whatisgithub

What is netrecon?

skuntir/netrecon — explained in plain English

Analysis updated 2026-05-18

5PythonAudience · ops devopsComplexity · 3/5Setup · moderate

In one sentence

A Python toolkit that scans a network to discover devices and services, then enriches and exports the findings for security analysis.

Mindmap

mindmap
  root((NetRecon))
    What it does
      Discovers network devices
      Enriches service data
      Offline vulnerability context
    Tech stack
      Python
      ARP and ICMP
      SNMP
    Use cases
      Network inventory
      Vulnerability cross-reference
      Continuous monitoring
    Audience
      Security teams
      Network admins

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Discover and inventory all active devices and services on a network you manage.

USE CASE 2

Cross-reference discovered services against known vulnerabilities using offline NVD data.

USE CASE 3

Continuously monitor a network for changes using agent mode and export results to graph tools.

What is it built with?

PythonARPICMPSNMPNVD JSON

How does it compare?

skuntir/netrecon1ncendium/aibusteraaronmayeux/ha-hurricane-tracker
Stars555
LanguagePythonPythonPython
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audienceops devopsops devopsgeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Some scan modes require elevated (root/admin) privileges, use only on networks you have permission to test.

So what is it?

NetRecon is a network reconnaissance and defensive intelligence toolkit written in Python. It helps security teams and network administrators discover, analyze, and understand the devices and services running on a network. When you point NetRecon at a network range, it first discovers which devices are active using several techniques including ARP (a protocol for mapping IP addresses to hardware addresses), ICMP ping-style probes, TCP, and UDP scanning. Discovered devices are then probed to identify which services they are running, and those services are enriched with additional context: DNS hostnames, service banners, TLS certificate information, and HTTP fingerprints. Optional SNMP data collection is also supported. NetRecon can layer in offline vulnerability context by ingesting local data in NVD JSON 2.0 format, letting you cross-reference discovered services against known security issues without sending data to an external service. All scan results are stored locally. Results can be exported in a wide range of formats including JSON, GraphML, GEXF, Cytoscape, Obsidian Canvas, Neo4j CSV, Sigma.js JSON, and STIX bundle, catering to different visualization and analysis tools. A live web interface can display scan results in real time as the scan runs. An agent mode supports continuous periodic monitoring. Three predefined scan profiles control intensity: Light for fast minimal scanning, Medium for a balanced approach, and Deep for maximum discovery and enrichment. Some scan modes require elevated system privileges. The README notes that NetRecon should only be used on networks you own or have explicit permission to test.

Copy-paste prompts

Prompt 1
Help me run a basic NetRecon scan against my local network range.
Prompt 2
Explain the difference between NetRecon's Light, Medium, and Deep scan profiles.
Prompt 3
Show me how to export NetRecon scan results into a graph visualization tool.
Prompt 4
Help me set up NetRecon's agent mode for continuous network monitoring.

Frequently asked questions

What is netrecon?

A Python toolkit that scans a network to discover devices and services, then enriches and exports the findings for security analysis.

What language is netrecon written in?

Mainly Python. The stack also includes Python, ARP, ICMP.

How hard is netrecon to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is netrecon for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.