Skip to content

CyberDevAI-X/net-asset-guard

BranchesTags

Repository files navigation

NetAssetGuard - Network Asset Inventory

NetAssetGuard is a lightweight, strictly scoped network asset monitoring suite. Built with Go and vanilla web technologies, it provides continuous reachability and discovery polling for predefined network assets.

Architecture & Design

The application follows a monolithic architecture focused on minimal dependencies and zero external runtime requirements.

  • Backend: Go 1.25+ with go-chi/chi for routing.
  • Storage: Embedded SQLite using modernc.org/sqlite (CGO-free driver).
  • Frontend: Vanilla HTML5, CSS3, and JavaScript utilizing Server-Sent Events (SSE) for real-time state updates.
  • Data Enrichment: Built-in IEEE MAC registry via //go:embed for offline MAC address vendor identification.

Core Capabilities

  • State Monitoring: Continuous background polling using ICMP, reverse DNS, and targeted TCP port checks.
  • Network Discovery: Active ARP, mDNS, and SNMP probing within specified CIDR ranges.
  • Strict Scoping: Monitors only explicitly declared assets to avoid wide-network scanning footprints.
  • DNS Validation: Validates resolved reverse-DNS against expected configuration.

Docker Deployment (DevSecOps Standard)

Deploying via Docker is the recommended approach for production environments, ensuring strict isolation and immutability.

The provided Dockerfile adheres to the following DevSecOps standards:

  1. Multi-Stage Build: Utilizes a builder stage to keep the final image minimal.
  2. Static Compilation: Compiled with CGO_ENABLED=0 for a fully static binary with no C dependencies.
  3. Rootless Execution: The final stage runs using an unprivileged appuser, preventing root access to the host system in the event of a container compromise.

Build the Image

docker build -t netassetguard:latest .

Run the Container

docker run -d \
  --name netassetguard \
  -p 8080:8080 \
  -v netassetguard_data:/app/data \
  --restart unless-stopped \
  netassetguard:latest

Local Compilation & Execution

If containerization is not available, the application can be compiled directly on the host OS.

Prerequisites

  • Go 1.25+

Build & Run

  1. Clone the repository and navigate to the directory.
  2. Download dependencies: 
    go mod download
  3. Compile the binary: 
    go build -o netassetguard main.go
  4. Execute the binary: 
    ./netassetguard

Configuration Variables

The application can be configured via environment variables:

  • PORT: HTTP listener port (default: 8080)
  • HOST: HTTP listener interface (default: 127.0.0.1, set to 0.0.0.0 for Docker)
  • DB_PATH: Absolute or relative path to the SQLite file (default: inventory.db)

Usage

Once the application is running (either via Docker or standard execution), access the web interface by navigating to:

http://localhost:8080

(Adjust the port if you modified the PORT environment variable).

Security Constraints

  • The application enforces rigid IP validation to block unspecified, multicast, and broadcast addresses.
  • Reverse DNS lookups are verified against expected state to mitigate basic spoofing attempts.

License

MIT License

About

Go-based network asset discovery engine with ARP, SNMP, and mDNS sweeping, offline MAC enrichment, and real-time SSE monitoring.

Topics

go cross-platform snmp arp cybersecurity concurrent-programming fingerprinting network-discovery devsecops

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors

Languages