Skip to content

TLRKiliann/nmap-detector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
 
 
 
 
 
 
 
 

Repository files navigation

⚡ nmap-detector v1.0

Network scanning tool

Stars Made with Python License Last Commit

Detection of nmap intrusion attempts.

✨ Features

  • 🔍 Real-time detection - Captures SYN scans as they happen
  • 📊 Clear output - Human-readable alerts with timestamps
  • 🎯 Multi-interface - Works on loopback, Ethernet, or WiFi
  • 🛡️ Educational - Learn how Nmap stealth techniques work
  • 🐍 Pure Python - Built with Scapy, no proprietary dependencies

📦 Installation

# Clone the repository
git clone https://github.com/TLRKiliann/nmap-detector.git

# Go to the project folder
cd nmap-detector

# Create & activate virtual environment
python3 -m venv venv

source venv/bin/activate

# Update all versions
pip install -r requirements.txt

Run app

In Localhost

Terminal n°1

sudo nmap -sS -p 1-6000 -T3 127.0.0.1

Terminal n°2

sudo python3 nmap-detector.py

or if you get trouble with Linux:

sudo venv/bin/python nmap-detector.py

Choose the right sniff():

    ...
    try:
        # Linux
        
        sniff(iface="lo", prn=detector.packet_callback, store=0)  # loopback
        
        #sniff(iface="eth0", prn=detector.packet_callback, store=0)  # Ethernet
        #sniff(iface="wlan0", prn=detector.packet_callback, store=0) # WiFi
        # MacOS
        #sniff(iface="lo0", prn=detector.packet_callback, store=0) # loopback
        #sniff(iface="en0", prn=detector.packet_callback, store=0) # Ethernet
        #sniff(iface="en1", prn=detector.packet_callback, store=0) # Wifi
        # Windows
        #sniff(iface="Ethernet", prn=detector.package_callback, store=0) # Ethernet
    except Exception as e:
        print(f"Erreur: {e}")
        print("Essayez: sudo python3 script.py")
    ...

With Ethernet

⚠️ It's not possible to read detection with firewall !

Terminal n°1

sudo nmap -sS -p 1-6000 -T3 192.168.10.22

Terminal n°2

sudo python3 nmap-detector.py

or if you get trouble with Linux:

sudo venv/bin/python nmap-detector.py

Choose the right sniff():

    sniff(iface="eth0", prn=detector.packet_callback, store=0)  # Ethernet

🛡️ Understanding Nmap stealth levels

-T0 (Paranoid)      → More stealthy, but impractical on large targets
-T1 (Sneaky)        → Very stealthy, usable in real-world conditions
-T2 (Polite)        → Moderately stealthy
-T3 (Normal)        → Default behavior, detectable on sensitive networks
-T4 (Aggressive)    → Easily detectable
-T5 (Insane)        → Extremely detectable, packet loss possible
  • 👎 Don't use

nmap -sS -p- -T4 (or T5) <IP>

  • 👍 A more discreet option (but very slow)

nmap -sS -p- -T2 <IP> # Polite mode

nmap -sS -p- -T1 <IP> # Sneaky mode (more slowly)

  • ⏲️ Final deadline check

nmap -sS -p- --scan-delay 500ms --max-rtt-timeout 1500ms <IP>

  • 🧚 Use port 80 (HTTP) as the source port—less conspicuous

nmap -sS -p- --source-port 80 <IP>

  • ☑️ Maximum stealth: slow + shards + decoys + source port

nmap -sS -p- -T2 -f -D RND:10 --source-port 80 --scan-delay 1s <IP>

--scan-delay 1s

-D RND:10

One-second delay => too long (24–36 hours)

Nmap randomly generates 10 IP addresses

One of these 10 will be your real IP address

The other 9 are random IP addresses that may or may not exist (Nmap does not verify them)

Warning: These decoy IPs will also receive responses from the target (side effect)

  • ✅ Maximum discretion without generating invalid IP addresses

nmap -sS -p- -T1 -f --scan-delay 2s --data-length 200 <IP>

# Discretion + reasonable time (for a monitored network)
nmap -sS -p- -T2 --max-retries 1 --min-rate 10 <IP>
# --min-rate 10 = at least 10 packets per second (much faster but quiet)

🤝 Contributing

Found a bug? Have an idea? Open an issue or submit a PR.

⭐ Support

If this tool helped you understand network security better, star this repo to help others find it!

Made with 🐍 and ☕ by me

Enjoy 🐨 !

Packages

 
 
 

Contributors

Languages