功能描述

Performs authorized TCP port scanning, service banner grabbing, OS fingerprinting, and host discovery using pure Python without nmap on Windows/WSL/Linux.

使用说明 (SKILL.md)

Network Scanner — EdgeIQ Professional

Name: Network Scanner
Author: snipercat69

Version: 1.2.0
Skill Name: network-scanner
Category: Security / Reconnaissance
Tiers: Free v1 | Lifetime: $49 / Optional Monthly: $10/mo
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Windows

What It Does

Professional-grade network reconnaissance: host discovery, full-spectrum port scanning, service fingerprinting, CVE matching, SSL/TLS analysis, traceroute, subdomain enumeration, and vulnerability classification — without nmap. Pure Python sockets, works on WSL/Linux and Windows.

Designed for authorized security auditing of networks you own or have explicit written permission to scan.

⚠️ Legal Notice: Only scan networks you own or have explicit written permission to audit. Unauthorized scanning is illegal. This tool is for defensive security professionals, penetration testers, and network administrators.

Features

Core Capabilities

Host Discovery — ICMP ping + TCP connect probe (works through firewalls)
Port Scanning — Full spectrum: quick (9) / normal (20) / intense (100) / full (1–1024) / deep (1–65535)
Service Banner Grabbing — Identify services and exact version strings from open ports
HTTP/HTTPS Fingerprinting — Server detection, tech stack identification (WordPress, IIS, nginx, etc.), title grabbing, redirect following
SSL/TLS Security Grading — Certificate analysis, protocol detection, cipher inspection, grade assignment (A–F)
OS Fingerprinting — TTL + window size + open-port pattern heuristics (Linux/Windows/BSD/macOS detection)
CVE Matching — Local database of 40+ CVEs for common services (Apache, nginx, OpenSSH, MySQL, PostgreSQL, Redis, SMB, OpenSSL, MSSQL, VNC, RDP, DNS, SMTP, telnet, MongoDB, etc.)
Vulnerability Classification — Each open port tagged CRITICAL / HIGH / MEDIUM / LOW / NONE
Subdomain Enumeration — DNS lookup of 35+ common subdomain prefixes against discovered hosts
Traceroute — Network path analysis with per-hop RTT (Linux traceroute, Windows fallback)
Pure Python — Zero external dependencies (cryptography optional, degrades gracefully)
Cross-Platform — WSL/Linux + Windows + macOS
Concurrent Scanning — Multi-threaded ThreadPoolExecutor (configurable up to 150 workers)

Operational Features

Rate Limiting — --rate-delay for stealth/stealth scanning (e.g. --rate-delay 0.05)
Proxy Support — HTTP/SOCKS proxy via --proxy socks5://host:port
Signal Handling — Graceful Ctrl+C (finishes current hosts, then exits cleanly)
Quiet/Automation Mode — --quiet suppresses progress, exit codes for CI/CD:
- 0 = clean scan, no high-risk findings
- 2 = interrupted
- 3 = CRITICAL CVE found
- 4 = HIGH CVE found
Custom Port Range — --port-range 1-10000 or --port-range 1-65535
Output Formats — Discord (emoji-rich), Simple (CLI), JSON (machine-readable), HTML (polished report)
File Export — --output report.html / --output scan.json

Installation

# Direct run
python3 /home/guy/.openclaw/workspace/apps/network-scanner/scanner.py

# As OpenClaw skill — copy into skills folder
cp -r /home/guy/.openclaw/workspace/apps/network-scanner ~/.openclaw/skills/network-scanner

# Optional: make it executable
chmod +x /home/guy/.openclaw/workspace/apps/network-scanner/scanner.py

Scan Depth Tiers

Depth	Ports Scanned	Best For
`quick`	9	Fast local discovery
`normal`	20	General reconnaissance
`intense`	100	Full vulnerability assessment
`full`	1–1024	Complete well-known port sweep
`deep`	1–65535	Full spectrum (slow, loud)

Usage Examples

Basic Scans

# Quick local scan
python3 scanner.py 192.168.1.0/24 quick

# Normal scan
python3 scanner.py 10.5.1.1 normal

# Intense scan with traceroute + subdomains
python3 scanner.py 10.5.1.1 intense --traceroute --subdomains

# Full well-known port scan (1–1024)
python3 scanner.py 192.168.1.1 full

# Full 65k port deep scan
python3 scanner.py 192.168.1.1 deep

# Custom port range
python3 scanner.py 10.5.1.1 custom --port-range 1-10000

Advanced Features

# Slow/stealth scan with rate limiting
python3 scanner.py 192.168.1.0/24 normal --rate-delay 0.05 --workers 50

# High-concurrency scan (150 workers)
python3 scanner.py 10.0.0.1 intense --workers 150 --timeout 1.0

# Traceroute + subdomains + SSL analysis
python3 scanner.py target.example.com full --traceroute --subdomains

# Export JSON for automation
python3 scanner.py 192.168.1.1 intense --format json --output scan.json

# Export HTML report
python3 scanner.py 192.168.1.1 intense --format html --output report.html

# Local network discovery
python3 scanner.py --local-scan normal

# Full subnet local scan
python3 scanner.py --local full

As Discord Command

In #net-scan channel:

!net 192.168.1.0/24 quick
!net 10.5.1.1 intense --traceroute --subdomains
!net scanme.nmap.org full
!net local quick
!net example.com full --format html

Output Format Examples

Discord Format

🔍 EdgeIQ Scan Report — `192.168.1.1`
Mode: `intense` | Risk: 🟠 HIGH | Duration: `12.3s`

🟢 192.168.1.1 — server.example.com `2.1ms` | 5 ports | HIGH
   └ OS: `Linux/Unix (TTL≈64); Linux/Unix Server`
   └ Subdomains: `www.example.com`, `mail.example.com`
   └ Route: → 192.168.1.1
   80    http          Apache/2.4.41 🟠 HIGH — Apache path traversal
 443    https         nginx/1.18.0 [SSL: B] — Self-signed certificate
  22    ssh           OpenSSH_8.0 MEDIUM — User enumeration via timing
3306    mysql         MySQL/5.7.29 🔴 CRITICAL — Auth bypass (CVE-2012-2122)

─── Stats: 1 hosts | 100 ports scanned | 2 errors

JSON Output

{
  "target": "192.168.1.1",
  "scan_type": "intense",
  "timestamp": "2026-04-22 14:38:00",
  "duration_s": 12.3,
  "hosts": [{
    "ip": "192.168.1.1",
    "hostname": "server.example.com",
    "is_alive": true,
    "rtt_ms": 2.1,
    "ttl": 64,
    "os_guess": "Linux/Unix (TTL≈64)",
    "ports": {
      "80": {
        "port": 80, "state": "open", "service": "http",
        "version": "Apache/2.4.41",
        "banner": "Apache/2.4.41 (Ubuntu)",
        "cves": [{"cve": "CVE-2017-15710", "level": "MEDIUM", ...}],
        "vuln_level": "HIGH",
        "http_fingerprint": {"server": "Apache/2.4.41", "tech_stack": ["PHP", "WordPress"]}
      }
    }
  }]
}

Tier Comparison

Feature	Free (v1)	Lifetime ($49)	Optional Monthly ($10/mo)
Port depth	1–1024	Full (1–65535)	Full (1–65535)
CVE database	Local (~40 entries)	Full (~500 entries)	Full (~500 entries)
Traceroute	❌	✅	✅
Subdomain enum	❌	✅	✅
Output: HTML report	❌	✅	✅
Output: JSON report	✅	✅	✅
Output: Discord/Simple	✅	✅	✅
Scheduled scans	❌	✅	✅
Delta comparison	❌	✅	✅
Alert delivery	❌	✅	✅
Proxy support	❌	✅	✅
Rate limiting	✅	✅	✅
File export	❌	✅	✅
Support	Community	Priority	Priority

CVE Coverage

Current local database includes (partial list):

Service	CVEs Matched
Apache httpd	CVE-2024-27316, CVE-2022-31813, CVE-2017-15710
nginx	CVE-2021-23017, CVE-2019-9511/9513/9516, CVE-2013-2028
OpenSSH	CVE-2020-15778, CVE-2018-15473, CVE-2019-6109, CVE-2019-6111
MySQL	CVE-2012-2122, CVE-2018-2562, CVE-2020-2574
PostgreSQL	CVE-2019-9193, CVE-2022-41862
Redis	CVE-2018-11218, CVE-2018-11219, CVE-2019-10192
SMB/Samba	CVE-2017-0144 (EternalBlue)
OpenSSL	CVE-2014-0160 (Heartbleed), CVE-2022-0778, CVE-2014-0224 (CCS)
MSSQL	CVE-2019-1068, CVE-2019-1069
VNC	CVE-2006-2369, CVE-2015-5239
RDP	CVE-2019-0708 (BlueKeep), CVE-2022-21999
DNS/BIND	CVE-2020-1350 (SIGRed)
SMTP/Exim	CVE-2019-10149
telnetd	CVE-2020-10188
MongoDB	CVE-2019-2389
vsftpd	CVE-2011-2523 (backdoor)

Vuln level derives from CVE severity: CRITICAL > HIGH > MEDIUM > LOW.

Architecture

Language: Python 3 (pure stdlib — no external dependencies)
Optional: cryptography library for enhanced SSL certificate parsing (auto-skipped if unavailable)
Concurrency: concurrent.futures.ThreadPoolExecutor (configurable workers)
Scan Types: ICMP probe, TCP connect scan, ICMP ping, UDP probe, banner grab, HTTP fingerprint, SSL handshake, DNS lookup, traceroute (ICMP/UDP)
Supported Platforms: Linux/WSL, Windows, macOS
Dependencies: socket, concurrent.futures, struct, random, time, ipaddress, argparse, json, ssl, hashlib, re, datetime, signal

Exit Codes (Automation)

Code	Meaning
`0`	Scan complete, no CRITICAL/HIGH CVEs found
`1`	General error
`2`	Interrupted (Ctrl+C)
`3`	CRITICAL CVE found
`4`	HIGH CVE found

Legal & Ethical Use

This tool is for:

Network administrators auditing their own infrastructure
Penetration testers assessing client networks with authorization
Bug bounty researchers (with program approval)
Security researchers studying their own networks

This tool must NOT be used:

Against networks without explicit written permission
On public infrastructure you don't own
For any unauthorized access or reconnaissance

Upgrade Links

| $49 | $39 | | Monthly ($10/mo) | $10/mo |

Optional Monthly ($10/mo):

Pro ($29/mo) and Bundle ($39/mo) deprecated — all features now included in Lifetime.

Support

Email: [email protected]
Discord: https://discord.gg/aPhSnrU9
Site: https://edgeiqlabs.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
📸 Screenshot API — URL-to-screenshot API for developers
🔔 uptime.check — URL uptime monitoring with alerts
🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

安全使用建议

This appears to be a locally-run network scanner whose code matches its description. Before installing: (1) only run scans against networks you own or have explicit permission to scan (the tool is noisy and scanning unauthorized hosts is illegal); (2) inspect scanner.py for any subprocess calls or telemetry you might not want (the SKILL.md mentions traceroute and the codebase may invoke system utilities); (3) if you plan to use the Discord wrapper, update the hard-coded SCRIPT_PATH and do not expose bot tokens to the skill — the wrapper itself does not request tokens but a Discord integration will; (4) note the licensing stubs (LICENSE_TIER is local and gated features may be disabled); (5) run in an isolated environment (VM) first if you are unsure. If you want, provide the full scanner.py for a deeper line-by-line review (I reviewed the included excerpts but the file was truncated).

能力评估

ℹ Purpose & Capability

Name/description match the included code (scanner.py + Discord wrapper + license gate). The skill claims 'pure Python, zero external deps' and declares no required env vars or binaries, which generally aligns with the code. Minor mismatch: SKILL.md mentions using the system 'traceroute' on Linux, but the package declares no required binaries; this may be a fallback/informational note rather than an actual dependency.

ℹ Instruction Scope

SKILL.md instructs running scanner.py and copying the skill into the skills folder — consistent and narrowly scoped to scanning. Points to review: the Discord wrapper uses a hard-coded SCRIPT_PATH (/home/guy/...) which is environment-specific and brittle; it invokes the scanner via subprocess (expected for this use), and the license module currently contains TODOs (local LICENSE_TIER variable) rather than external license checks. No instructions tell the agent to read unrelated system files or exfiltrate data.

✓ Install Mechanism

No install spec or external downloads are present. The skill is instruction-only with source files included; nothing is fetched from remote URLs or written by an installer.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. The included files likewise do not require secrets to operate. The Discord wrapper uses subprocess calls and would require a separate Discord bot integration, but the skill itself does not demand Discord tokens or other unrelated credentials.

✓ Persistence & Privilege

The skill does not request 'always' presence, does not modify other skills' configs, and contains no code that attempts to persist credentials or enable itself globally. It runs locally when invoked.

版本历史

v1.4.0

v1.4.0: URGENT FIX — corrected Stripe Payment Link URLs (no suffixes, correct live URLs)

v1.3.0

v1.3.0: CRITICAL FIX — replaced placeholder Stripe URLs with real working Payment Link checkout URLs

v1.2.0

v1.2.0: Dual pricing — Lifetime as primary with optional monthly. Updated Stripe checkout URLs.

v1.1.0

Monetization update: added Free vs Pro plans, Stripe upgrade links, bundle option, and updated support/contact details.

v1.0.0

Initial release of Network Scanner Skill. - Comprehensive network reconnaissance: host discovery, TCP port scanning, banner grabbing, and OS fingerprinting using only Python standard library. - Pure Python, cross-platform (Linux/WSL, Windows, macOS), no external dependencies. - Configurable scan depth (quick/normal/intense) for targeted or full assessments. - Multi-threaded concurrent scanning for fast results. - Legal and ethical use emphasized; for authorized networks only. - OpenClaw compatible, includes Discord integration and Pro feature overview.

元数据

Slug edgeiq-network-scanner

版本 1.4.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Network Scanner 是什么？

Performs authorized TCP port scanning, service banner grabbing, OS fingerprinting, and host discovery using pure Python without nmap on Windows/WSL/Linux. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 130 次。

如何安装 Network Scanner？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install edgeiq-network-scanner」即可一键安装，无需额外配置。

Network Scanner 是免费的吗？

是的，Network Scanner 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Network Scanner 支持哪些平台？

Network Scanner 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Network Scanner？

由 snipercat69（@snipercat69）开发并维护，当前版本 v1.4.0。

Network Scanner