#!/bin/bash # Example usage scenarios for the network scanner echo "==========================================" echo "Network Scanner - Usage Examples" echo "==========================================" echo "" cat << 'EOF' # SCENARIO 1: Quick Network Overview # ----------------------------------- # Scan your local network and get a basic overview ./network_scanner.py -v -o quick_scan.json # SCENARIO 2: Complete Network Documentation # ------------------------------------------- # Full scan with pfSense integration and SVG generation ./integrated_scanner.py -c config.json -o full_network.json --generate-svg -v # View the diagram: firefox full_network.svg # SCENARIO 3: pfSense Deep Dive # ------------------------------ # Detailed scan of a specific pfSense firewall ./pfsense_scanner.py 192.168.1.1 -u root -k ~/.ssh/id_rsa -o pfsense_main.json # View the results: cat pfsense_main.json | jq '.vpn' # Show VPN info cat pfsense_main.json | jq '.routes' # Show routing table # SCENARIO 4: Multi-Network Scan with VPN # ---------------------------------------- # Create a config for multiple networks cat > my_network_config.json << 'CONFIG' { "ssh_user": "root", "ssh_key_path": "/home/user/.ssh/id_rsa", "timeout": 3, "additional_networks": [ "192.168.1.0/24", # Main network "192.168.2.0/24", # Guest network "10.8.0.0/24", # OpenVPN network "10.0.0.0/24" # WireGuard VPN ], "special_devices": { "192.168.1.1": { "name": "Main pfSense Firewall", "type": "firewall", "os": "pfSense" }, "192.168.2.1": { "name": "Guest Network Router", "type": "router" } } } CONFIG ./integrated_scanner.py -c my_network_config.json -o multi_network.json --generate-svg # SCENARIO 5: Scheduled Network Monitoring # ----------------------------------------- # Add to crontab for daily network documentation # Create wrapper script cat > /usr/local/bin/network-scan-daily.sh << 'SCRIPT' #!/bin/bash DATE=$(date +%Y%m%d) OUTPUT_DIR="/var/log/network-scans" mkdir -p "$OUTPUT_DIR" cd /path/to/network_scanner ./integrated_scanner.py \ -o "$OUTPUT_DIR/scan_$DATE.json" \ --generate-svg # Keep only last 30 days find "$OUTPUT_DIR" -name "scan_*.json" -mtime +30 -delete find "$OUTPUT_DIR" -name "scan_*.svg" -mtime +30 -delete SCRIPT chmod +x /usr/local/bin/network-scan-daily.sh # Add to crontab (run at 2 AM daily): # 0 2 * * * /usr/local/bin/network-scan-daily.sh # SCENARIO 6: Compare Network Changes # ------------------------------------ # Scan and compare with previous results # Initial scan ./integrated_scanner.py -o baseline.json # After changes ./integrated_scanner.py -o current.json # Compare device counts echo "Baseline devices:" cat baseline.json | jq '[.segments[].devices[].ip] | length' echo "Current devices:" cat current.json | jq '[.segments[].devices[].ip] | length' # Find new devices comm -13 \ <(cat baseline.json | jq -r '.segments[].devices[].ip' | sort) \ <(cat current.json | jq -r '.segments[].devices[].ip' | sort) \ | sed 's/^/NEW: /' # Find removed devices comm -23 \ <(cat baseline.json | jq -r '.segments[].devices[].ip' | sort) \ <(cat current.json | jq -r '.segments[].devices[].ip' | sort) \ | sed 's/^/REMOVED: /' # SCENARIO 7: Extract Specific Information # ----------------------------------------- # Use jq to extract specific data from scan results # List all SSH-accessible devices cat network_scan.json | jq -r '.segments[].devices[] | select(.ssh_accessible==true) | .ip' # List all routers/firewalls cat network_scan.json | jq -r '.segments[].devices[] | select(.device_type=="router" or .device_type=="firewall") | "\(.ip) - \(.hostname // "unknown")"' # List all devices with their OS cat network_scan.json | jq -r '.segments[].devices[] | "\(.ip)\t\(.os_type // "unknown")\t\(.hostname // "unknown")"' # Export to CSV echo "IP,Hostname,Type,OS" > devices.csv cat network_scan.json | jq -r '.segments[].devices[] | "\(.ip),\(.hostname // ""),\(.device_type // ""),\(.os_type // "")"' >> devices.csv # SCENARIO 8: Integration with Documentation # ------------------------------------------- # Generate markdown documentation from scan cat > generate_docs.py << 'PYTHON' #!/usr/bin/env python3 import json import sys with open(sys.argv[1]) as f: data = json.load(f) print("# Network Documentation") print(f"\nGenerated: {data.get('scan_timestamp', 'N/A')}") print("\n## Network Segments\n") for segment in data['segments']: print(f"### {segment['name']}") print(f"- CIDR: `{segment['cidr']}`") print(f"- Devices: {len(segment['devices'])}") if segment.get('is_vpn'): print("- Type: VPN Network") print("\n#### Devices\n") print("| IP | Hostname | Type | OS |") print("|---|---|---|---|") for device in segment['devices']: ip = device['ip'] hostname = device.get('hostname', '-') dtype = device.get('device_type', '-') os = device.get('os_type', '-') print(f"| {ip} | {hostname} | {dtype} | {os} |") print() PYTHON chmod +x generate_docs.py ./generate_docs.py network_scan.json > NETWORK_DOCS.md # SCENARIO 9: Security Audit # --------------------------- # Check for common security issues # Find devices with Telnet open cat network_scan.json | jq -r '.segments[].devices[] | select(.open_ports[]? == 23) | "⚠️ Telnet open on \(.ip) (\(.hostname // "unknown"))"' # Find devices without SSH access cat network_scan.json | jq -r '.segments[].devices[] | select(.device_type=="router" or .device_type=="firewall") | select(.ssh_accessible==false) | "⚠️ No SSH access to \(.ip) (\(.hostname // "unknown"))"' # List devices with many open ports cat network_scan.json | jq -r '.segments[].devices[] | select((.open_ports | length) > 5) | "ℹ️ \(.ip) has \(.open_ports | length) open ports"' # SCENARIO 10: WireGuard Topology Mapping # ---------------------------------------- # Extract WireGuard tunnel information from pfSense ./pfsense_scanner.py 192.168.1.1 -o pfsense.json # List all WireGuard peers cat pfsense.json | jq -r '.vpn.wireguard[] | "Peer: \(.peer // "N/A") -> \(.allowed_ips // "N/A")"' # Check tunnel status cat pfsense.json | jq -r '.vpn.wireguard[] | select(.latest_handshake) | "Active tunnel to \(.endpoint) (handshake: \(.latest_handshake)s ago)"' # SCENARIO 11: Network Capacity Planning # --------------------------------------- # Analyze network usage and plan capacity # Count devices per segment cat network_scan.json | jq -r '.segments[] | "\(.cidr): \(.devices | length) devices"' # Calculate subnet utilization cat network_scan.json | jq -r '.segments[] | if .cidr | contains("/24") then "\(.cidr): \(.devices | length)/254 = \((.devices | length) * 100 / 254 | floor)% utilized" else "\(.cidr): \(.devices | length) devices" end' # SCENARIO 12: Quick Health Check # -------------------------------- # Create a health check script cat > health_check.sh << 'HEALTH' #!/bin/bash SCAN_FILE="latest_scan.json" echo "Network Health Check" echo "====================" echo "" # Total devices TOTAL=$(cat $SCAN_FILE | jq '[.segments[].devices[]] | length') echo "Total devices: $TOTAL" # SSH accessible SSH_OK=$(cat $SCAN_FILE | jq '[.segments[].devices[] | select(.ssh_accessible==true)] | length') echo "SSH accessible: $SSH_OK" # By type echo "" echo "Device Types:" cat $SCAN_FILE | jq -r '.segments[].devices[].device_type' | sort | uniq -c | sort -rn # Segments echo "" echo "Network Segments:" cat $SCAN_FILE | jq -r '.segments[] | " \(.name): \(.devices | length) devices"' HEALTH chmod +x health_check.sh ./integrated_scanner.py -o latest_scan.json ./health_check.sh EOF echo "" echo "For more examples, see README.md"