🛰️ NetMap Ultimate
NetMap Ultimate is a network scanner tool (Network Scanner) A high-performance tool written in Ruby. Designed for speed and accuracy, NetMap maps your entire local network or Wi-Fi network in seconds using Asynchronous I/O technology.
✨ Key Features
📡 Ultimate Host Discovery
- Multi-Layer Detection: Combines ICMP Ping, ARP Cache Lookup (L2), and TCP Ping Fallback.
- ARP Precision: Instantly detect devices on the local network by directly reading the system's ARP table.
- Smart Pn Mode: Bypass Host Discovery with the
-Pnflag to scan targets that block all types of pings.
🏢 Identification & Fingerprinting
- OUI Vendor Mapping: Identify device brands (Apple, Cisco, VMware, etc.) based on MAC address prefixes.
- OS Prediction: Predicts operating systems (Linux/Unix, Windows, Cisco) using TTL (Time To Live) analysis.
- Service Grabbing: Automatic banner grabbing for SSH, MySQL, HTTP, and other popular services.
⚡ High Performance & Customization
- Async Concurrency Engine: Handles hundreds of scanning tasks in parallel without overloading memory.
- Flexible Timing: 6 speed templates from Paranoid to Insane to adapt to the sensitivity of the target network.
🚀 Installation
Prerequisites
- Ruby >= 3.0
- Linux (Recommended for best Layer 2 / ARP scanning features)
Installation Method
git clone https://github.com/IshikawaUta/netmap-scanner.git
cd netmap-scanner
bundle install
📖 Command Reference (CLI Options)
| Options | Description |
|---|---|
-p <range> |
Specify a port (e.g., 80,443 or 1-1024). |
-sn |
Ping scan only (finds only active hosts). |
-Pn |
Skip Host Discovery (assume host is active). |
-O |
Enable OS detection. |
-sU |
Enable UDP-based scanning. |
-T <0-5> |
Select a Timing Template (0: Slow, 5: Very Fast). |
-t <n> |
Manually set the number of concurrency threads. |
-j <file> |
Save results to JSON format. |
--html <file> |
Save results to a beautiful HTML report. |
-g <file> |
Save results to a grepable format (Nmap style). |
🕒 Timing Templates (-T)
| Template | Name | Concurrency | Timeout | Characteristics |
|---|---|---|---|---|
| 0 | Paranoid | 1 | 10.0s | Very slow, for bypassing IDS/Firewalls. |
| 1 | Sneaky | 5 | 5.0s | Slow and cautious. |
| 2 | Polite | 10 | 2.0s | Reduces the load on the network/target. |
| 3 | Normal | 50 | 1.0s | Balance between speed and accuracy (Default). |
| 4 | Aggressive | 200 | 0.8s | Very fast, suitable for stable networks. |
| 5 | Insane | 400 | 0.5s | Very aggressive, requires a lot of bandwidth. |
Scripting Engine (Custom Audit)
NetMap includes a lightweight Ruby scripting engine to extend its auditing capabilities. You can add your own audit scripts in the scripts/ folder.
Example Script (scripts/my_check.rb):
# Simple script to detect a specific banner
if banner.include?("Apache")
"Apache Web Server Detected"
elsif port == 8080
"Proxy Port Detected"
else
nil
end
Variables available in the script:
ip: Target IP address.port: Port number being scanned.banner: Received service banner.os: Operating System name (if-Ois enabled).type: Protocol type (TCPorUDP).
🔧 System Requirements & Troubleshooting
- Sudo Privileges: MAC address detection on local networks often requires
sudoaccess or elevated privileges to read the system's ARP table. - Host Discovery: If the target is behind a strict firewall, use
-Pnto force a port scan.
🤝 Contributions
Contributions are always welcome! Feel free to submit Pull Requests or report bugs via Issues on GitHub.
⚖️ License
This project is licensed under the MIT License. See the LICENSE file for more information.