A Python/Flask local network scanner that maps active hosts, evaluates vulnerabilities with standard CVSS scoring, and generates publication-grade PDF audit reports.
- One-Click Network Audit: Multi-threaded TCP connect scanning across local subnets using sub-second socket timeouts.
- Service & Vulnerability Mapping: Probes standard entry points (FTP, SSH, Telnet, HTTP, SMB, HTTP-Alt) against an internal misconfiguration signature database.
- CVSS Risk Scoring: Quantifies threat severity into Critical (9.0+), High (7.0-8.9), Medium (4.0-6.9), and Low tiers.
- Asynchronous Web Dashboard: Single-page interface built with Tailwind CSS; features live UI spinners and visual severity badges.
- Executive PDF Audit Reports: Uses
ReportLabto compile multi-page security documents containing an executive metrics summary, a styled 5-column asset matrix, and targeted remediation deployment strategies.
NetShield/
├── app.py # Core Flask server, threaded scanner engine, and PDF compiler
├── requirements.txt # Production Python dependencies
├── .gitignore # Git exclusion rules (safeguards venv/ and generated .pdf logs)
└── templates/
└── index.html # Single-page Tailwind CSS frontend interface
# 1. Clone the repository
git clone [https://github.com/Yugandhar-112/NetShield-Vulnerability-Scanner.git](https://github.com/Yugandhar-112/NetShield-Vulnerability-Scanner.git)
cd NetShield-Vulnerability-Scanner
# 2. Create and activate a virtual environment
python -m venv venv
# On Windows PowerShell:
venv\Scripts\activate
# On Linux / macOS:
source venv/bin/activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. Launch the engine
python app.py
Access the interactive dashboard at: http://localhost:5000
| Port | Target Service | Flagged Vulnerability | CVSS Score | Severity | Remediation Action |
|---|---|---|---|---|---|
| 21 | FTP | Cleartext Credentials | 7.5 | High | Migrate to SFTP. |
| 22 | SSH | Secure Shell | 0.0 | Low | N/A (Standard Secure Management) |
| 23 | Telnet | Unencrypted Protocol | 9.8 | Critical | Disable Telnet completely; enforce SSH. |
| 80 | HTTP | Unencrypted Web Traffic | 5.3 | Medium | Enforce HTTP-to-HTTPS redirection. |
| 443 | HTTPS | Secure Web Traffic | 0.0 | Low | N/A (Valid SSL/TLS established) |
| 445 | SMB | Potential SMBv1 Exposure | 8.1 | High | Disable SMBv1; mandate SMBv3 signing. |
| 8080 | HTTP-Alt | Exposed Admin Portal | 4.8 | Medium | Restrict access via local firewall rules. |