Self-hosted network intelligence

See every device. Map every link. Secure it all.

ProtoScan autonomously discovers your network, draws a live topology, fingerprints every device, and surfaces vulnerabilities in real time — from a single lightweight server you control.

Download free Explore features

Runs on your hardware
No cloud, no agents
Single binary deploy

protoscan.local / overview

142 total0Active Devices

4 active0Subnets

stable0Active Alerts

3 critical0Vulnerabilities

Internet uptime0

DeviceIPTypeStatus

core-fw-0110.0.1.1FirewallUp

core-sw-0110.0.1.2SwitchUp

app-server-0110.0.20.10ServerUp

Scan complete10.0.1.0/24 · 9 hosts · 4.2s

New neighbor foundLLDP · core-sw-02

Speaks every protocol your network already uses

nmap/SNMP v1/v2c/v3/LLDP/CDP/STP / RSTP/ARP/ICMP/UniFi/Cisco Meraki/Palo Alto/RFC 1628 UPS/WHOIS/TLS/ nmap/SNMP v1/v2c/v3/LLDP/CDP/STP / RSTP/ARP/ICMP/UniFi/Cisco Meraki/Palo Alto/RFC 1628 UPS/WHOIS/TLS/

The problem

Most teams can't see their own network

Devices appear and vanish. Spreadsheets go stale the moment they're saved. Vulnerabilities sit unnoticed and outages are discovered by users, not dashboards.

Blind spots

Shadow devices, rogue access points and forgotten hardware never make it into inventory.

Stale records

Manual spreadsheets and diagrams drift out of date faster than anyone can maintain them.

Silent risk

Open ports, default credentials and unpatched services stay invisible until they're exploited.

Capabilities

One platform for discovery, mapping, and defense

Everything you need to understand and protect your infrastructure, working together in a single self-hosted app.

Live topology

Watch your network draw itself

ProtoScan correlates LLDP, CDP, ARP and spanning-tree data into an interactive map of every link. Pan, zoom, search, and click any node for full detail. Manual links and an STP overlay let you see exactly how traffic flows.

Neighbor discovery via LLDP & CDP
Spanning-tree (STP/RSTP) overlay
Wired, wireless and VM links

protoscan.local / topology

Wired STP root 9 / 142 nodes · 156 links

Device inventory

Every device, fully fingerprinted

SNMP polling and OS detection pull make, model, serial number, firmware and open ports for everything on the wire. OUI vendor lookup and hostname resolution mean no device is ever just an IP address again.

Make, model, serial & OS via SNMP
Open-port and service detection
Filter, search and export to CSV

protoscan.local / inventory

NameVendorModelOSStatus

core-fw-0110.0.1.1Palo AltoPA-440PAN-OS 11Up

core-sw-0110.0.1.2CiscoC9300IOS-XE 17Up

edge-ap-0310.0.1.6UbiquitiU6-ProUniFi OSUp

rack-ups-0110.0.1.9APCSMT1500AOS 7.1Up

app-server-0110.0.20.10DellR650Ubuntu 24Up

Vulnerability scanning

Find the holes before attackers do

Continuous, automatic rescans check every device against the National Vulnerability Database, audit risky configurations, and probe for default credentials and exposed services — each finding scored by severity so you fix what matters first.

CVE matching from the NVD feed
Config audit & default-credential checks
Auto-rescans on a schedule

protoscan.local / vulnerabilities

Extreme0

High0

Medium0

Low0

Web interface without authenticationiot-cam-12 · 80/tcp

LIVE

Cleartext Telnet exposedcore-sw-01 · 23/tcp

CONFIG

CVE-2023-20198 · IOS XE Web UIcore-sw-02 · 443/tcp

CVE

SMBv1 enabledapp-server-01 · 445/tcp

CONFIG

Smart alerting

Know the moment something breaks

Define exactly what matters — a device going down, latency creeping past a threshold, a UPS switching to battery, or an SSL certificate nearing expiry — and ProtoScan notifies you over email, Slack or Discord. Alerts auto-resolve when the condition clears.

Up/down, latency, UPS & website monitors
Email, Slack & Discord delivery
Automatic resolution & history

protoscan.local / alerts

Core firewall downBi-directional · core-fw-01

Enabled

UPS on battery powerUPS power status · all UPS

Enabled

WAN latency highNet perf · latency > 100ms

Enabled

Certificate expiringSSL monitor · api.example.com

Enabled

And a whole lot more

Built for the way networks actually work

Infrastructure management

Track domains, SSL certificates and license keys with automatic WHOIS and TLS expiry checks. Get warned weeks before anything lapses.

Expiringapi.example.comSSL · 28 days

OKexample.comDomain · 311 days

Web terminal

Open an SSH or Telnet session to any device right in the browser — no extra client.

Scheduled scans

Periodic, per-subnet discovery keeps inventory and topology continuously fresh.

Real-time monitoring & live logs

A continuous background loop pings devices and streams every discovery, scan and state change to a live, filterable event log.

Multi-vendor

First-class support for UniFi, Cisco Meraki and Palo Alto controllers.

Export anywhere

One-click CSV export and a clean JSON API for every device, port and finding.

Device detail & console

Drill into any device, then console straight in

Open a switch to see a live front-panel port map with real-time link status, speed and PoE. Need a closer look? Start an SSH or Telnet session in one click — right in your browser, no terminal app required.

protoscan.local / inventory / core-sw-01

core-sw-01 Switch 10.0.1.2 · Cisco Catalyst 2960

Switch Ports live via SNMP

core-sw-01Catalyst 2960-24TT-L

ActiveDownEmpty

Loading port data…

telnet 10.0.1.2 — core-sw-01 connecting…

Security & privacy

Your network data never leaves your network

ProtoScan is self-hosted by design. There is no cloud to trust, no telemetry, and no third party with a copy of your topology.

Fully self-hosted

Runs as a single process with an embedded database. Your data stays on your hardware.

Encrypted credential vault

SNMP and controller secrets are encrypted at rest with Fernet symmetric encryption.

Role-based access

Admin and viewer roles, bcrypt-hashed logins and forced password rotation on first run.

Hardened by default

Rate limiting, CSRF protection and SSRF-guarded outbound requests come built in.

How it works

From zero to a full map in three steps

Add a subnet

Point ProtoScan at a CIDR range. No agents to install on any device.

Scan & discover

It sweeps the range, fingerprints devices and stitches together the topology.

Monitor & alert

Sit back as ProtoScan watches for changes, risks and outages around the clock.

Free beta

Free while ProtoScan is in beta

ProtoScan is in active beta development, so the full product is free to download and self-host — every feature, no license key, no limits.

Beta · Free download

ProtoScan v3.28.0

Self-hosted on Linux with an embedded database. Deploys in minutes with the included installer — no account, no telemetry, no cloud.

Download free Read the docs

No cost during the beta period · runs entirely on your hardware

Everything included

Unlimited subnets & devices
Topology, inventory & monitoring
Vulnerability scanning & CVE feed
Smart alerting (Email/Slack/Discord)
Multi-vendor integrations & web console

FAQ

Questions, answered

Is ProtoScan really self-hosted?

Yes. ProtoScan runs as a single Flask process with an embedded SQLite database on your own Linux server. There is no cloud component, no external dependency for core functionality, and no telemetry.

Do I need to install agents on my devices?

No agents required. ProtoScan discovers devices over the network using nmap, SNMP, LLDP/CDP and ARP — the same protocols your equipment already speaks.

Which vendors and devices are supported?

Anything reachable over IP is discovered and fingerprinted. There is deeper, first-class support for UniFi, Cisco Meraki and Palo Alto, plus SNMP-based detail for switches, firewalls, servers, APs and RFC 1628 UPS units.

How are my credentials stored?

SNMP and controller secrets are encrypted at rest using Fernet symmetric encryption. Logins are bcrypt-hashed, and access is gated by role-based permissions.

What does it take to run?

A modest Linux host. The included installer sets up a systemd service, the right capabilities for raw-socket scanning, and everything else. Most networks are mapped within minutes of the first scan.

Take control of your network today

Discover every device, map every connection, and close every gap — all from infrastructure you own.

Download free See all features