This Python script performs a comprehensive network scan across OSI Layers 1 to 7, providing insights into various network layers, interfaces, services, and potential vulnerabilities. The generated report includes critical details regarding the physical network interfaces, IP/MAC addresses, open ports, network sessions, and protocols in use.
- Layer 1 (Physical Layer): Scans and reports on network interfaces, link status (up/down), and link speeds.
- Layer 2 (Data Link Layer): Uses ARP to discover MAC addresses and IP addresses of devices on the local network.
- Layer 3 (Network Layer): ICMP (ping) scans to identify active IP addresses.
- Layer 4 (Transport Layer): Scans for open TCP/UDP ports to identify services running on active hosts.
- Layer 5 (Session Layer): Lists established network sessions and details about connections.
- Layer 6 (Presentation Layer): Captures information about encryption protocols (e.g., SSL/TLS).
- Layer 7 (Application Layer): Detects application layer protocols like HTTP and FTP.
The script itself does not contain any hardcoded sensitive information like passwords or secret keys. It primarily consists of logical instructions using libraries such as scapy, psutil, socket, and fpdf to perform network scans and generate a report.
However, running the script collects sensitive information about your network, which could expose internal details if shared or accessed by unauthorized parties.
Yes, the report generated by this script contains sensitive details about your network, including:
- Layer 1: Network interface details, their status (up/down), and link speeds.
- Layer 2: IP and MAC addresses discovered via ARP scans.
- Layer 3: Active IP addresses responding to ICMP ping scans.
- Layer 4: Open TCP/UDP ports, which indicate services running on hosts.
- Layer 5: Established sessions, showing local and remote IP addresses.
- Layer 6: Notes on encryption protocols such as SSL/TLS.
- Layer 7: Detected application protocols like HTTP, FTP.
- Exposure of Internal Network Structure: Revealing devices, services, and network topology could be useful to malicious actors.
- Identification of Vulnerabilities: Open ports and outdated services could be exploited.
- Privacy Concerns: IP addresses and MAC addresses may be sensitive information.
To strengthen your network defenses, look for the following red flags in the report:
- Unknown Devices: Check for IP or MAC addresses that do not correspond to authorized devices.
- Unexpected Open Ports: Ensure that only the necessary ports are open. Look for commonly vulnerable ports like 23 (Telnet), 3389 (RDP), and 445 (SMB).
- Unusual Network Sessions: Watch for established sessions with unfamiliar remote addresses, especially high-risk IPs.
- Unencrypted Traffic: Ensure services transmitting data are using encryption (e.g., HTTPS instead of HTTP).
- Unexpected Services: Detect protocols or services running on devices that shouldn't be there.
Based on the findings in the report, consider the following steps to improve your network security:
- Device Inventory Management: Maintain an up-to-date inventory of all authorized devices and use Network Access Control (NAC) to prevent unauthorized connections.
- Port and Service Management: Close unnecessary ports, disable unused services, and use firewalls to restrict access.
- Session Monitoring: Regularly monitor network sessions and logs for unusual activity.
- Encryption Enforcement: Ensure that sensitive data transmission uses strong encryption protocols like TLS 1.2 or higher.
- Patch Management: Keep devices and software updated with the latest security patches.
- User Education and Policies: Enforce strong password policies, multi-factor authentication, and train users on best practices.
- Physical Security: Secure network equipment and restrict physical access.
- Secure Storage: Store the report in a secure, encrypted location and restrict access.
- Data Minimization: Only include necessary information. Redact or omit sensitive data if not required for analysis.
- Regular Audits: Schedule regular scans and compare results to detect new vulnerabilities or changes in the network.
- Compliance: Ensure that handling of the report complies with organizational security policies and legal regulations.
- Permissions and Legal Implications: Ensure you have permission to perform network scans, especially in corporate environments. Unauthorized scanning may be illegal in some jurisdictions.
- Impact on Network Performance: Extensive scanning may impact network performance. Run scans during off-peak hours.
- Risk of Detection by Security Systems: Scans may trigger alerts on intrusion detection/prevention systems (IDS/IPS). Coordinate with your security team to avoid false positives.
This tool is designed to help identify potential security issues in your local network, providing detailed insights into your network's structure and potential vulnerabilities. However, both the process of running scans and the generated report can expose sensitive information if not handled carefully.
By reviewing the report for the red flags mentioned and implementing the recommended security measures, you can strengthen your network defenses and reduce the likelihood of security breaches.
This tool should only be used on networks you own or have explicit permission to scan. Unauthorized network scanning is illegal in many jurisdictions.