A Python-based network scanner that performs host discovery (ping), TCP port scanning, and GeoIP/ISP lookups (via ip-api.com). Results are displayed in the terminal using rich for a pleasant, readable output. CSV export is supported.
- Accepts a single IPv4 address, CIDR subnet (
192.168.1.0/24) or website URL/hostname. - Host discovery using ICMP (ping) — falls back to scanning all hosts if none respond.
- Multi-threaded TCP port scanning with configurable timeout and thread count.
- Service name lookup and light banner grabbing (for common ports / simple banners).
- GeoIP & ISP information for each IP using
ip-api.com. - Pretty terminal output using
rich(tables and progress bars). - Results can be exported to CSV.
- Python 3.8+ (3.10/3.11 recommended)
- Internet access for DNS resolution and GeoIP lookups
pingavailable on the system (used for host discovery)- See
requirements.txtfor Python dependencies
-
Clone or download this repository and place the scanner script (e.g.
netmap.py) somewhere convenient. -
Create a virtual environment (recommended):
python3 -m venv venv
source venv/bin/activate # Linux / macOS
venv\Scripts\activate # Windows (PowerShell)- Install Python dependencies:
pip install -r requirements.txtpython netmap.py -t TARGET [options]-
-t,--target(required) — target IP / subnet (CIDR) or website/URL
Examples:192.168.1.1,192.168.1.0/24,example.com,https://example.com -
-p,--ports— ports to scan (default1-1024). Accepts single ports, comma-separated, and ranges:
Examples:80,22,80,443,1-65535 -
--timeout— socket timeout in seconds (default1.0) -
--threads— number of concurrent threads (default100) -
--csv— export results to CSV file (e.g.--csv results.csv)
Scan a single host for common ports:
python netmap.py -t 192.168.1.10Scan a CIDR subnet for ports 22,80,443:
python netmap.py -t 192.168.1.0/24 -p 22,80,443Scan example.com for all ports 1–65535 (be cautious!):
python netmap.py -t example.com -p 1-65535 --threads 500 --timeout 0.5 --csv scan.csv- Permissions & ICMP: On many systems ICMP ping is available to normal users (the
pingcommand). If you plan to use raw sockets or more advanced techniques, elevated privileges may be required — this script uses the systempingcommand so it generally works without root. - Speed vs reliability: Raising thread count speeds scanning but increases network load and may generate false negatives due to rate limiting. Fine-tune
--threadsand--timeoutaccording to your network and target. - GeoIP rate limits:
ip-api.comhas request limits on the free API. If you scan many addresses quickly you may hit the limit. Consider caching results or using a paid API if you need high-volume lookups. - Banner grabbing: Banner grabbing is limited and simple (HEAD request for common HTTP ports, short
recv()for others). Many services will not return a banner or may block such probes. - False positives/negatives: Firewalls, IDS, and rate-limiting on remote hosts can affect results (closed but silently dropping ports, etc.).
Only scan systems you own or have explicit permission to scan. Port scanning and host discovery can be considered intrusive or illegal when performed without authorization. Use this tool responsibly and within the law.
- Add UDP scanning (careful — more complex and slower).
- Add asynchronous scanning with
asyncio+aiohttpfor faster DNS / web banner checks. - Add optional multi-provider GeoIP lookup with caching.
- Save richer CSV / JSON output including timestamp, elapsed time, and IP metadata.
- Add rate-limiting and retry logic for GeoIP queries to handle API limits gracefully.
- Integrate a simple web UI or HTML report generator.
Contributions, bug reports, and improvements are welcome. Open an issue or a pull request on the repository (or share patches).
This project is released under the MIT License. See LICENSE for details.
- Built with Python,
requestsandrich. - GeoIP service via
ip-api.com.