network-scanner
High-risk skill: a network scanner that discovers devices and outputs JSON/markdown. It executes shell commands (e.g., subprocess.run and nmap -sn -oX - {cidr}) and performs network scans of CIDRs such as 192.168.1.0/24 and 8.8.8.0/24.
Network Scanner
Discover and identify devices on local or remote networks using nmap. Gathers IP addresses, hostnames (via reverse DNS), MAC addresses, and vendor identification.
Safety First: Includes built-in protection against accidentally scanning public IP ranges or networks without proper private routing — preventing abuse reports from hosting providers.
Requirements
nmap- Network scanning (apt install nmaporbrew install nmap)dig- DNS lookups (usually pre-installed)sudoaccess recommended for MAC address discovery
Quick Start
# Auto-detect and scan current network
python3 scripts/scan.py
# Scan a specific CIDR
python3 scripts/scan.py 192.168.1.0/24
# Scan with custom DNS server for reverse lookups
python3 scripts/scan.py 192.168.1.0/24 --dns 192.168.1.1
# Output as JSON
python3 scripts/scan.py --json
Configuration
Configure named networks in ~/.config/network-scanner/networks.json:
{
"networks": {
"home": {
"cidr": "192.168.1.0/24",
"dns": "192.168.1.1",
"description": "Home Network"
},
"office": {
"cidr": "10.0.0.0/24",
"dns": "10.0.0.1",
"description": "Office Network"
}
},
"blocklist": [
{
"cidr": "10.99.0.0/24",
"reason": "No private route from this host"
}
]
}
Then scan by name:
python3 scripts/scan.py home
python3 scripts/scan.py office --json
Safety Features
The scanner includes multiple safety checks to prevent accidental abuse:
- Blocklist — Networks in the
blocklistconfig array are always blocked - Public IP check — Scanning public (non-RFC1918) IP ranges is blocked
- Route verification — For ad-hoc CIDRs, verifies the route uses private gateways
Trusted networks (configured in networks.json) skip route verification since you've explicitly approved them.
# Blocked - public IP range
$ python3 scripts/scan.py 8.8.8.0/24
❌ BLOCKED: Target 8.8.8.0/24 is a PUBLIC IP range
# Blocked - in blocklist
$ python3 scripts/scan.py 10.99.0.0/24
❌ BLOCKED: 10.99.0.0/24 is blocklisted
# Allowed - configured trusted network
$ python3 scripts/scan.py home
✓ Scanning 192.168.1.0/24...
Commands
# Create example config
python3 scripts/scan.py --init-config
# List configured networks
python3 scripts/scan.py --list
# Scan without sudo (may miss MAC addresses)
python3 scripts/scan.py home --no-sudo
Output Formats
Markdown (default):
### Home Network
*Last scan: 2026-01-28 00:10*
| IP | Name | MAC | Vendor |
|----|------|-----|--------|
| 192.168.1.1 | router.local | AA:BB:CC:DD:EE:FF | Ubiquiti |
| 192.168.1.100 | nas.local | 11:22:33:44:55:66 | Synology |
*2 devices found*
JSON (--json):
{
"network": "Home Network",
"cidr": "192.168.1.0/24",
"devices": [
{
"ip": "192.168.1.1",
"hostname": "router.local",
"mac": "AA:BB:CC:DD:EE:FF",
"vendor": "Ubiquiti"
}
],
"scanned_at": "2026-01-28T00:10:00",
"device_count": 2
}
Use Cases
- Device inventory: Keep track of all devices on your network
- Security audits: Identify unknown devices
- Documentation: Generate network maps for documentation
- Automation: Integrate with home automation to detect device presence
Tips
- Use
sudofor accurate MAC address detection (nmap needs privileges for ARP) - Configure your local DNS server for better hostname resolution
- Add configured networks to skip route verification on every scan
- Add networks you can't reach privately to the blocklist to prevent accidents
- Extend
MAC_VENDORSin the script for better device identification