🏠 LANlord — Home Network Scanner

Know every device on your turf. A friendly, fast, root-free Python CLI that audits the network you're sitting on: discovers every device, scans the ports that matter, fingerprints what it found, and gives you (and each device) an honest security grade with concrete fixes.

  _        _    _   _ _               _
 | |      / \  | \ | | | ___  _ __ __| |
 | |     / _ \ |  \| | |/ _ \| '__/ _` |
 | |___ / ___ \| |\  | | (_) | | | (_| |
 |_____/_/   \_\_| \_|_|\___/|_|  \__,_|
            Home Network Scanner — v1.0.0

---

Why this exists

Most home networks have at least one of:

• A printer with a web UI on plain HTTP
• A NAS with SMBv1 still enabled
• An IoT light that's exposing telnet (yes, in 2026)
• A Raspberry Pi nobody remembers setting up
• A laptop with RDP open to the LAN

You don't need a CISSP to find this stuff — you need a sane tool that runs in two minutes, names the device, and tells you what to do about it. That's LANlord.

What it does

• 🔍 Discovers every IPv4 device on your subnet via concurrent ping sweep + ARP cache.
• 🏷️ Identifies them — MAC vendor (offline OUI database), reverse DNS hostname, OS guess from TTL.
• 🔌 Scans the ports that matter (curated common/top100 lists, or any range you like) over async TCP connect.
• 🎯 Grades every host and the network as a whole, A through F, with explanations, severities, and plain-English fixes.
• 📄 Exports to JSON, CSV, or a polished accessible HTML report (responsive, screen-reader friendly, prints cleanly).
• ♿ Accessible by default — --high-contrast, --plain (no colour/no boxes for screen readers), --no-color, full keyboard-friendly HTML output with skip links and ARIA labels.

No raw sockets. No root. No scapy. No npcap. Just stdlib + rich + typer + jinja2.

Install

git clone https://github.com/SubchiBeats/lanlord
cd lanlord
pip install .

This installs the lanlord command (with netscan as an alias). Prefer not to install? Run it straight from the source tree:

pip install -r requirements.txt
python -m netscanner scan

The Python package is named netscanner (descriptive); the command you run is lanlord. Both lanlord and netscan invoke the same tool.

Quick start

# Auto-detect your subnet, scan the common ports, print a graded report
lanlord scan

# Wider sweep
lanlord scan --ports top100

# A specific subnet, save an HTML report
lanlord scan --subnet 192.168.1.0/24 --output report.html

# Just one host
lanlord ports 192.168.1.1 --ports 1-1024

# Show what LANlord thinks of your environment
lanlord info
lanlord interfaces

Sample output

  ╭──────────────── Network security score ────────────────╮
  │                                                         │
  │   B    82 / 100                                         │
  │                                                         │
  │   Hosts: 7                                              │
  │   High findings: 2                                      │
  ╰─────────────────────────────────────────────────────────╯

  Discovered hosts
  ┌──────────────┬──────────────┬─────────────┬──────────┬──────────────┬───────┐
  │ IP           │ Hostname     │ Vendor      │ OS guess │ Open ports   │ Grade │
  ├──────────────┼──────────────┼─────────────┼──────────┼──────────────┼───────┤
  │ 192.168.1.1  │ router.lan   │ Netgear     │ Linux    │ 53, 80, 443  │ A (94)│
  │ 192.168.1.10 │ pi-hole.lan  │ Raspberry Pi│ Linux    │ 22, 53, 80   │ A (92)│
  │ 192.168.1.42 │ printer.lan  │ Hewlett P.  │ Linux    │ 80, 631, 9100│ C (74)│
  │ 192.168.1.55 │ —            │ Espressif   │ Linux    │ 23, 80       │ F (52)│
  └──────────────┴──────────────┴─────────────┴──────────┴──────────────┴───────┘

  192.168.1.55 — unknown device  F (52)
  ┌──────────┬──────┬───────────────────────────────┬───────────────────────────┐
  │ Severity │ Port │ Finding                       │ Fix                       │
  ├──────────┼──────┼───────────────────────────────┼───────────────────────────┤
  │ CRITICAL │  23  │ Telnet is enabled             │ Disable Telnet, use SSH.  │
  │ MEDIUM   │  80  │ HTTP without HTTPS            │ Enable TLS or LAN-only.   │
  └──────────┴──────┴───────────────────────────────┴───────────────────────────┘

  Result: grade B (82/100) across 7 hosts in 11.4s — 0 critical, 2 high

Accessibility

• --plain strips all colour, boxes, and Unicode borders — outputs flat lines a screen reader handles cleanly.
• --high-contrast uses only bold + primary colours, dropping dim/grey styles.
• --no-color keeps formatting but removes ANSI colour entirely.
• HTML reports include a skip link, ARIA labels on the score widget, proper heading hierarchy, prefers-color-scheme support, focus rings on every interactive element, and a responsive layout that linearises tables on narrow screens.

CLI reference

lanlord scan         Discover devices, scan ports, score your network.
lanlord ports IP     Scan ports on a single host.
lanlord interfaces   List local network interfaces.
lanlord info         Show environment / detected subnet.

Key flags for scan:

Flag	Default	Purpose
--subnet, -s	autodetected	CIDR or bare IP (treated as /24)
--ports, -p	common	common, top100, all, or a list (22,80,1000-1010)
--timeout, -t	0.8	TCP connect timeout (s)
--ping-timeout	700	Ping reply timeout (ms)
--host-concurrency	32	Concurrent hosts during port scan
--port-concurrency	128	Concurrent ports per host
--ping-concurrency	128	Concurrent pings in discovery
--no-ping	off	Skip ping sweep (ARP-only)
--no-arp	off	Skip ARP cache lookup
--no-dns	off	Skip reverse DNS
--no-banner	off	Don't grab service banners
--passive	off	ARP-cache only — no packets sent
--output, -o	—	Write a report (report.json/csv/html)
--format, -f	extension	Force json/csv/html
--high-contrast / --plain / --no-color		Accessibility modes
--quiet, -q / --verbose, -v		Output volume
--i-own-this-network	off	Required to scan a public range

How the score works

Each host starts at 100. Every open port subtracts a weight based on the service's risk tier:

Tier	Weight	Examples
low	2	https (443), ssh (22), dns (53)
medium	8	http (80), http-alt (8080), upnp
high	18	smb (445), rdp (3389), snmp (161)
critical	35	telnet (23), redis (6379), adb (5555), unauth Docker (2375), MongoDB (27017)

Pattern rules add extra penalties for combinations (e.g. telnet without ssh, HTTP with no HTTPS). The network-level score is the average host score, with an additional penalty when any critical findings exist on the LAN.

Letter grades: A ≥ 90, B ≥ 80, C ≥ 70, D ≥ 60, E ≥ 40, F below.

This is deliberately simple — the value is in the per-finding remediation, not the magic number.

Architecture

netscanner/
├── cli.py           Typer entry point + commands
├── discovery.py     Ping sweep + ARP table merge
├── ports.py         Asyncio TCP connect scanner + banner grab
├── fingerprint.py   Hostname / vendor / OS-from-TTL enrichment
├── oui.py           MAC OUI -> vendor (bundled JSON DB)
├── services.py      Port -> service / risk tier
├── scoring.py       Per-host & network scoring + findings
├── report.py        JSON / CSV / HTML writers
├── ui.py            Rich theming, tables, panels, a11y modes
├── netutils.py      Interface enumeration, CIDR parsing, safety checks
└── data/
    ├── oui.json
    ├── services.json
    └── report.html.j2

Tests

pip install -e ".[dev]"
pytest

Tests cover the bits that benefit most from being deterministic: scoring, service lookup, OUI normalization, and netutils (CIDR / port spec parsing, public-range safety).

Ethics & legality

Scan only networks you own or have explicit written permission to assess.

Port scanning a network you don't own can be a crime depending on your jurisdiction. By default LANlord refuses to scan anything outside the private RFC1918 / link-local / loopback ranges. The --i-own-this-network override exists for authorised lab / customer engagements; you accept full responsibility for using it.

This tool does active TCP connect scans by default — it's not stealthy and isn't trying to be. Use --passive to stay on the wire as just an ARP-cache reader.

Limitations & honest caveats

• IPv4 only. Most home networks dual-stack but the device-of-record on the LAN is still v4 for the vast majority of users.
• No raw sockets. That keeps it install-free and root-free, but means there's no SYN scan or true ARP probe. Discovery relies on the OS ping binary and the OS ARP cache.
• OS guess is heuristic. TTL-based fingerprinting is intentionally coarse — it's a hint, not an identification.
• OUI database is small. The bundled vendor list covers the brands you see most often on a home LAN; truly exotic gear may come back as "unknown". You can drop a larger oui.json in netscanner/data/ to extend it.
• Banner grabs are passive 120-byte reads — no protocol negotiation, no probes. They're a clue, not a fingerprint.

License

MIT — see LICENSE.

Acknowledgements

• Rich — gorgeous terminal output
• Typer — delightful CLIs
• Jinja2 — HTML templating
• The IEEE OUI registry — the source of every vendor in oui.json