The latest articles on DEV Community by Henning (@mutebefehl). https://dev.to/mutebefehl https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3898204%2Fa8c9198d-cf5e-46b3-9d50-f45cb17c737e.jpeg https://dev.to/mutebefehl en Henning Sun, 26 Apr 2026 15:38:47 +0000 https://dev.to/mutebefehl/netsight-free-network-tool-for-developers-and-sysadmins-l71 https://dev.to/mutebefehl/netsight-free-network-tool-for-developers-and-sysadmins-l71 <p>There are many IP lookup sites, but few offer exactly the features I’m looking for. They only show the location (usually very inaccurately) and nothing else.</p> <p>I built <strong>NetSight</strong> to be the opposite. One toolbox, twelve tools, no accounts, no ads, no tracking of what you look up. Runs on a single Cloudflare Worker.</p> <p>Try it: <strong><a href="https://netsight.mutebefehl.de" rel="noopener noreferrer">netsight.mutebefehl.de</a></strong></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdm6mc6eoxxo37rsshxyr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdm6mc6eoxxo37rsshxyr.png" alt="NetSight home" width="800" height="500"></a></p> <h2> What it does </h2> <p>Type any IP, hostname or URL into the search bar. The result aggregates eight intel sources in parallel:</p> <ul> <li>Geolocation (city, country, ASN, ISP)</li> <li>Reverse DNS and FCrDNS</li> <li>AbuseIPDB confidence and report count</li> <li>Scamalytics fraud score</li> <li>VirusTotal scanner verdicts</li> <li>URLhaus malware listings</li> <li>about 30 DNSBLs</li> <li>Shodan (open ports, known CVEs)</li> </ul> <p>Each result paints into its own card the moment it arrives, so the page is interactive in under a second even when one upstream is slow.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylrazcpomwcfzhxdsqbv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fylrazcpomwcfzhxdsqbv.png" alt="IP lookup for 8.8.8.8" width="800" height="500"></a></p> <h2> What makes it different </h2> <p><strong>1. Anycast-aware.</strong> Most IP tools tell you Quad9 (9.9.9.9) is in California. It is not. The operator is a Swiss foundation in Zurich; the geolocated country is just the nearest POP. NetSight shows the operator HQ separately and labels the row with an anycast chip. Same handling for Cloudflare 1.1.1.1, OpenDNS, AdGuard, Yandex.</p> <p><strong>2. Server-side rendered for every IP route.</strong> Type netsight.mutebefehl.de/8.8.8.8 and you get a full HTML report immediately, not a skeleton-loading page. SEO-clean: only IPs with real ownership get indexed, private and bogon IPs are auto-tagged noindex.</p> <p><strong>3. Our own honeypot data feeds the reputation signal.</strong> This is the part nobody talks about in the free-IP-tool space. We run a dedicated honeypot infrastructure (SSH, VNC, HTTP, Modbus, S7) that records unsolicited connection attempts. The resulting database of attacker IPs is one of the inputs to our reputation scoring. When you see a suspicious badge on an IP report, there is a non-zero chance that IP just spent a week brute-forcing our fake water-treatment plant.</p> <p>A curated subset is also published as a public blocklist on GitHub. Bring your own SIEM.</p> <h2> The full toolbox </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpqyqt06io87iz2fz0ar8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpqyqt06io87iz2fz0ar8.png" alt="All tools" width="800" height="500"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Tool</th> <th>What it does</th> </tr> </thead> <tbody> <tr> <td><strong>IP Lookup</strong></td> <td>Geolocation, ISP, ASN, abuse, ports, CVEs - all sources in one report</td> </tr> <tr> <td><strong>DNS Lookup</strong></td> <td>A, AAAA, MX, NS, TXT, SOA, CNAME, CAA, SRV plus propagation</td> </tr> <tr> <td><strong>WHOIS / RDAP</strong></td> <td>Registrar, dates, nameservers, status</td> </tr> <tr> <td><strong>Subdomain Finder</strong></td> <td>Certificate Transparency and AlienVault OTX</td> </tr> <tr> <td><strong>CVE Search</strong></td> <td>CVSS, EPSS exploit-likelihood, CISA KEV flagging</td> </tr> <tr> <td><strong>Safe Browser</strong></td> <td>URL preview with shortener / IP-logger / typosquat detection</td> </tr> <tr> <td><strong>Mail Check</strong></td> <td>MX, SPF, DKIM, DMARC, Null-MX detection</td> </tr> <tr> <td><strong>Common Ports</strong></td> <td>Quick reference</td> </tr> <tr> <td><strong>Password Strength</strong></td> <td>Entropy and crack-time, fully client-side</td> </tr> <tr> <td><strong>Speed Test</strong></td> <td>Throughput against globally distributed edges</td> </tr> <tr> <td><strong>API</strong></td> <td>Public REST API, free tier without signup</td> </tr> </tbody> </table></div> <p>Please feel free to email me directly at <a href="mailto:hey@mutebefehl.de">hey@mutebefehl.de</a> with any questions or feedback. </p> <p>Try it for free. I'd love to hear your feedback! </p> webdev networking sysadmin cybersecurity