SunsetScan

Open-source local network security auditing

SunsetScan

Find unsupported devices, exposed services, weak configurations, and fixable security risks across your local network.

SunsetScan is published on GitHub as an MIT-licensed scanner for local, read-only network auditing.

View open-source project Install from GitHub
License
MIT scanner
Scans
Read-only
Runtime
Offline capable
Version
2.0.0

Built for home networks and small IT teams

Nmap depth without making people learn nmap syntax.

SunsetScan discovers active devices, fingerprints services and hardware, checks software and product lifecycle status, and produces a plain-English report that explains what was found and what to fix next.

The scanner is local, read-only, and designed for practical network hygiene: routers, switches, cameras, NAS devices, printers, access points, web interfaces, SSH, SMB, SNMP, FTP, TLS, DNS, UPnP, and mDNS.

What it checks

Security findings that map to real maintenance work.

Discovery

Know what is online

Fast host discovery, flexible target input, MAC vendor lookup, hostname resolution, service detection, and optional passive evidence from mDNS, SSDP, and DHCP.

Exposure

Find weak services

Checks for insecure protocols, anonymous FTP, SMBv1, missing web headers, exposed admin panels, UPnP exposure, and risky TLS or SSH configurations.

Intelligence

Connect versions to risk

Correlates detected service versions with CVE data, software EOL records, and hardware lifecycle data without calling external APIs during the scan.

Reporting

Explain the next step

Generates self-contained HTML and JSON reports with risk scores, severity groups, evidence, plain-English explanations, and prioritized recommendations.

End-of-life intelligence

A lifecycle database focused on the devices people actually keep running.

SunsetScan uses software EOL data from endoflife.date and a dedicated hardware lifecycle database for network gear, cameras, printers, NAS devices, security appliances, access points, service-provider equipment, and industrial/OT devices.

The hardware database now ships as smart EOL profiles, so a home install can stay small while office, enterprise, industrial, service-provider, and full profiles remain available for broader environments.

64,245 hardware lifecycle records
51,452 model summaries
122 represented vendors
37,560 records with security updates confirmed ended
8,338 records with security updates confirmed continuing
6 smart-pack profiles

Smart EOL profiles

Download only the device coverage you need.

Profiles are built from validated local artifacts and loaded during scans without external API calls.

Home 14,676 records, 5.07 MiB

Consumer routers, cameras, NAS, printers, access points, and smart-home gear.

Office 18,939 records, 6.39 MiB

Small offices, prosumer labs, managed SMB networks, and ordinary office equipment.

Enterprise 58,405 records, 19.77 MiB

Campus, datacenter, enterprise security, routing, switching, and mixed networks.

Industrial 20,247 records, 6.85 MiB

Industrial/OT sites plus the ordinary office network gear often found alongside them.

Service provider 62,937 records, 21.58 MiB

ISP, carrier, telco, optical, access-network, enterprise, office, and home coverage.

Full 64,245 records, 22.04 MiB

Every hardware lifecycle record in one local install for the broadest audits.

Cautious by design

Ambiguous vendor EOL or discontinued signals are treated as lifecycle review items unless the source confirms that support or security updates have stopped.

Offline during scans

Setup and update commands refresh SHA-256 validated local caches. Actual scans read local data, which keeps assessments predictable and usable without internet access.

Separate database license

The scanner code is MIT licensed. The hardware EOL database artifacts are distributed under CC BY-NC 4.0.

Quality-gated sources

Raw vendor directories without exact row-level lifecycle evidence stay out of the public database until they can be parsed and reviewed safely.

How it works

From discovery to a prioritized action list.

  1. 01

    Scan the local network

    Run a quick inventory, an IoT-focused pass, or a full assessment against a subnet or host list.

  2. 02

    Fuse device identity

    Combine MAC OUI, banners, HTTP fingerprints, TLS certificates, SSH, UPnP, SNMP, Wappalyzer, mDNS, JA3S, and port heuristics.

  3. 03

    Check CVE and EOL data

    Map detected versions and models against local CVE, software lifecycle, and hardware lifecycle caches.

  4. 04

    Produce the report

    Review severity, risk scores, evidence, and numbered remediation steps in a self-contained HTML file.

Reports people can act on

A scanner is only useful when the output is understandable.

SunsetScan reports group findings by severity and host, show per-device risk scores, and explain each item in direct language: what was found, why it matters, and what to do next.

  • Self-contained HTML report with no external dependencies.
  • JSON export for automation, archival, or follow-up tooling.
  • Scan history and diffing to identify new hosts, closed ports, and resolved findings.
Preview of a SunsetScan network assessment report with severity counts, EOL status, and prioritized findings
Product-style report preview based on SunsetScan 2.0.0 capabilities.

Install today

Install SunsetScan from the current GitHub repository.

The code is open source and available now. Linux is the best supported platform, and WSL2 is the recommended route for Windows users.

Recommended bootstrap 
curl -fsSL https://raw.githubusercontent.com/NoCoderRandom/sunsetscan/main/bootstrap.sh | bash
First assessment 
sudo ./sunsetscan --setup
sudo ./sunsetscan --full-assessment --target 192.168.1.0/24

Open source

Transparent scanner, practical defaults, monthly maintenance.

SunsetScan is developed in the public GitHub repository. The site links directly to the source, release history, issue tracker, and installation instructions so users can inspect the tool before running it.

Source code Releases Issues