root/netzwerk_diagramm_scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize project structure: move code to src/, docs to docs/, config to config/, scripts to scripts/, results to results/, tests to tests/. Keep only main script and latest scan results in root.

Browse Source
This commit is contained in:
mindesbunister
2025-10-10 15:39:59 +02:00
parent b8e06617e8
commit da5f1f2d0c
26 changed files with 581 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

299
docs/GETTING_STARTED.md Normal file
View File

@@ -0,0 +1,299 @@
# Network Scanner - Getting Started Checklist
## ✅ Pre-Installation Checklist
- [ ] Linux system available
- [ ] Python 3.8 or higher installed
- [ ] Network access to devices you want to scan
- [ ] Authorization to scan your network
- [ ] SSH access to network devices (optional but recommended)
## ✅ Initial Setup
### 1. Verify System
```bash
cd /home/rwiegand/Nextcloud/entwicklung/Werkzeuge/netzwerk_diagramm_scanner
./test_system.py
```
**Expected outcome:** All tests should pass ✓
### 2. Configure SSH Access (Recommended)
- [ ] **Generate SSH key** (if you don't have one):
```bash
ssh-keygen -t ed25519 -f ~/.ssh/network_scanner -N ""
```
- [ ] **Copy SSH key to your devices**:
```bash
# For each device you want to scan
ssh-copy-id -i ~/.ssh/network_scanner.pub root@<device-ip>
# Example for pfSense
ssh-copy-id -i ~/.ssh/network_scanner.pub root@192.168.1.1
```
- [ ] **Test SSH connection**:
```bash
ssh -i ~/.ssh/network_scanner root@<device-ip> "echo Connection OK"
```
### 3. Create Configuration
- [ ] **Copy example config**:
```bash
cp config.json.example config.json
```
- [ ] **Edit config.json** with your details:
- [ ] Update `ssh_user` (usually "root" or your admin user)
- [ ] Update `ssh_key_path` (e.g., `/home/username/.ssh/network_scanner`)
- [ ] Add your network ranges to `additional_networks`
- [ ] Add your pfSense/router IPs to `special_devices`
**Example config.json:**
```json
{
"ssh_user": "root",
"ssh_key_path": "/home/rwiegand/.ssh/network_scanner",
"timeout": 2,
"additional_networks": [
"192.168.1.0/24",
"10.0.0.0/24",
"10.8.0.0/24"
],
"special_devices": {
"192.168.1.1": {
"name": "pfSense Main",
"type": "firewall",
"os": "pfSense"
}
}
}
```
## ✅ First Scan
### Option A: Interactive Mode
- [ ] **Run quickstart**:
```bash
./quickstart.sh
```
Choose option 1 for a quick test scan.
### Option B: Direct Scan
- [ ] **Run integrated scanner**:
```bash
./integrated_scanner.py -v -o first_scan.json
```
- [ ] **Check output**:
```bash
cat first_scan.json | jq '.segments | length'
```
### Option C: With SVG Diagram
- [ ] **Run with diagram generation**:
```bash
./integrated_scanner.py -v -o scan.json --generate-svg
```
- [ ] **Open diagram**:
```bash
firefox scan.svg
# or
xdg-open scan.svg
```
## ✅ Verification Steps
After your first scan:
- [ ] **Check segment count**:
```bash
cat first_scan.json | jq '.segments | length'
```
Expected: At least 1 network segment
- [ ] **Check device count**:
```bash
cat first_scan.json | jq '[.segments[].devices[]] | length'
```
Expected: Number of devices in your network
- [ ] **List found devices**:
```bash
cat first_scan.json | jq -r '.segments[].devices[].ip'
```
- [ ] **Check pfSense detection** (if applicable):
```bash
cat first_scan.json | jq '.segments[].devices[] | select(.device_type=="firewall")'
```
## ✅ Advanced Configuration
### For pfSense Users:
- [ ] **Test pfSense scanner directly**:
```bash
./pfsense_scanner.py <pfsense-ip> -u root -k ~/.ssh/network_scanner -o pfsense_test.json
```
- [ ] **Verify pfSense data**:
```bash
# Check interfaces
cat pfsense_test.json | jq '.interfaces'
# Check VPN
cat pfsense_test.json | jq '.vpn'
# Check routes
cat pfsense_test.json | jq '.routes | length'
```
### For Multiple Networks:
- [ ] **List all networks**:
```bash
ip route show
```
- [ ] **Add each network to config.json**:
- Local network (e.g., 192.168.1.0/24)
- Guest network (e.g., 192.168.2.0/24)
- VPN networks (e.g., 10.8.0.0/24)
- WireGuard networks (e.g., 10.0.0.0/24)
### For VPN Networks:
- [ ] **Check WireGuard**:
```bash
# On pfSense or WireGuard server
wg show
```
- [ ] **Add VPN networks** to config.json additional_networks
- [ ] **Verify VPN is marked** in scan results:
```bash
cat scan.json | jq '.segments[] | select(.is_vpn==true)'
```
## ✅ Common Issues & Solutions
### Issue: No devices found
- [ ] Check network connectivity: `ping <gateway>`
- [ ] Verify ICMP is not blocked
- [ ] Try with verbose mode: `-v`
- [ ] Check if you're on the correct network
### Issue: SSH connection failures
- [ ] Verify SSH service is running on target device
- [ ] Check SSH key permissions: `chmod 600 ~/.ssh/network_scanner`
- [ ] Test manual connection: `ssh -i ~/.ssh/network_scanner root@<ip>`
- [ ] Verify key is in authorized_keys on target
### Issue: pfSense not detected
- [ ] Verify pfSense SSH is enabled
- [ ] Check pfSense is in special_devices config
- [ ] Test direct pfSense scan: `./pfsense_scanner.py <ip>`
- [ ] Check pfSense firewall rules allow SSH from your IP
### Issue: Scan too slow
- [ ] Reduce timeout in config.json
- [ ] Limit network ranges in additional_networks
- [ ] Increase max_workers (if you have powerful system)
## ✅ Next Steps
Once basic scanning works:
### Documentation
- [ ] Run full scan: `./integrated_scanner.py -o full_network.json --generate-svg`
- [ ] Review SVG diagram
- [ ] Generate markdown docs (see EXAMPLES.sh)
- [ ] Save baseline scan for future comparison
### Automation
- [ ] Set up scheduled scans (cron)
- [ ] Create backup script for scan results
- [ ] Set up alerts for network changes
### Customization
- [ ] Customize device type detection
- [ ] Adjust SVG styling and colors
- [ ] Add custom port scanning
- [ ] Create custom reports
### Integration
- [ ] Export data to CSV
- [ ] Integrate with monitoring system
- [ ] Create dashboards
- [ ] Set up change detection
## ✅ Quick Reference
### Most Common Commands
```bash
# Quick scan
./network_scanner.py -v
# Full scan with diagram
./integrated_scanner.py --generate-svg
# Scan specific pfSense
./pfsense_scanner.py 192.168.1.1 -u root -k ~/.ssh/id_rsa
# Generate diagram from existing scan
./svg_generator.py scan.json -o diagram.svg
# Interactive mode
./quickstart.sh
# System test
./test_system.py
```
### Useful jq Queries
```bash
# List all IPs
cat scan.json | jq -r '.segments[].devices[].ip'
# List SSH-accessible devices
cat scan.json | jq -r '.segments[].devices[] | select(.ssh_accessible==true) | .ip'
# Count devices per segment
cat scan.json | jq '.segments[] | "\(.name): \(.devices | length) devices"'
# List routers and firewalls
cat scan.json | jq -r '.segments[].devices[] | select(.device_type=="router" or .device_type=="firewall") | "\(.ip) - \(.hostname)"'
```
## ✅ Getting Help
- [ ] Read README.md for detailed documentation
- [ ] Check EXAMPLES.sh for usage scenarios
- [ ] Review PROJECT_SUMMARY.md for overview
- [ ] Run `./quickstart.sh` for interactive help
## 🎉 Success Criteria
You're ready to use the scanner when:
- ✅ All system tests pass
- ✅ SSH keys are set up and working
- ✅ config.json is properly configured
- ✅ First scan completes successfully
- ✅ Devices are detected in your network
- ✅ SVG diagram is generated
- ✅ pfSense devices are properly detected (if applicable)
---
**Need help?** Check the troubleshooting section above or review the documentation files.
**Ready to go?** Run `./quickstart.sh` or `./integrated_scanner.py --generate-svg -v`

423
docs/PROJECT_SUMMARY.md Normal file
View File

@@ -0,0 +1,423 @@
# Network Scanner Project - Complete Summary
## 📁 Project Structure
```
netzwerk_diagramm_scanner/
├── network_scanner.py # Main network scanning engine
├── pfsense_scanner.py # pfSense-specific scanner
├── svg_generator.py # SVG diagram generator
├── integrated_scanner.py # Combined scanner with pfSense integration
├── test_system.py # System verification and testing
├── quickstart.sh # Interactive quick start guide
├── EXAMPLES.sh # Usage examples and scenarios
├── config.json.example # Configuration template
├── requirements.txt # Python dependencies
├── README.md # Complete documentation
└── .gitignore # Git ignore file
```
## 🚀 Quick Start
```bash
# 1. Run system tests
./test_system.py
# 2. Use the interactive quickstart
./quickstart.sh
# 3. Or run directly
./integrated_scanner.py --generate-svg -v
```
## 📋 What Each Script Does
### network_scanner.py
**Main network scanner** - Discovers and scans network devices
- Auto-discovers network segments from routing table
- Ping sweep to find live hosts
- Port scanning (common services)
- SSH-based information gathering
- Device type identification
- Routing table extraction
- Network interface enumeration
**Usage:**
```bash
./network_scanner.py -c config.json -o scan_results.json -v
```
### pfsense_scanner.py
**pfSense-specific scanner** - Deep dive into pfSense firewalls
- Network interfaces and IP configuration
- Complete routing table
- VPN information:
- WireGuard tunnels and peers
- OpenVPN connections
- IPsec tunnels
- Active firewall rules
- DHCP leases
- ARP table
- Gateway status
**Usage:**
```bash
./pfsense_scanner.py 192.168.1.1 -u root -k ~/.ssh/id_rsa -o pfsense.json
```
### svg_generator.py
**SVG diagram generator** - Creates visual network topology
- Color-coded network segments
- Device type icons (routers, servers, clients)
- Device information (IP, hostname, type)
- Network connections
- Legend explaining device types
**Usage:**
```bash
./svg_generator.py scan_results.json -o network_diagram.svg
```
### integrated_scanner.py
**All-in-one scanner** - Combines everything
- Full network scan
- Automatic pfSense detection and deep scanning
- Enhanced routing analysis
- Optional SVG generation
- Comprehensive reporting
**Usage:**
```bash
./integrated_scanner.py -c config.json -o full_scan.json --generate-svg -v
```
### test_system.py
**System verification** - Checks if everything is ready
- Python version check
- Network connectivity test
- Required commands verification
- Script syntax validation
- SSH key detection
- Network detection test
**Usage:**
```bash
./test_system.py
```
## 🔧 Configuration
Create `config.json` from the example:
```json
{
"ssh_user": "root",
"ssh_key_path": "/home/user/.ssh/id_rsa",
"timeout": 2,
"additional_networks": [
"192.168.1.0/24",
"10.0.0.0/24",
"10.8.0.0/24"
],
"special_devices": {
"192.168.1.1": {
"name": "pfSense Main Firewall",
"type": "firewall",
"os": "pfSense"
}
},
"scan_options": {
"max_workers": 10,
"ping_timeout": 2,
"port_scan_timeout": 1
}
}
```
## 📊 Output Format
### JSON Structure
```json
{
"scan_timestamp": "2025-10-10T12:00:00",
"segments": [
{
"name": "192.168.1.0/24",
"cidr": "192.168.1.0/24",
"gateway": "192.168.1.1",
"is_vpn": false,
"devices": [
{
"ip": "192.168.1.1",
"hostname": "pfsense.local",
"mac": "00:11:22:33:44:55",
"device_type": "firewall",
"os_type": "pfSense (FreeBSD)",
"open_ports": [22, 80, 443],
"ssh_accessible": true,
"routes": [...],
"interfaces": [...],
"pfsense_info": {
"vpn": {...},
"firewall_rules": [...],
"dhcp_leases": [...]
}
}
]
}
]
}
```
## 🎯 Common Use Cases
### 1. Network Documentation
```bash
# Generate complete network documentation
./integrated_scanner.py -o network_doc.json --generate-svg
```
### 2. Security Audit
```bash
# Scan and analyze open ports
./network_scanner.py -v -o security_scan.json
cat security_scan.json | jq '.segments[].devices[] | select(.open_ports[]? == 23)'
```
### 3. VPN Topology Mapping
```bash
# Extract VPN information
./pfsense_scanner.py <pfsense-ip> -o vpn_info.json
cat vpn_info.json | jq '.vpn'
```
### 4. Change Detection
```bash
# Baseline scan
./integrated_scanner.py -o baseline.json
# After changes
./integrated_scanner.py -o current.json
# Compare
diff <(jq -S . baseline.json) <(jq -S . current.json)
```
### 5. Scheduled Monitoring
```bash
# Add to crontab for daily scans
0 2 * * * /path/to/integrated_scanner.py -o /var/log/network-scan-$(date +\%Y\%m\%d).json
```
## 🔐 Security Setup
### SSH Key Generation
```bash
ssh-keygen -t ed25519 -f ~/.ssh/network_scanner -N ""
```
### Distribute to All Devices
```bash
for ip in 192.168.1.{1..254}; do
ssh-copy-id -i ~/.ssh/network_scanner.pub root@$ip 2>/dev/null
done
```
### Update Configuration
```json
{
"ssh_user": "root",
"ssh_key_path": "/home/user/.ssh/network_scanner"
}
```
## 🔍 Features
### Network Discovery
- ✅ Auto-detect network segments from routing table
- ✅ Configurable additional networks
- ✅ VPN network detection
- ✅ Multi-threaded scanning
### Device Information
- ✅ IP address and hostname
- ✅ MAC address lookup
- ✅ OS detection (via SSH)
- ✅ Device type classification
- ✅ Open port scanning
- ✅ Service enumeration
### pfSense Integration
- ✅ Full routing table extraction
- ✅ WireGuard tunnel mapping
- ✅ OpenVPN status
- ✅ IPsec tunnels
- ✅ Firewall rules
- ✅ DHCP lease tracking
- ✅ ARP table
### Visualization
- ✅ SVG diagram generation
- ✅ Color-coded networks
- ✅ Device type icons
- ✅ Connection mapping
- ✅ Legend and labels
### Output & Integration
- ✅ JSON export
- ✅ Structured data format
- ✅ Easy integration with other tools
- ✅ jq-friendly output
## 🛠️ Requirements
- Python 3.8+
- Linux operating system
- Standard utilities: `ping`, `ip`, `ssh`
- SSH access to network devices (recommended)
- SSH key-based authentication (recommended)
## 📈 Performance
- **Small networks** (<50 devices): ~1-2 minutes
- **Medium networks** (50-200 devices): ~5-10 minutes
- **Large networks** (200+ devices): ~15-30 minutes
Times vary based on:
- Network latency
- SSH accessibility
- Number of ports scanned
- Concurrent worker threads
## 🐛 Troubleshooting
### No devices found
```bash
# Check network connectivity
ping <gateway-ip>
# Check routing table
ip route show
# Run with verbose mode
./network_scanner.py -v
```
### SSH failures
```bash
# Test SSH manually
ssh -i ~/.ssh/network_scanner root@<device-ip>
# Check key permissions
chmod 600 ~/.ssh/network_scanner
# Verify key is loaded
ssh-add -l
```
### Slow scanning
```bash
# Reduce timeout in config.json
{
"timeout": 1,
"scan_options": {
"ping_timeout": 1,
"port_scan_timeout": 1
}
}
# Scan specific networks only
{
"additional_networks": ["192.168.1.0/24"]
}
```
## 🎓 Advanced Usage
### Custom Device Types
Edit `network_scanner.py` to add custom device identification logic.
### Extended Port Scanning
Modify `_scan_common_ports()` to scan additional ports.
### Custom Visualization
Edit `svg_generator.py` to customize colors, icons, and layout.
### Integration with Other Tools
Use JSON output with tools like:
- `jq` - JSON processing
- `python` - Custom analysis
- `ansible` - Automation
- `grafana` - Monitoring
- `prometheus` - Metrics
## 📝 Next Steps
1. **Initial Setup**
```bash
./test_system.py
cp config.json.example config.json
# Edit config.json with your details
```
2. **First Scan**
```bash
./quickstart.sh
# Or: ./integrated_scanner.py --generate-svg -v
```
3. **Review Results**
```bash
# View JSON
cat network_scan.json | jq .
# View diagram
firefox network_diagram.svg
```
4. **Customize**
- Add your networks to config.json
- Mark special devices (pfSense, routers)
- Adjust timeouts and workers
- Set up SSH keys for all devices
5. **Automate**
- Schedule regular scans
- Compare with baselines
- Generate documentation
- Monitor for changes
## 💡 Tips
- **Always get authorization** before scanning networks
- **Use SSH keys** instead of passwords for automation
- **Start small** - test on a single network first
- **Increase verbosity** (`-v`) for troubleshooting
- **Use jq** for powerful JSON querying
- **Keep baselines** for change detection
- **Document special devices** in config.json
## 📞 Support
- See `README.md` for detailed documentation
- Check `EXAMPLES.sh` for usage scenarios
- Run `./quickstart.sh` for interactive help
- Run `./test_system.py` to verify setup
## ✅ Project Status
All components are complete and tested:
- ✅ Core network scanner
- ✅ pfSense integration
- ✅ SVG diagram generation
- ✅ Integrated scanner
- ✅ Configuration system
- ✅ Documentation
- ✅ Examples and quick start
- ✅ System tests
**Ready to use!** 🎉
---
Generated for comprehensive network topology discovery and visualization.

407
docs/README.md Normal file
View File

@@ -0,0 +1,407 @@
# Network Diagram Scanner
A comprehensive network topology discovery tool that scans local and VPN-connected networks, gathers detailed device information, extracts routing tables from pfSense and other routers, and generates SVG diagrams for network visualization.
## Features
- 🔍 **Network Discovery**: Automatically discovers all network segments from routing tables
- 🖥️ **Device Detection**: Identifies devices via ping sweep and port scanning
- 🔐 **SSH Access**: Gathers detailed information from SSH-accessible devices
- 🛡️ **pfSense Integration**: Specialized scanner for pfSense firewalls (routing, VPN, firewall rules, DHCP)
- 🌐 **VPN Support**: Scans networks connected via WireGuard, OpenVPN, and IPsec
- 📊 **SVG Diagram Generation**: Creates visual network topology diagrams
- 🔄 **Routing Analysis**: Extracts and analyzes routing tables from routers
- 📝 **JSON Export**: Structured data output for further processing
- 📄 **pfSense XML Parsing**: Automatically parses pfSense backup XML files for complete configuration analysis
- 🔗 **Automatic Integration**: Seamlessly integrates pfSense XML data into network scans
## Requirements
- Python 3.8 or higher
- Linux-based network (all scripts designed for Linux systems)
- SSH access to network devices (recommended)
- SSH key-based authentication (recommended for automation)
## Installation
1. Clone or download this repository:
```bash
cd /home/rwiegand/Nextcloud/entwicklung/Werkzeuge/netzwerk_diagramm_scanner
```
2. Make scripts executable:
```bash
chmod +x network_scanner.py pfsense_scanner.py svg_generator.py
```
3. (Optional) Install additional dependencies for enhanced features:
```bash
pip3 install -r requirements.txt
```
## Configuration
1. Copy the example configuration:
```bash
cp config.json.example config.json
```
2. Edit `config.json` with your network details:
```json
{
"ssh_user": "root",
"ssh_key_path": "/home/user/.ssh/id_rsa",
"timeout": 2,
"additional_networks": [
"192.168.1.0/24",
"10.0.0.0/24",
"10.8.0.0/24"
],
"special_devices": {
"192.168.1.1": {
"name": "pfSense Main Firewall",
"type": "firewall",
"os": "pfSense"
}
}
}
```
### Configuration Options
- **ssh_user**: SSH username for accessing devices (default: `root`)
- **ssh_key_path**: Path to SSH private key for authentication
- **timeout**: Connection timeout in seconds (default: 2)
- **additional_networks**: List of network CIDRs to scan (in addition to auto-discovered ones)
- **special_devices**: Dictionary of known devices with custom attributes
## Usage
### Basic Network Scan
Run a complete network scan:
```bash
./network_scanner.py
```
This will:
1. Auto-discover network segments from your routing table
2. Perform ping sweeps to find live hosts
3. Scan common ports on each device
4. Attempt SSH connections to gather detailed information
5. Save results to `network_scan.json`
### Custom Configuration
Use a custom config file and output location:
```bash
./network_scanner.py -c my_config.json -o my_scan_results.json
```
### Verbose Output
Enable detailed logging:
```bash
./network_scanner.py -v
```
### pfSense-Specific Scanning
Scan a pfSense firewall directly:
```bash
./pfsense_scanner.py 192.168.1.1 -u root -k ~/.ssh/id_rsa -o pfsense_info.json
```
This extracts:
- Network interfaces and IP addresses
- Complete routing table
- VPN configurations (WireGuard, OpenVPN, IPsec)
- Active firewall rules
- DHCP leases
- ARP table
- Gateway status
### Generate SVG Diagram
After scanning, generate a visual network diagram:
```bash
./svg_generator.py network_scan.json -o network_diagram.svg
```
Open the SVG in a web browser or image viewer:
```bash
firefox network_diagram.svg
# or
xdg-open network_diagram.svg
```
## Output Format
### JSON Structure
The scanner produces JSON with the following structure:
```json
{
"scan_timestamp": "2025-10-10T12:00:00",
"segments": [
{
"name": "192.168.1.0/24",
"cidr": "192.168.1.0/24",
"gateway": "192.168.1.1",
"is_vpn": false,
"devices": [
{
"ip": "192.168.1.1",
"hostname": "pfsense.local",
"mac": "00:11:22:33:44:55",
"device_type": "firewall",
"os_type": "FreeBSD",
"open_ports": [22, 80, 443],
"ssh_accessible": true,
"routes": [...],
"interfaces": [...]
}
]
}
]
}
```
## Workflow
### Complete Network Discovery Workflow
1. **Configure SSH Access**:
```bash
# Generate SSH key if needed
ssh-keygen -t ed25519 -f ~/.ssh/network_scanner
# Copy to devices
ssh-copy-id -i ~/.ssh/network_scanner root@192.168.1.1
```
2. **Create Configuration**:
```bash
cp config.json.example config.json
nano config.json # Edit with your settings
```
3. **Run Network Scan**:
```bash
./network_scanner.py -c config.json -o scan_results.json -v
```
4. **Scan pfSense Devices** (if not already captured):
```bash
./pfsense_scanner.py 192.168.1.1 -u root -k ~/.ssh/network_scanner -o pfsense.json
```
5. **Generate Diagram**:
```bash
./svg_generator.py scan_results.json -o network_topology.svg
```
6. **View Results**:
```bash
firefox network_topology.svg
```
### Complete Automated Workflow
For the ultimate network discovery experience, use the automated workflow script:
```bash
./complete_workflow.sh
```
This script will:
1. ✅ Verify system requirements
2. 🔍 Run integrated network scan (including pfSense XML if present)
3. 🎨 Generate SVG network diagram
4. 📋 Create network summary (if pfSense XML files exist)
5. 📊 Display statistics and next steps
**One-command network discovery!**
## SSH Access Setup
For automated scanning, SSH key-based authentication is recommended:
### Generate SSH Key
```bash
ssh-keygen -t ed25519 -f ~/.ssh/network_scanner -N ""
```
### Copy to All Devices
```bash
# For each device in your network
ssh-copy-id -i ~/.ssh/network_scanner.pub root@<device-ip>
```
### Update config.json
```json
{
"ssh_user": "root",
"ssh_key_path": "/home/username/.ssh/network_scanner"
}
```
## Device Types
The scanner identifies the following device types:
- **router**: Devices with extensive routing tables
- **firewall**: pfSense and other firewall devices
- **switch**: Network switches (if detectable)
- **server**: Linux servers with SSH access
- **linux_server**: Specifically identified Linux servers
- **windows_client**: Windows machines (RDP port open)
- **client**: Generic client devices
## Advanced Features
### Custom Device Identification
You can add custom device identification logic by modifying the `_identify_device_type()` method in `network_scanner.py`.
### WireGuard VPN Scanning
The scanner automatically detects WireGuard tunnels on pfSense and Linux systems by:
1. Checking for `wg` interfaces
2. Extracting peer information
3. Mapping allowed IPs to network segments
### Routing Table Analysis
Routing information is extracted from:
- Linux: `ip route show`
- pfSense: `netstat -rn`
- Other systems: Adaptable via SSH commands
## Troubleshooting
### No devices found
- Check network connectivity: `ping <gateway>`
- Verify ICMP is not blocked by firewalls
- Try with verbose mode: `-v`
### SSH connection failures
- Verify SSH key permissions: `chmod 600 ~/.ssh/network_scanner`
- Test manual SSH: `ssh -i ~/.ssh/network_scanner root@<ip>`
- Check SSH service is running on target devices
### Permission denied errors
- Scanner needs root/sudo for some operations (ICMP ping)
- Run with: `sudo ./network_scanner.py`
### Large networks taking too long
- Reduce scan scope by specifying specific networks in config
- Increase timeout values
- Use fewer worker threads
## Examples
### Scan only specific networks
Edit `config.json`:
```json
{
"additional_networks": [
"192.168.1.0/24",
"10.8.0.0/24"
]
}
```
### Quick scan without SSH
Set empty SSH key path to skip SSH attempts:
```json
{
"ssh_key_path": null
}
```
### Scan and immediately visualize
```bash
./network_scanner.py -o scan.json && ./svg_generator.py scan.json -o diagram.svg && xdg-open diagram.svg
```
## Security Considerations
- **SSH Keys**: Keep private keys secure with proper permissions (600)
- **Credentials**: Never commit `config.json` with real credentials to version control
- **Network Access**: This tool performs active scanning - ensure you have authorization
- **Firewall Rules**: May trigger IDS/IPS systems - coordinate with network admins
## Customization
### Adding New Device Types
Edit `network_scanner.py`:
```python
def _identify_device_type(self, device: Device) -> str:
# Add your custom logic
if device.hostname and 'myswitch' in device.hostname.lower():
return 'switch'
# ... existing logic
```
### Custom SVG Styling
Edit `svg_generator.py`:
```python
DEVICE_STYLES = {
'my_custom_type': {'color': '#FF00FF', 'icon': '🎯', 'shape': 'rect'},
# ... existing styles
}
```
## Future Enhancements
- [ ] SNMP support for switches and routers
- [ ] Automatic link detection via LLDP/CDP
- [ ] Interactive HTML diagram with zoom/pan
- [ ] Historical comparison (detect network changes)
- [ ] Integration with monitoring systems (Prometheus, Grafana)
- [ ] Multi-threaded pfSense scanning for large deployments
- [ ] Automatic VPN tunnel mapping
## Contributing
Feel free to submit issues, feature requests, or pull requests.
## License
This project is provided as-is for network documentation and analysis purposes.
## Author
Created for comprehensive network topology discovery and visualization.
---
**Note**: Always ensure you have proper authorization before scanning networks. This tool performs active network reconnaissance.
### pfSense XML Integration
The scanner can automatically parse pfSense backup XML files to extract comprehensive configuration data:
- **Network Interfaces**: All interface configurations, IP addresses, VLANs
- **Routing Tables**: Static routes, dynamic routing, gateway configurations
- **VPN Configurations**: WireGuard tunnels, OpenVPN servers/clients, IPsec
- **Firewall Rules**: NAT rules, port forwarding, access control lists
- **DHCP Services**: Server configurations, static mappings, lease pools
- **DNS Settings**: Resolvers, domain configurations
- **System Information**: Hostname, domain, version, services
**Automatic Integration**: Place pfSense XML backup files in the scanner directory, and they will be automatically parsed and integrated into network scans.
**Manual Parsing**: Use `pfsense_integrator.py` to work with XML files independently:
```bash
# Parse XML files and generate summary
./pfsense_integrator.py *.xml --summary network_summary.md
# Integrate with existing scan
./pfsense_integrator.py *.xml -s scan.json -o enhanced_scan.json
```

14
docs/network_report.md Normal file
View File

@@ -0,0 +1,14 @@
# Network Mapping Report
Generated on: Fr 10. Okt 11:14:30 CEST 2025
## Network Statistics
- Network Segments: 15
- pfSense Firewalls: 2
- WireGuard Networks: 3
- Static Routes: 3
- DHCP Static Mappings: 54
## Generated Files
- comprehensive_network.json - Complete network data
- comprehensive_network.svg - Network topology diagram
- network_report.md - This summary report

53
docs/network_summary.md Normal file
View File

@@ -0,0 +1,53 @@
# Network Topology Summary
Generated from pfSense XML configurations
## pfSense Firewall: gw-nue01
**Version:** unknown
**Domain:** egonetix.lan
### Network Interfaces
- **WAN** (wan): dhcp
- **LAN** (lan): 10.0.0.1
- **wireguardnachhause** (opt1): 10.69.69.1
- Gateway: WirusguardusGW
### Static Routes
- 172.20.0.0/16 via WirusguardusGW
*heyme*
### WireGuard VPN
- **Tunnel tun_wg0** (Port 51820)
*heyme*
- Peer: wireguardheyme - Networks: 172.20.0.0/16, 10.69.69.2/32
### DHCP Configuration
## pfSense Firewall: gw-st01
**Version:** unknown
**Domain:** egonetix.lan
### Network Interfaces
- **WAN** (wan): 192.168.178.3
- Gateway: WANGW
- **LAN** (lan): 172.20.20.1
- **wireguardnnbesch** (opt1): 10.69.69.2
- Gateway: wirenuenbesch
- **HomeAssistant** (opt2): 172.20.70.1
- **WireguardOpenvpn** (opt3): 10.5.0.2
- Gateway: WireguardOpenvpnGW
### Static Routes
- 10.0.0.0/24 via wirenuenbesch
*wireguardn&uuml;nbesch*
- 12.1.0.0/24 via wirenuenbesch
*openvpn nutzer*
### WireGuard VPN
- **Tunnel tun_wg0** (Port 51820)
*de1099.nordvpn.com*
- **Tunnel tun_wg1** (Port 51821)
*wireguardn&uuml;nbesch*
- Peer: de1099.nordvpn.com - Networks: 0.0.0.0/0
- Peer: wireguardn&uuml;nbesch - Networks: 10.0.0.0/24, 10.69.69.1/32, 12.1.0.0/24
### DHCP Configuration