Analysis updated 2026-05-18
Discover and inventory all active devices and services on a network you manage.
Cross-reference discovered services against known vulnerabilities using offline NVD data.
Continuously monitor a network for changes using agent mode and export results to graph tools.
| skuntir/netrecon | 1ncendium/aibuster | aaronmayeux/ha-hurricane-tracker | |
|---|---|---|---|
| Stars | 5 | 5 | 5 |
| Language | Python | Python | Python |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | ops devops | ops devops | general |
Figures from each repo's GitHub metadata at analysis time.
Some scan modes require elevated (root/admin) privileges, use only on networks you have permission to test.
NetRecon is a network reconnaissance and defensive intelligence toolkit written in Python. It helps security teams and network administrators discover, analyze, and understand the devices and services running on a network. When you point NetRecon at a network range, it first discovers which devices are active using several techniques including ARP (a protocol for mapping IP addresses to hardware addresses), ICMP ping-style probes, TCP, and UDP scanning. Discovered devices are then probed to identify which services they are running, and those services are enriched with additional context: DNS hostnames, service banners, TLS certificate information, and HTTP fingerprints. Optional SNMP data collection is also supported. NetRecon can layer in offline vulnerability context by ingesting local data in NVD JSON 2.0 format, letting you cross-reference discovered services against known security issues without sending data to an external service. All scan results are stored locally. Results can be exported in a wide range of formats including JSON, GraphML, GEXF, Cytoscape, Obsidian Canvas, Neo4j CSV, Sigma.js JSON, and STIX bundle, catering to different visualization and analysis tools. A live web interface can display scan results in real time as the scan runs. An agent mode supports continuous periodic monitoring. Three predefined scan profiles control intensity: Light for fast minimal scanning, Medium for a balanced approach, and Deep for maximum discovery and enrichment. Some scan modes require elevated system privileges. The README notes that NetRecon should only be used on networks you own or have explicit permission to test.
A Python toolkit that scans a network to discover devices and services, then enriches and exports the findings for security analysis.
Mainly Python. The stack also includes Python, ARP, ICMP.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.