |
| 192.168.1.100 |
nas.local | 11:22:33:44:55:66 | Synology |
发现2台设备
JSON(--json):
json
{
network: 家庭网络,
cidr: 192.168.1.0/24,
devices: [
{
ip: 192.168.1.1,
hostname: router.local,
mac: AA:BB:CC:DD:EE:FF,
vendor: Ubiquiti
}
],
scanned_at: 2026-01-28T00:10:00,
device_count: 2
}
使用场景
- - 设备清单:跟踪网络上的所有设备
- 安全审计:识别未知设备
- 文档编制:生成网络拓扑图用于文档
- 自动化:与家庭自动化集成以检测设备存在
提示
- - 使用sudo获取准确的MAC地址(nmap需要ARP权限)
- 配置本地DNS服务器以获得更好的主机名解析
- 添加已配置的网络以在每次扫描时跳过路由验证
- 将无法私有访问的网络添加到黑名单以防止意外
- 扩展脚本中的MAC_VENDORS以获得更好的设备识别
