NetScapp (Network Scanner & Collector) is a compact, asynchronous Python tool designed for network reconnaissance, service mapping, and log intelligence.
It can scan subnets for open ports, detect banners and MACs, and also parse Syslog or Apache logs into structured JSON/CSV summaries or visual plots.
- Asynchronous scanning of IPv4 subnets
- Discovers open TCP ports and service banners
- Performs ARP MAC address resolution (requires root)
- Supports CIDR range scanning (
192.168.1.0/24) - JSON/CSV output for automation or data export
- Configurable concurrency and timeout
- Parses Apache and Syslog log formats
- Detects common errors and anomalies:
- HTTP 404s, 500s
- Authentication or SSH failures
- IP repetition & access bursts
- Summarizes results as JSON/CSV
- Optional visualization with matplotlib
- Fully asynchronous (asyncio-based)
- Modular design — easily extendable
- CLI-driven
- Automation-ready JSON output
- Python 3.10+
- Works on Linux, BSD, and macOS
- Root required for:
- ARP/MAC resolution
- Accessing ports < 1024
Install the following: pip install aiohttp scapy matplotlib pandas
Optional for pretty output: pip install jq
git clone https://github.com/mreinrt/netscapp.git cd netscapp
python3 -m venv venv source venv/bin/activate
python3 netscapp.py <command> [options]
| Command | Description |
|---|---|
| scan | Scan networks and map open ports |
| analyze | Parse and summarize logs |
python3 netscapp.py scan --cidr 192.168.1.38
sudo python3 netscapp.py scan --cidr 192.168.1.0/24
| Option | Description | Default |
|---|---|---|
| --ports | Comma-separated list or range (22,80,443 or 1-1024) | 22,80,443,8080 |
| --timeout | Connection timeout (sec) | 1.0 |
| --concurrency | Number of concurrent async connections | 500 |
| --json | Save results as JSON file | None |
| --csv | Save results as CSV file | None |
sudo python3 netscapp.py scan --cidr 192.168.1.0/24 \
--ports 22,80,443,3389 \
--concurrency 100 \
--json scan_results.json
{
"scanned_cidr": "192.168.1.0/24",
"timestamp": "2025-10-13T02:40:00Z",
"results": [
{
"ip": "192.168.1.10",
"mac": "aa:bb:cc:dd:ee:ff",
"open_ports": [
{"port": 22, "banner": "SSH-2.0-OpenSSH_9.3"},
{"port": 80, "banner": "Apache/2.4.57"}
]
}
]
}
python3 netscapp.py analyze --log /var/log/apache2/access.log \
--type apache --json apache_summary.json
python3 netscapp.py analyze --log /var/log/syslog \
--type syslog --csv sys_summary.csv
NetScapp produces structured RFC-compliant JSON output that integrates easily with:
- Automation pipelines
- Dashboards (ELK, Splunk, SIEM)
- jq / Python / Pandas
Example:
python3 netscapp.py scan --cidr 192.168.1.0/24 | jq '.results[].open_ports[] | select(.port==22)'
- Service banners include escaped newlines such as
"SSH-2.0-OpenSSH_10.0\r\n". - These are intentionally escaped to ensure valid JSON encoding.
- When parsed,
\r\nbecomes a real line break in code. - Safe for ingestion by any JSON parser or automation framework.
The default output is machine-oriented (compact JSON).
For readability:
python3 netscapp.py scan --cidr 192.168.1.0/24 | jq
or
python3 netscapp.py scan --cidr 192.168.1.0/24 | python3 -m json.tool
You can also modify the script to pretty-print directly:
print(json.dumps(out, indent=2))
-
System hit open file descriptor limit due to excessive concurrency.
-
Check current limit:
ulimit -n -
Fix:
-
Reduce concurrency (
--concurrency 100) -
Increase descriptor limit:
ulimit -n 8192
-
- Requires root privileges for ARP.
- Only works within the same subnet/broadcast domain.
# 1. Full LAN scan
sudo python3 netscapp.py scan --cidr 192.168.1.0/24 --json lan_scan.json
# 2. Pretty-print output
cat lan_scan.json | jq
# 3. Log summary export
python3 netscapp.py analyze --log /var/log/syslog --type syslog --csv sys_summary.csv