Nmap was blind. L0p4Map sees.
Professional network monitoring & visualization tool built for security researchers.
L0paMap.mp4
L0p4Map is a professional-grade network monitoring tool that combines the power of nmap with a clean, modern dark UI. Designed for security researchers and network administrators who need fast, detailed visibility into their infrastructure.
No bloat. No BS. Just raw network intelligence.
- ARP Network Scan — fast host discovery with local IEEE OUI database lookup
- Hostname Resolution — multi-method detection via reverse DNS, NetBIOS (Windows) and mDNS/Avahi (Linux, Mac, IoT)
- Device Fingerprinting — TTL-based OS hint (Linux/macOS, Windows, network device), TCP port probing on topology-relevant ports, raw SNMP
sysDescrquery (no external libs) - Role Detection — automatic classification of each host: gateway, router, access point, switch, PC, Apple, mobile, Raspberry Pi, virtual machine, unknown — combining vendor, hostname, TTL, open ports and SNMP response
- Real Network Topology Graph — hierarchical vis.js graph that reflects the actual network structure: gateway at the top, intermediate devices (routers/APs/switches) on a second tier, clients grouped below their parent. Toggleable between Hierarchical and Force Atlas layouts
- Subnet Bounding Boxes — each detected subnet is drawn as a dashed overlay directly on the graph canvas, labeled with its CIDR
- Typed Edges — three visually distinct link types: uplink (gateway → internet), backbone (intermediate → gateway), client link (device → parent)
- Topology Panel — live overlay showing subnet, gateway IP, total devices and intermediate count
- Full nmap Integration — SYN scan, UDP, OS detection, service version, NSE scripts
- Banner Grabbing — HTTP, SMB, FTP, SSH, SSL enumeration
- Vulnerability Detection — CVE lookup via vulners, vuln and malware scripts
- Attack Surface — exposed services, open ports and CVE overview per host with CVSS scoring and direct NVD link; results exportable as CSV
- Traffic Analyzer — real-time packet capture with per-device stats, protocol coloring, filter bar, double-click to port scan; exportable as CSV
- Traceroute — ICMP-based with real-time output
- Interface Selection — choose which network interface to scan on
- Live Monitoring — auto-refresh the network graph at configurable intervals (30s / 60s / 120s)
- Scan Export — save full nmap output to
.txt - Graph Export — export the network topology as CSV or PNG
- Custom Node Labels — assign custom names to any device directly on the graph (double-click)
- Dark Professional UI — built with PyQt6
- Linux (Debian or Arch)
- Python 3.11+
- nmap installed (
sudo pacman -S nmaporsudo apt install nmap) - Root privileges (required for ARP scanning and packet capture)
git clone https://github.com/HaxL0p4/L0p4Map.git
cd L0p4Map
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
sudo chmod +x L0p4Map.shLaunch the tool with root privileges:
sudo ./L0p4Map.sh- Select the network interface from the toolbar dropdown
- Press [ SCAN ] to discover all devices — each host is fingerprinted via TTL, port probing and SNMP
- Click a device to see details and run quick actions (ping, traceroute, port scan)
- Switch to Graph to explore the real network topology — hover nodes for full device info, double-click to assign a custom label
- Toggle between [ HIERARCHICAL ] and [ FORCE ATLAS ] layout from the graph view
- Use Attack Surface to run a deep nmap + vulners scan on any host and review CVEs
- Use Traffic Analyzer to capture live packets, filter by device or protocol, and export to CSV
- Enable [ LIVE ] in the graph view to keep the topology updated automatically
This tool is designed for authorized network auditing only. Only use L0p4Map on networks you own or have explicit permission to test. Unauthorized scanning is illegal.
HaxL0p4 — GitHub
🚧 Under active development — star the repo to follow updates