Building on basic network scanning, we can enhance our Python scripts to detect new devices, score vulnerabilities, and even visualize network health. This demonstrates real-world skills in cybersecurity automation and data-driven problem solving.
Step 1: Detecting New Devices
Tracking devices over time helps spot unexpected or rogue devices on your network. We can do this by maintaining a list of known hosts and comparing it with each new scan:
import nmap
import json
scanner = nmap.PortScanner()
scanner.scan('192.168.1.0/24', '22,80,443')
# Load known hosts from file
try:
with open('known_hosts.json') as f:
known_hosts = json.load(f)
except FileNotFoundError:
known_hosts = []
current_hosts = scanner.all_hosts()
new_hosts = [host for host in current_hosts if host not in known_hosts]
if new_hosts:
print("New devices detected:", new_hosts)
# Update known hosts file
with open('known_hosts.json', 'w') as f:
json.dump(current_hosts, f)
This simple system flags any new host that wasn’t previously on your network, a first line of defense against unauthorized access.
Step 2: Vulnerability Scoring
Not all open ports are equally dangerous. We can assign a risk score based on known vulnerabilities:
risk_scores = {'22': 9, '80': 5, '443': 3} # Example scoring
for host in scanner.all_hosts():
for port in scanner[host]['tcp'].keys():
state = scanner[host]['tcp'][port]['state']
score = risk_scores.get(str(port), 1) # Default low risk
print(f'Host: {host}, Port: {port}, State: {state}, Risk Score: {score}')
This approach gives you a quantitative view of network risks, helping prioritize remediation efforts.
Step 3: Visualization with Matplotlib
Visualizing the network can make patterns or anomalies easier to spot:
import matplotlib.pyplot as plt
hosts = scanner.all_hosts()
scores = []
for host in hosts:
total_score = sum(risk_scores.get(str(port), 1)
for port in scanner[host]['tcp'].keys())
scores.append(total_score)
plt.bar(hosts, scores, color='orange')
plt.xlabel('Host')
plt.ylabel('Vulnerability Score')
plt.title('Network Vulnerability Overview')
plt.show()
Now you can see which devices are most at risk at a glance. Visualization is especially useful for team presentations or reporting to management.
Step 4: Automatic Alerts
Combine new device detection and vulnerability scoring to send alerts if thresholds are exceeded:
import requests
webhook_url = 'https://hooks.slack.com/services/XXX/YYY/ZZZ'
for i, host in enumerate(hosts):
if scores[i] > 8 or host in new_hosts:
message = {'text': f'Alert: Host {host} flagged! Risk Score: {scores[i]}'}
requests.post(webhook_url, json=message)
This ensures your team receives immediate updates when significant events occur.
Step 5: Scaling the Solution
Once your script is working, you can:
Schedule scans to run daily or hourly using cron (Linux) or Task Scheduler (Windows).
Integrate with databases to store historical scan data for trend analysis.
Add API integrations to cross-reference CVEs for ports/services detected.
Use dashboards like Grafana or Plotly for interactive visualizations.
Takeaway
This advanced network monitoring project highlights:
Automated detection of new devices
Risk-based vulnerability scoring
Visualization of network health
Real-time alerting to Slack
By sharing these kinds of projects, you demonstrate both technical skill and practical problem-solving, which is exactly what employers and collaborators look for in cybersecurity and cloud security roles.
Top comments (0)