A fast, flexible network security scanner built to automate SSL checks, IP discovery, and deep reconnaissance across large cloud and enterprise infrastructures. This tool helps uncover hidden services, bypass protective layers, and gather actionable intelligence for enhanced security analysis.
Created by Bitbash, built to showcase our approach to Scraping and Automation!
If you are looking for network-security-scanner you've just found your team — Let’s Chat. 👆👆
The Network Security Scanner Scraper identifies real IPs, scans entire IP ranges, evaluates SSL certificates, and analyzes endpoints to reveal otherwise undiscoverable infrastructure details. It solves the challenge of expanding attack surfaces across cloud networks by offering high-speed scanning and structured insights.
- Scan millions of IPs efficiently using Masscan or direct IP lists.
- Discover real server IPs behind Web Application Firewalls.
- Collect SSL metadata, endpoints, redirections, and response headers.
- Identify vulnerabilities, misconfigurations, and exposed services.
- Extend reconnaissance for cloud environments such as AWS and GCP.
| Feature | Description |
|---|---|
| Masscan-Based IP Scanning | Enables ultra-fast scanning of large IP ranges using configurable ports and rate limits. |
| SSL Certificate Analysis | Extracts certificate info, domains, validation details, and server behavior. |
| WAF Bypass Detection | Helps uncover origin IPs hidden behind WAF layers. |
| Subdomain & Endpoint Discovery | Reveals extended attack surface areas and potential weak points. |
| Proxy Support | Allows region-based scanning and improved anonymity. |
| Structured Export Formats | Outputs results in JSON, XML, CSV, Excel, or HTML. |
| Result Limiting | Users can define max result count for workload control. |
| Field Name | Field Description |
|---|---|
| title | Parsed page or service title associated with the scanned IP. |
| redirected_url | URL to which the request was redirected, if any. |
| request | Full request URL used during the scan. |
| port | Port scanned on the target IP. |
| ip | The discovered or scanned IP address. |
| domain | Domain or wildcard domain resolved from the server. |
| response_text | Body content returned from the scanned endpoint. |
| response_headers | Complete set of response headers extracted from the server. |
[
{
"title": "",
"redirected_url": "",
"request": "https://3.94.15.209:443",
"port": "443",
"ip": "3.94.15.209",
"domain": "*.execute-api.us-east-1.amazonaws.com",
"response_text": "{\"message\":\"Forbidden\"}",
"response_headers": {
"Date": "Mon, 07 Oct 2024 23:21:14 GMT",
"Content-Type": "application/json",
"Content-Length": "23",
"Connection": "keep-alive",
"x-amzn-RequestId": "c1f2ff47-007d-481e-9a76-02f2bd2c21bc",
"x-amzn-ErrorType": "ForbiddenException",
"x-amz-apigw-id": "fTX0oGxcoAMEawg="
}
}
]
Network Security Scanner /
├── src/
│ ├── main.py
│ ├── masscan/
│ │ ├── masscan_runner.py
│ │ └── parser.py
│ ├── ssl_analysis/
│ │ ├── ssl_checker.py
│ │ └── cert_utils.py
│ ├── network/
│ │ ├── request_handler.py
│ │ └── endpoint_discovery.py
│ ├── outputs/
│ │ ├── exporter_json.py
│ │ ├── exporter_csv.py
│ │ └── exporter_excel.py
│ └── config/
│ └── settings.example.json
├── data/
│ ├── cidr_input.sample.txt
│ └── example_output.json
├── requirements.txt
└── README.md
- Security researchers map hidden infrastructure to identify weaknesses in cloud networks.
- Bug bounty hunters expand their reconnaissance surface to locate real server IPs and exploitable services.
- Penetration testers uncover endpoints, misconfigurations, and unprotected assets for deeper testing.
- Blue teams analyze exposure levels and monitor potential vulnerabilities proactively.
- Network administrators validate SSL configurations, service behavior, and infrastructure hygiene.
Does the scanner support both IP ranges and individual IPs? Yes — users can choose to scan CIDR ranges with Masscan or provide IP lists directly to skip fast scanning.
Is proxy usage optional? Proxies can be configured for anonymity or region-limited testing, but they are not required for basic scans.
Can I limit how many results the scanner returns?
Yes — the max_results parameter allows fine control over how many findings are collected.
What ports can be scanned?
Any port can be specified. Defaults to 443, but ranges such as 80, 443, or 0–65535 are supported.
Primary Metric: Capable of scanning tens of thousands of IPs per minute using optimized Masscan configurations.
Reliability Metric: Consistently achieves over 98% response retrieval on stable networks, even under high throughput.
Efficiency Metric: Low compute overhead through asynchronous request handling and throttled packet emission.
Quality Metric: Produces highly complete datasets, including headers, SSL metadata, and origin IP insights with strong accuracy.
