sondare 1.0.1__tar.gz

sondare-1.0.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Ivan Shurygin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sondare-1.0.1/PKG-INFO

@@ -0,0 +1,206 @@
+Metadata-Version: 2.4
+Name: sondare
+Version: 1.0.1
+Summary: Probe and monitor local network hosts — ARP, ICMP, TCP, UDP, OS fingerprinting, and network graph.
+Author-email: Ivan Shurygin <shurygin1vs@gmail.com>
+License-Expression: MIT
+Project-URL: Repository, https://github.com/w1ldy0uth/sondare
+Keywords: network,scanner,arp,tcp,udp,icmp,fingerprinting,monitoring,scapy,cli
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: System Administrators
+Classifier: Intended Audience :: Information Technology
+Classifier: Operating System :: POSIX :: Linux
+Classifier: Operating System :: MacOS
+Classifier: Operating System :: Microsoft :: Windows
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Networking :: Monitoring
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: scapy>=2.4.5
+Requires-Dist: psutil>=5.9.5
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: build>=1.0; extra == "dev"
+Requires-Dist: twine>=5.0; extra == "dev"
+Dynamic: license-file
+
+# sondare
+
+> *From italian: <u>sonda</u> di <u>re</u>te - network probe*
+
+## About
+
+**sondare** is a Python CLI tool for auditing local networks, built on top of [Scapy](https://scapy.net/). It provides scanning and fingerprinting methods, each running with multithreaded packet dispatch for speed.
+
+- **ARP** — discovers all active hosts on the local subnet (cannot be blocked by firewalls)
+- **ICMP** — pings all hosts to check reachability
+- **TCP** — performs a SYN scan on a target host to find open ports
+- **UDP** — probes UDP ports; reports open (got a UDP reply) or open|filtered (no response) ports
+- **OS fingerprinting** — guesses the OS of a host by analysing TTL and TCP window size in a SYN-ACK response
+
+## Requirements
+
+- Python 3.10+
+- Root / administrator privileges (required for raw packet access)
+- npcap (Windows only)
+
+## Setup
+
+### Linux & macOS
+
+```bash
+./init.sh
+source sondare_venv/bin/activate
+```
+
+### Windows
+
+```bat
+init.bat
+call sondare_venv\Scripts\activate
+```
+
+`init.sh` / `init.bat` creates a virtual environment and runs `pip install -e .`, which installs all dependencies and registers the `sondare` command.
+
+## Usage
+
+```bash
+sudo sondare <command> [options]
+```
+
+### Commands
+
+| Command | Description |
+| --------- | ------------- |
+| `arp` | ARP scan of the local subnet |
+| `ping` | ICMP scan of the local subnet |
+| `tcp` | TCP SYN port scan of a target host |
+| `udp` | UDP port scan of a target host |
+| `os` | OS fingerprint of a target host |
+| `monitor arp` | Watch for ARP traffic; report new hosts and MAC changes |
+| `monitor hosts` | Live host reachability table with auto-discovery |
+| `monitor ports` | Periodically SYN-scan a target and report port state changes |
+| `monitor traffic` | Live packet capture with per-packet protocol breakdown |
+| `graph` | Generate an interactive HTML network graph of the local subnet |
+
+### Examples
+
+```bash
+# Discover all hosts via ARP
+sudo sondare arp
+
+# Discover live hosts via ICMP with 10s timeout
+sudo sondare ping -t 10
+
+# Scan ports 1–1024 on a target
+sudo sondare tcp --target 192.168.1.1:1-1024
+
+# Scan a single port
+sudo sondare tcp --target 192.168.1.1:80
+
+# UDP scan of common ports
+sudo sondare udp --target 192.168.1.1:1-1024
+
+# Fingerprint a host OS (auto-probes common ports)
+sudo sondare os --target 192.168.1.1
+
+# Fingerprint using a known-open port
+sudo sondare os --target 192.168.1.1 --port 80
+
+# Watch for new hosts and ARP spoofing attempts
+sudo sondare monitor arp
+
+# Monitor all hosts on the subnet (auto-discovers new/departed hosts)
+sudo sondare monitor hosts
+
+# Monitor specific hosts every 10s
+sudo sondare monitor hosts --hosts 192.168.1.1 192.168.1.50 -i 10
+
+# Watch for port state changes on a target
+sudo sondare monitor ports --target 192.168.1.1:1-1024
+
+# Live packet capture (all traffic)
+sudo sondare monitor traffic
+
+# Live capture filtered to DNS
+sudo sondare monitor traffic --filter "udp port 53"
+
+# Generate a network graph (saved as sondare_graph.html)
+sudo sondare graph
+
+# Graph with OS fingerprinting for each discovered host
+sudo sondare graph --fingerprint
+
+# Save to a custom path
+sudo sondare graph -o /tmp/my_network.html
+```
+
+### Options
+
+```bash
+arp:
+  -t, --timeout     Packet timeout in seconds (default: 5)
+  -v, --verbose     Verbose scapy output
+
+ping:
+  -t, --timeout     Packet timeout in seconds (default: 5)
+  -th, --threads    Number of threads (default: 100)
+  -v, --verbose     Verbose scapy output
+
+tcp:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -t, --timeout     Packet timeout in seconds (default: 3)
+  -th, --threads    Number of threads (default: 20)
+  -r, --retries     Retries per port on no response (default: 2)
+  -v, --verbose     Verbose scapy output
+
+udp:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -t, --timeout     Packet timeout in seconds (default: 3)
+  -th, --threads    Number of threads (default: 20)
+  -r, --retries     Retries per port on no response (default: 2)
+  -v, --verbose     Verbose scapy output
+
+os:
+  --target          Target IP address (required)
+  --port            Port to probe; omit to auto-try common ports in parallel
+  -t, --timeout     Timeout per probe in seconds (default: 3)
+  -v, --verbose     Verbose scapy output
+
+monitor arp:
+  -t, --timeout     Timeout for initial ARP seed scan (default: 5)
+  -v, --verbose     Verbose scapy output
+
+monitor hosts:
+  --hosts           Hosts to monitor; omit to auto-discover via ARP each round
+  -i, --interval    Seconds between ping rounds (default: 30)
+  -t, --timeout     Ping timeout in seconds (default: 2)
+  -th, --threads    Concurrent pings per round (default: 50)
+  -v, --verbose     Verbose scapy output
+
+monitor ports:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -i, --interval    Seconds between scans (default: 60)
+  -t, --timeout     Timeout per probe in seconds (default: 3)
+  -th, --threads    Concurrent probes per scan (default: 20)
+  -v, --verbose     Verbose scapy output
+
+monitor traffic:
+  --filter          BPF filter expression (e.g. 'tcp', 'udp port 53', 'host 192.168.1.1')
+  -v, --verbose     Verbose scapy output
+
+graph:
+  --fingerprint     OS-fingerprint each discovered host (TCP SYN, falls back to ICMP TTL)
+  -o, --output      Output file path (default: sondare_graph.html)
+  -t, --timeout     ARP scan timeout in seconds (default: 3)
+  -th, --threads    Concurrent fingerprint probes (default: 10)
+  -v, --verbose     Verbose scapy output
+```

sondare-1.0.1/README.md

@@ -0,0 +1,172 @@
+# sondare
+
+> *From italian: <u>sonda</u> di <u>re</u>te - network probe*
+
+## About
+
+**sondare** is a Python CLI tool for auditing local networks, built on top of [Scapy](https://scapy.net/). It provides scanning and fingerprinting methods, each running with multithreaded packet dispatch for speed.
+
+- **ARP** — discovers all active hosts on the local subnet (cannot be blocked by firewalls)
+- **ICMP** — pings all hosts to check reachability
+- **TCP** — performs a SYN scan on a target host to find open ports
+- **UDP** — probes UDP ports; reports open (got a UDP reply) or open|filtered (no response) ports
+- **OS fingerprinting** — guesses the OS of a host by analysing TTL and TCP window size in a SYN-ACK response
+
+## Requirements
+
+- Python 3.10+
+- Root / administrator privileges (required for raw packet access)
+- npcap (Windows only)
+
+## Setup
+
+### Linux & macOS
+
+```bash
+./init.sh
+source sondare_venv/bin/activate
+```
+
+### Windows
+
+```bat
+init.bat
+call sondare_venv\Scripts\activate
+```
+
+`init.sh` / `init.bat` creates a virtual environment and runs `pip install -e .`, which installs all dependencies and registers the `sondare` command.
+
+## Usage
+
+```bash
+sudo sondare <command> [options]
+```
+
+### Commands
+
+| Command | Description |
+| --------- | ------------- |
+| `arp` | ARP scan of the local subnet |
+| `ping` | ICMP scan of the local subnet |
+| `tcp` | TCP SYN port scan of a target host |
+| `udp` | UDP port scan of a target host |
+| `os` | OS fingerprint of a target host |
+| `monitor arp` | Watch for ARP traffic; report new hosts and MAC changes |
+| `monitor hosts` | Live host reachability table with auto-discovery |
+| `monitor ports` | Periodically SYN-scan a target and report port state changes |
+| `monitor traffic` | Live packet capture with per-packet protocol breakdown |
+| `graph` | Generate an interactive HTML network graph of the local subnet |
+
+### Examples
+
+```bash
+# Discover all hosts via ARP
+sudo sondare arp
+
+# Discover live hosts via ICMP with 10s timeout
+sudo sondare ping -t 10
+
+# Scan ports 1–1024 on a target
+sudo sondare tcp --target 192.168.1.1:1-1024
+
+# Scan a single port
+sudo sondare tcp --target 192.168.1.1:80
+
+# UDP scan of common ports
+sudo sondare udp --target 192.168.1.1:1-1024
+
+# Fingerprint a host OS (auto-probes common ports)
+sudo sondare os --target 192.168.1.1
+
+# Fingerprint using a known-open port
+sudo sondare os --target 192.168.1.1 --port 80
+
+# Watch for new hosts and ARP spoofing attempts
+sudo sondare monitor arp
+
+# Monitor all hosts on the subnet (auto-discovers new/departed hosts)
+sudo sondare monitor hosts
+
+# Monitor specific hosts every 10s
+sudo sondare monitor hosts --hosts 192.168.1.1 192.168.1.50 -i 10
+
+# Watch for port state changes on a target
+sudo sondare monitor ports --target 192.168.1.1:1-1024
+
+# Live packet capture (all traffic)
+sudo sondare monitor traffic
+
+# Live capture filtered to DNS
+sudo sondare monitor traffic --filter "udp port 53"
+
+# Generate a network graph (saved as sondare_graph.html)
+sudo sondare graph
+
+# Graph with OS fingerprinting for each discovered host
+sudo sondare graph --fingerprint
+
+# Save to a custom path
+sudo sondare graph -o /tmp/my_network.html
+```
+
+### Options
+
+```bash
+arp:
+  -t, --timeout     Packet timeout in seconds (default: 5)
+  -v, --verbose     Verbose scapy output
+
+ping:
+  -t, --timeout     Packet timeout in seconds (default: 5)
+  -th, --threads    Number of threads (default: 100)
+  -v, --verbose     Verbose scapy output
+
+tcp:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -t, --timeout     Packet timeout in seconds (default: 3)
+  -th, --threads    Number of threads (default: 20)
+  -r, --retries     Retries per port on no response (default: 2)
+  -v, --verbose     Verbose scapy output
+
+udp:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -t, --timeout     Packet timeout in seconds (default: 3)
+  -th, --threads    Number of threads (default: 20)
+  -r, --retries     Retries per port on no response (default: 2)
+  -v, --verbose     Verbose scapy output
+
+os:
+  --target          Target IP address (required)
+  --port            Port to probe; omit to auto-try common ports in parallel
+  -t, --timeout     Timeout per probe in seconds (default: 3)
+  -v, --verbose     Verbose scapy output
+
+monitor arp:
+  -t, --timeout     Timeout for initial ARP seed scan (default: 5)
+  -v, --verbose     Verbose scapy output
+
+monitor hosts:
+  --hosts           Hosts to monitor; omit to auto-discover via ARP each round
+  -i, --interval    Seconds between ping rounds (default: 30)
+  -t, --timeout     Ping timeout in seconds (default: 2)
+  -th, --threads    Concurrent pings per round (default: 50)
+  -v, --verbose     Verbose scapy output
+
+monitor ports:
+  --target          Target as ip, ip:port, or ip:start-end (default: local machine, ports 1-1000)
+  -i, --interval    Seconds between scans (default: 60)
+  -t, --timeout     Timeout per probe in seconds (default: 3)
+  -th, --threads    Concurrent probes per scan (default: 20)
+  -v, --verbose     Verbose scapy output
+
+monitor traffic:
+  --filter          BPF filter expression (e.g. 'tcp', 'udp port 53', 'host 192.168.1.1')
+  -v, --verbose     Verbose scapy output
+
+graph:
+  --fingerprint     OS-fingerprint each discovered host (TCP SYN, falls back to ICMP TTL)
+  -o, --output      Output file path (default: sondare_graph.html)
+  -t, --timeout     ARP scan timeout in seconds (default: 3)
+  -th, --threads    Concurrent fingerprint probes (default: 10)
+  -v, --verbose     Verbose scapy output
+```

sondare-1.0.1/pyproject.toml

@@ -0,0 +1,53 @@
+[build-system]
+requires = ["setuptools>=68"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "sondare"
+version = "1.0.1"
+description = "Probe and monitor local network hosts — ARP, ICMP, TCP, UDP, OS fingerprinting, and network graph."
+readme = "README.md"
+license = "MIT"
+license-files = ["LICENSE"]
+authors = [
+    {name = "Ivan Shurygin", email = "shurygin1vs@gmail.com"},
+]
+keywords = ["network", "scanner", "arp", "tcp", "udp", "icmp", "fingerprinting", "monitoring", "scapy", "cli"]
+requires-python = ">=3.10"
+dependencies = [
+    "scapy>=2.4.5",
+    "psutil>=5.9.5",
+]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: System Administrators",
+    "Intended Audience :: Information Technology",
+    "Operating System :: POSIX :: Linux",
+    "Operating System :: MacOS",
+    "Operating System :: Microsoft :: Windows",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: System :: Networking",
+    "Topic :: System :: Networking :: Monitoring",
+    "Topic :: Security",
+]
+
+[project.urls]
+Repository = "https://github.com/w1ldy0uth/sondare"
+
+[project.optional-dependencies]
+dev = ["pytest>=8.0", "build>=1.0", "twine>=5.0"]
+
+[project.scripts]
+sondare = "sondare.main:main"
+
+[tool.setuptools.packages.find]
+where = ["."]
+include = ["sondare*"]
+
+[tool.setuptools.package-data]
+sondare = ["py.typed"]

sondare-1.0.1/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

sondare-1.0.1/sondare/__init__.py

@@ -0,0 +1,10 @@
+"""sondare — local network scanner using ARP, ICMP, TCP, UDP probes and OS fingerprinting."""
+
+from sondare.models import Host, Port, Fingerprint
+from sondare.services.arp import Arp
+from sondare.services.icmp import Ping
+from sondare.services.tcp import Tcp
+from sondare.services.udp import Udp
+from sondare.services.fingerprint import OsFingerprinter
+
+__all__ = ["Arp", "Ping", "Tcp", "Udp", "OsFingerprinter", "Host", "Port", "Fingerprint"]

sondare-1.0.1/sondare/__main__.py

@@ -0,0 +1,3 @@
+from sondare.main import main
+
+main()