Network Scanner

v1.4.0

Performs authorized TCP port scanning, service banner grabbing, OS fingerprinting, and host discovery using pure Python without nmap on Windows/WSL/Linux.

⭐ 0· 128·0 current·0 all-time

by@snipercat69

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for snipercat69/edgeiq-network-scanner.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Network Scanner" (snipercat69/edgeiq-network-scanner) from ClawHub.
Skill page: https://clawhub.ai/snipercat69/edgeiq-network-scanner
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edgeiq-network-scanner

ClawHub CLI

Package manager switcher

npx clawhub@latest install edgeiq-network-scanner

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

medium confidence

ℹ

Purpose & Capability

Name/description match the included code (scanner.py + Discord wrapper + license gate). The skill claims 'pure Python, zero external deps' and declares no required env vars or binaries, which generally aligns with the code. Minor mismatch: SKILL.md mentions using the system 'traceroute' on Linux, but the package declares no required binaries; this may be a fallback/informational note rather than an actual dependency.

ℹ

Instruction Scope

SKILL.md instructs running scanner.py and copying the skill into the skills folder — consistent and narrowly scoped to scanning. Points to review: the Discord wrapper uses a hard-coded SCRIPT_PATH (/home/guy/...) which is environment-specific and brittle; it invokes the scanner via subprocess (expected for this use), and the license module currently contains TODOs (local LICENSE_TIER variable) rather than external license checks. No instructions tell the agent to read unrelated system files or exfiltrate data.

✓

Install Mechanism

No install spec or external downloads are present. The skill is instruction-only with source files included; nothing is fetched from remote URLs or written by an installer.

✓

Credentials

The skill requests no environment variables, credentials, or config paths. The included files likewise do not require secrets to operate. The Discord wrapper uses subprocess calls and would require a separate Discord bot integration, but the skill itself does not demand Discord tokens or other unrelated credentials.

✓

Persistence & Privilege

The skill does not request 'always' presence, does not modify other skills' configs, and contains no code that attempts to persist credentials or enable itself globally. It runs locally when invoked.

Assessment

This appears to be a locally-run network scanner whose code matches its description. Before installing: (1) only run scans against networks you own or have explicit permission to scan (the tool is noisy and scanning unauthorized hosts is illegal); (2) inspect scanner.py for any subprocess calls or telemetry you might not want (the SKILL.md mentions traceroute and the codebase may invoke system utilities); (3) if you plan to use the Discord wrapper, update the hard-coded SCRIPT_PATH and do not expose bot tokens to the skill — the wrapper itself does not request tokens but a Discord integration will; (4) note the licensing stubs (LICENSE_TIER is local and gated features may be disabled); (5) run in an isolated environment (VM) first if you are unsure. If you want, provide the full scanner.py for a deeper line-by-line review (I reviewed the included excerpts but the file was truncated).

scanner.py:418

Potential obfuscated payload detected.

About static analysis

These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748jgqg81qs49t4tyw7f6kts85g37z

128downloads

0stars

5versions

Updated 3d ago

v1.4.0

MIT-0

Network Scanner — EdgeIQ Professional

Version: 1.2.0
Skill Name: network-scanner
Category: Security / Reconnaissance
Tiers: Free v1 | Lifetime: $49 / Optional Monthly: $10/mo
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Windows

What It Does

Professional-grade network reconnaissance: host discovery, full-spectrum port scanning, service fingerprinting, CVE matching, SSL/TLS analysis, traceroute, subdomain enumeration, and vulnerability classification — without nmap. Pure Python sockets, works on WSL/Linux and Windows.

Designed for authorized security auditing of networks you own or have explicit written permission to scan.

⚠️ Legal Notice: Only scan networks you own or have explicit written permission to audit. Unauthorized scanning is illegal. This tool is for defensive security professionals, penetration testers, and network administrators.

Features

Core Capabilities

Host Discovery — ICMP ping + TCP connect probe (works through firewalls)
Port Scanning — Full spectrum: quick (9) / normal (20) / intense (100) / full (1–1024) / deep (1–65535)
Service Banner Grabbing — Identify services and exact version strings from open ports
HTTP/HTTPS Fingerprinting — Server detection, tech stack identification (WordPress, IIS, nginx, etc.), title grabbing, redirect following
SSL/TLS Security Grading — Certificate analysis, protocol detection, cipher inspection, grade assignment (A–F)
OS Fingerprinting — TTL + window size + open-port pattern heuristics (Linux/Windows/BSD/macOS detection)
CVE Matching — Local database of 40+ CVEs for common services (Apache, nginx, OpenSSH, MySQL, PostgreSQL, Redis, SMB, OpenSSL, MSSQL, VNC, RDP, DNS, SMTP, telnet, MongoDB, etc.)
Vulnerability Classification — Each open port tagged CRITICAL / HIGH / MEDIUM / LOW / NONE
Subdomain Enumeration — DNS lookup of 35+ common subdomain prefixes against discovered hosts
Traceroute — Network path analysis with per-hop RTT (Linux traceroute, Windows fallback)
Pure Python — Zero external dependencies (cryptography optional, degrades gracefully)
Cross-Platform — WSL/Linux + Windows + macOS
Concurrent Scanning — Multi-threaded ThreadPoolExecutor (configurable up to 150 workers)

Operational Features

Rate Limiting — --rate-delay for stealth/stealth scanning (e.g. --rate-delay 0.05)
Proxy Support — HTTP/SOCKS proxy via --proxy socks5://host:port
Signal Handling — Graceful Ctrl+C (finishes current hosts, then exits cleanly)
Quiet/Automation Mode — --quiet suppresses progress, exit codes for CI/CD:
- 0 = clean scan, no high-risk findings
- 2 = interrupted
- 3 = CRITICAL CVE found
- 4 = HIGH CVE found
Custom Port Range — --port-range 1-10000 or --port-range 1-65535
Output Formats — Discord (emoji-rich), Simple (CLI), JSON (machine-readable), HTML (polished report)
File Export — --output report.html / --output scan.json

Installation

# Direct run
python3 /home/guy/.openclaw/workspace/apps/network-scanner/scanner.py

# As OpenClaw skill — copy into skills folder
cp -r /home/guy/.openclaw/workspace/apps/network-scanner ~/.openclaw/skills/network-scanner

# Optional: make it executable
chmod +x /home/guy/.openclaw/workspace/apps/network-scanner/scanner.py

Scan Depth Tiers

Depth	Ports Scanned	Best For
`quick`	9	Fast local discovery
`normal`	20	General reconnaissance
`intense`	100	Full vulnerability assessment
`full`	1–1024	Complete well-known port sweep
`deep`	1–65535	Full spectrum (slow, loud)

Usage Examples

Basic Scans

# Quick local scan
python3 scanner.py 192.168.1.0/24 quick

# Normal scan
python3 scanner.py 10.5.1.1 normal

# Intense scan with traceroute + subdomains
python3 scanner.py 10.5.1.1 intense --traceroute --subdomains

# Full well-known port scan (1–1024)
python3 scanner.py 192.168.1.1 full

# Full 65k port deep scan
python3 scanner.py 192.168.1.1 deep

# Custom port range
python3 scanner.py 10.5.1.1 custom --port-range 1-10000

Advanced Features

# Slow/stealth scan with rate limiting
python3 scanner.py 192.168.1.0/24 normal --rate-delay 0.05 --workers 50

# High-concurrency scan (150 workers)
python3 scanner.py 10.0.0.1 intense --workers 150 --timeout 1.0

# Traceroute + subdomains + SSL analysis
python3 scanner.py target.example.com full --traceroute --subdomains

# Export JSON for automation
python3 scanner.py 192.168.1.1 intense --format json --output scan.json

# Export HTML report
python3 scanner.py 192.168.1.1 intense --format html --output report.html

# Local network discovery
python3 scanner.py --local-scan normal

# Full subnet local scan
python3 scanner.py --local full

As Discord Command

In #net-scan channel:

!net 192.168.1.0/24 quick
!net 10.5.1.1 intense --traceroute --subdomains
!net scanme.nmap.org full
!net local quick
!net example.com full --format html

Output Format Examples

Discord Format

🔍 EdgeIQ Scan Report — `192.168.1.1`
Mode: `intense` | Risk: 🟠 HIGH | Duration: `12.3s`

🟢 192.168.1.1 — server.example.com `2.1ms` | 5 ports | HIGH
   └ OS: `Linux/Unix (TTL≈64); Linux/Unix Server`
   └ Subdomains: `www.example.com`, `mail.example.com`
   └ Route: → 192.168.1.1
   80    http          Apache/2.4.41 🟠 HIGH — Apache path traversal
 443    https         nginx/1.18.0 [SSL: B] — Self-signed certificate
  22    ssh           OpenSSH_8.0 MEDIUM — User enumeration via timing
3306    mysql         MySQL/5.7.29 🔴 CRITICAL — Auth bypass (CVE-2012-2122)

─── Stats: 1 hosts | 100 ports scanned | 2 errors

JSON Output

{
  "target": "192.168.1.1",
  "scan_type": "intense",
  "timestamp": "2026-04-22 14:38:00",
  "duration_s": 12.3,
  "hosts": [{
    "ip": "192.168.1.1",
    "hostname": "server.example.com",
    "is_alive": true,
    "rtt_ms": 2.1,
    "ttl": 64,
    "os_guess": "Linux/Unix (TTL≈64)",
    "ports": {
      "80": {
        "port": 80, "state": "open", "service": "http",
        "version": "Apache/2.4.41",
        "banner": "Apache/2.4.41 (Ubuntu)",
        "cves": [{"cve": "CVE-2017-15710", "level": "MEDIUM", ...}],
        "vuln_level": "HIGH",
        "http_fingerprint": {"server": "Apache/2.4.41", "tech_stack": ["PHP", "WordPress"]}
      }
    }
  }]
}

Tier Comparison

Feature	Free (v1)	Lifetime ($49)	Optional Monthly ($10/mo)
Port depth	1–1024	Full (1–65535)	Full (1–65535)
CVE database	Local (~40 entries)	Full (~500 entries)	Full (~500 entries)
Traceroute	❌	✅	✅
Subdomain enum	❌	✅	✅
Output: HTML report	❌	✅	✅
Output: JSON report	✅	✅	✅
Output: Discord/Simple	✅	✅	✅
Scheduled scans	❌	✅	✅
Delta comparison	❌	✅	✅
Alert delivery	❌	✅	✅
Proxy support	❌	✅	✅
Rate limiting	✅	✅	✅
File export	❌	✅	✅
Support	Community	Priority	Priority

CVE Coverage

Current local database includes (partial list):

Service	CVEs Matched
Apache httpd	CVE-2024-27316, CVE-2022-31813, CVE-2017-15710
nginx	CVE-2021-23017, CVE-2019-9511/9513/9516, CVE-2013-2028
OpenSSH	CVE-2020-15778, CVE-2018-15473, CVE-2019-6109, CVE-2019-6111
MySQL	CVE-2012-2122, CVE-2018-2562, CVE-2020-2574
PostgreSQL	CVE-2019-9193, CVE-2022-41862
Redis	CVE-2018-11218, CVE-2018-11219, CVE-2019-10192
SMB/Samba	CVE-2017-0144 (EternalBlue)
OpenSSL	CVE-2014-0160 (Heartbleed), CVE-2022-0778, CVE-2014-0224 (CCS)
MSSQL	CVE-2019-1068, CVE-2019-1069
VNC	CVE-2006-2369, CVE-2015-5239
RDP	CVE-2019-0708 (BlueKeep), CVE-2022-21999
DNS/BIND	CVE-2020-1350 (SIGRed)
SMTP/Exim	CVE-2019-10149
telnetd	CVE-2020-10188
MongoDB	CVE-2019-2389
vsftpd	CVE-2011-2523 (backdoor)

Vuln level derives from CVE severity: CRITICAL > HIGH > MEDIUM > LOW.

Architecture

Language: Python 3 (pure stdlib — no external dependencies)
Optional: cryptography library for enhanced SSL certificate parsing (auto-skipped if unavailable)
Concurrency: concurrent.futures.ThreadPoolExecutor (configurable workers)
Scan Types: ICMP probe, TCP connect scan, ICMP ping, UDP probe, banner grab, HTTP fingerprint, SSL handshake, DNS lookup, traceroute (ICMP/UDP)
Supported Platforms: Linux/WSL, Windows, macOS
Dependencies: socket, concurrent.futures, struct, random, time, ipaddress, argparse, json, ssl, hashlib, re, datetime, signal

Exit Codes (Automation)

Code	Meaning
`0`	Scan complete, no CRITICAL/HIGH CVEs found
`1`	General error
`2`	Interrupted (Ctrl+C)
`3`	CRITICAL CVE found
`4`	HIGH CVE found

Legal & Ethical Use

This tool is for:

Network administrators auditing their own infrastructure
Penetration testers assessing client networks with authorization
Bug bounty researchers (with program approval)
Security researchers studying their own networks

This tool must NOT be used:

Against networks without explicit written permission
On public infrastructure you don't own
For any unauthorized access or reconnaissance

Upgrade Links

| $49 | $39 | | Monthly ($10/mo) | $10/mo |

Optional Monthly ($10/mo):

Pro ($29/mo) and Bundle ($39/mo) deprecated — all features now included in Lifetime.

Support

Email: gpalmieri21@gmail.com
Discord: https://discord.gg/aPhSnrU9
Site: https://edgeiqlabs.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
📸 Screenshot API — URL-to-screenshot API for developers
🔔 uptime.check — URL uptime monitoring with alerts
🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

Comments

Loading comments...