This content originally appeared on DEV Community and was authored by Jessica Taylor
Building on basic network scanning, we can enhance our Python scripts to detect new devices, score vulnerabilities, and even visualize network health. This demonstrates real-world skills in cybersecurity automation and data-driven problem solving.
Step 1: Detecting New Devices
Tracking devices over time helps spot unexpected or rogue devices on your network. We can do this by maintaining a list of known hosts and comparing it with each new scan:
import nmap
import json
scanner = nmap.PortScanner()
scanner.scan('192.168.1.0/24', '22,80,443')
# Load known hosts from file
try:
with open('known_hosts.json') as f:
known_hosts = json.load(f)
except FileNotFoundError:
known_hosts = []
current_hosts = scanner.all_hosts()
new_hosts = [host for host in current_hosts if host not in known_hosts]
if new_hosts:
print("New devices detected:", new_hosts)
# Update known hosts file
with open('known_hosts.json', 'w') as f:
json.dump(current_hosts, f)
This simple system flags any new host that wasn’t previously on your network, a first line of defense against unauthorized access.
Step 2: Vulnerability Scoring
Not all open ports are equally dangerous. We can assign a risk score based on known vulnerabilities:
risk_scores = {'22': 9, '80': 5, '443': 3} # Example scoring
for host in scanner.all_hosts():
for port in scanner[host]['tcp'].keys():
state = scanner[host]['tcp'][port]['state']
score = risk_scores.get(str(port), 1) # Default low risk
print(f'Host: {host}, Port: {port}, State: {state}, Risk Score: {score}')
This approach gives you a quantitative view of network risks, helping prioritize remediation efforts.
Step 3: Visualization with Matplotlib
Visualizing the network can make patterns or anomalies easier to spot:
import matplotlib.pyplot as plt
hosts = scanner.all_hosts()
scores = []
for host in hosts:
total_score = sum(risk_scores.get(str(port), 1)
for port in scanner[host]['tcp'].keys())
scores.append(total_score)
plt.bar(hosts, scores, color='orange')
plt.xlabel('Host')
plt.ylabel('Vulnerability Score')
plt.title('Network Vulnerability Overview')
plt.show()
Now you can see which devices are most at risk at a glance. Visualization is especially useful for team presentations or reporting to management.
Step 4: Automatic Alerts
Combine new device detection and vulnerability scoring to send alerts if thresholds are exceeded:
import requests
webhook_url = 'https://hooks.slack.com/services/XXX/YYY/ZZZ'
for i, host in enumerate(hosts):
if scores[i] > 8 or host in new_hosts:
message = {'text': f'Alert: Host {host} flagged! Risk Score: {scores[i]}'}
requests.post(webhook_url, json=message)
This ensures your team receives immediate updates when significant events occur.
Step 5: Scaling the Solution
Once your script is working, you can:
Schedule scans to run daily or hourly using cron (Linux) or Task Scheduler (Windows).
Integrate with databases to store historical scan data for trend analysis.
Add API integrations to cross-reference CVEs for ports/services detected.
Use dashboards like Grafana or Plotly for interactive visualizations.
Takeaway
This advanced network monitoring project highlights:
Automated detection of new devices
Risk-based vulnerability scoring
Visualization of network health
Real-time alerting to Slack
By sharing these kinds of projects, you demonstrate both technical skill and practical problem-solving, which is exactly what employers and collaborators look for in cybersecurity and cloud security roles.
This content originally appeared on DEV Community and was authored by Jessica Taylor