Browser-based network scanner & local-IP detection
webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate timeouts (TCP RST packets returned) from fetch() calls or hidden img tags pointed to valid subnets/IPs. Works on mobile and desktop across all major browsers and OS's. Beta version is extensible to allow the addition of multiple techniques.
webscan takes advantage of the fact that non-responsive img tag sockets can be closed to prevent browser & network-based rate limiting by altering the src attribute to a non-socket URI (removing from DOM ironically does not close the socket), or by using fetch()'s signal support of the AbortController() interface.
try webscan live here
beta version here
by @SamyKamkar
released 2020/11/07
more fun projects at samy.pl
webscan works like so
// wait for scan to finish
let scanResults = await webScanAll()
// or get callbacks when ips are found with a promise
let ipsToScan = undefined // scans all pre-defined networks if null
let scanPromise = webScanAll(
ipsToScan, // array. if undefined, scan major subnet gateways, then scan live subnets. supports wildcards
{
rtc: true, // use webrtc to detect local ips
logger: l => console.log(l), // logger callback
noRedirect: false, // if true, doesn't redirect from http to http - Chrome doesn't scan detect network IPs proprly on https atm
localCallback: function(ip) { console.log(`local ip callback: ${ip}`) },
subnetCallback: function(ip) { console.log(`router ip callback: ${ip}`) },
networkCallback: function(ip) { console.log(`network ip callback: ${ip}`) },
}
)
returns
scanResults = {
"local": ["192.168.0.109"], // local ip address
"network": { // other hosts on the network and how fast they respond
"192.168.0.1": 97,
"192.168.0.2": 82,
"192.168.0.100": 46,
"192.168.0.109": 0,
"192.168.0.117": 74,
"192.168.0.113": 17,
"192.168.0.112": 21,
"192.168.0.114": 25,
"192.168.0.116": 25,
"192.168.0.115": 25,
"192.168.0.105": 57,
"192.168.0.107": 63,
"192.168.0.103": 64,
"192.168.0.108": 31
}
}
Todo
Tested on