██████╗██╗ ██╗██████╗ ███████╗██████╗ ███╗ ██╗███████╗████████╗
██╔════╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔══██╗████╗ ██║██╔════╝╚══██╔══╝
██║ ╚████╔╝ ██████╔╝█████╗ ██████╔╝██╔██╗ ██║█████╗ ██║
██║ ╚██╔╝ ██╔══██╗██╔══╝ ██╔══██╗██║╚██╗██║██╔══╝ ██║
╚██████╗ ██║ ██████╔╝███████╗██║ ██║██║ ╚████║███████╗ ██║
╚═════╝ ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═══╝╚══════╝ ╚═╝
█▀ █▀▀ █▄░█ ▀█▀ █ █▄░█ █▀▀ █░░
▄█ ██▄ █░▀█ ░█░ █ █░▀█ ██▄ █▄▄
Advanced Network Security Analyzer v2.1 Pro By Candalena
Professional Network Security Analysis & Monitoring Tool
🔥 Cybernet Sentinel By Candalena 🔥
Features • Installation • Usage • Docker • Documentation • License
CyberNet Sentinel is a network security analysis tool developed as a Final Project for Web Security Course. This tool is designed to assist security analysts, network administrators, and cybersecurity enthusiasts in performing:
- 🔍 Network reconnaissance and discovery
- 🚪 Port scanning and service enumeration
- 👂 Network traffic monitoring and analysis
⚠️ Attack detection and threat intelligence- 📊 Security vulnerability assessment
- 📝 Automated reporting and documentation
Device detection and network mapping with various methods:
- ARP Scanning - Active device detection using ARP protocol
- Ping Sweep - ICMP-based host discovery with multithreading
- Hostname Resolution - Automatic DNS reverse lookup
- MAC Vendor Detection - Device vendor identification from MAC address
- Network Mapping - Network topology visualization
Example Output:
[+] Host: 192.168.1.1 | MAC: 00:11:22:33:44:55 | Hostname: Router.local | Vendor: Cisco
[+] Host: 192.168.1.10 | MAC: AA:BB:CC:DD:EE:FF | Hostname: PC-Admin | Vendor: Intel
Advanced port scanning with multiple protocol support:
- TCP Full Connect Scan - Reliable connection-based scanning
- UDP Port Scanning - Open UDP service detection
- Banner Grabbing - Service banner extraction for identification
- Service Detection - Automatic service identification
- Multithreading Support - Fast scanning with 200+ concurrent threads
- Custom Port Range - Flexible port specification
Capabilities:
- Scan 1-65535 ports
- Adjustable timeout and threads
- Service version detection
- Common vulnerabilities identification
Real-time packet capture and analysis:
- Packet Capture - Capture network traffic in real-time
- Protocol Analysis - Deep packet inspection (TCP/UDP/ICMP/ARP)
- Traffic Statistics - Traffic statistical analysis
- Packet Filtering - BPF filter support
- Export Capability - Save captured packets to file
- Live Monitoring - Real-time traffic visualization
Protocol Support:
- TCP (with flag analysis)
- UDP
- ICMP
- ARP
- HTTP/HTTPS
Intelligent threat detection system:
- SYN Flood Detection - SYN flood attack detection
- Port Scan Detection - Port scanning activity identification
- DDoS Detection - Distributed denial of service detection
- ARP Spoofing Detection - Man-in-the-middle attack detection
- Brute Force Detection - Login attempt monitoring
- Anomaly Detection - Behavioral analysis
Severity Levels:
- 🔴 Critical - Immediate action required
- 🟠 High - Serious security threat
- 🟡 Medium - Potential security issue
- 🔵 Low - Informational
Basic security vulnerability scanning:
- Common Port Vulnerabilities - Known vulnerable services
- Weak Configuration Detection - Misconfiguration identification
- CVE Database Lookup - Known vulnerability matching
- Remediation Recommendations - Security hardening suggestions
- Risk Scoring - CVSS-based risk assessment
Multiple output formats:
- JSON Export - Machine-readable format
- TXT Report - Human-readable text format
- HTML Report - Visual web-based report
- CSV Export - Spreadsheet compatible
- PDF Report - Professional documentation
Minimum Requirements:
- Python 3.8 or higher
- 2GB RAM
- 100MB disk space
- Administrator/root privileges (for packet capture)
Operating Systems:
- ✅ Windows 10/11
- ✅ Ubuntu 20.04+
- ✅ Debian 11+
- ✅ macOS 11+
- ✅ Kali Linux
# Clone repository
git clone https://github.com/HudzaifahArrantisi/Cyber-Sentinel.git
cd cybernet-sentinel
# Install dependencies
pip install -r requirements.txt
# Install Npcap (Required for packet capture)
# Download from: https://npcap.com/#download
# Run as Administrator
python network_analyzer.py# Update system
sudo apt update
# Install dependencies
sudo apt install -y python3 python3-pip nmap tcpdump libpcap-dev
# Clone repository
git clone https://github.com/HudzaifahArrantisi/Cyber-Sentinel.git
cd cybernet-sentinel
# Install Python packages
pip3 install -r requirements.txt
# Run with sudo
sudo python3 network_analyzer.py# Install Homebrew if not installed
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install dependencies
brew install python3 nmap libpcap
# Clone repository
git clone https://github.com/HudzaifahArrantisi/Cyber-Sentinel.git
cd cybernet-sentinel
# Install Python packages
pip3 install -r requirements.txt
# Run with sudo
sudo python3 network_analyzer.py# Download and run installer
.\install_windows.ps1# Download and run installer
chmod +x install_linux.sh
sudo ./install_linux.sh# Build Docker image
docker build -t cybernet-sentinel .
# Run container
docker run -it --network host --privileged cybernet-sentinel
# Or with docker-compose
docker-compose up# Run the program
python network_analyzer.py
# Main menu will appear
# Select options according to your needs (1-9)Select the network interface to be used for scanning
Steps:
1. Select option 1 from main menu
2. Choose interface from the available list
3. Interface will be set for subsequent operations
Scan network to find active hosts
Steps:
1. Ensure interface is already selected
2. Select option 2
3. Wait for scanning process to complete
4. View list of discovered hosts
Methods used:
- ARP Scan (faster for local network)
- Ping Sweep (fallback method)
Scan ports on target host
Steps:
1. Select option 3
2. Choose target from list or input IP manually
3. Specify port range (default: 1-1024)
4. Set number of threads (default: 200)
5. Wait for scanning results
Tips:
- Port 1-1024: Common ports (fast)
- Port 1-10000: Extended scan (medium)
- Port 1-65535: Full port scan (slow)
Capture and analyze network traffic
Steps:
1. Select option 4
2. Specify number of packets to capture
3. Set BPF filter (optional)
4. Press Ctrl+C to stop
BPF Filter Examples:
- "tcp port 80" -> HTTP traffic only
- "udp" -> UDP packets only
- "host 192.168.1.1" -> Specific host
- "tcp and port 443" -> HTTPS traffic
Analyze traffic for attack detection
Steps:
1. Ensure traffic has been captured (option 4)
2. Select option 5
3. View threat analysis results
Available detections:
- SYN Flood
- Port Scanning
- DDoS Attack
- ARP Spoofing
Complete security audit automatically
Steps:
1. Select option 6
2. Program will automatically:
- Select interface
- Network discovery
- Port scanning (first 5 hosts)
- Traffic capture (200 packets)
- Attack detection
- Generate report
3. Option to save report to TXT file
Export results to file
Supported formats:
- TXT (readable text report)
- JSON (structured data)
Display analysis results summary in terminal
Dockerfile is provided for easy deployment.
# Build image
docker build -t cybernet-sentinel:latest .
# Run container
docker run -it --rm \
--network host \
--privileged \
--name sentinel \
cybernet-sentinel:latest# Run with compose
docker-compose up -d
# Access container
docker-compose exec sentinel bash
# Stop container
docker-compose down# Run with volume mount
docker run -it --rm \
--network host \
--privileged \
-v $(pwd)/reports:/app/reports \
cybernet-sentinel:latest
# Run with environment variables
docker run -it --rm \
--network host \
--privileged \
-e TARGET_NETWORK="192.168.1.0/24" \
-e SCAN_PORTS="1-10000" \
cybernet-sentinel:latest
# Run with custom command
docker run -it --rm \
--network host \
--privileged \
cybernet-sentinel:latest \
python network_analyzer.py --helpComplete documentation available in docs/ folder:
- User Guide - Complete user guide
- Developer Guide - Developer guide
- API Reference - API documentation
cybernet-sentinel/
├── network_analyzer.py # Main program
├── src/
│ ├── analyzer.py # Network analysis core
│ ├── detector.py # Attack detection engine
│ ├── reporter.py # Report generation
│ ├── scanner.py # Port scanning module
│ ├── sniffer.py # Packet capture module
│ └── utils.py # Helper functions
├── tests/
│ ├── test_scanner.py # Scanner unit tests
│ ├── test_sniffer.py # Sniffer unit tests
│ └── test_detector.py # Detector unit tests
├── examples/
│ ├── basic_scan.py # Basic usage example
│ ├── network_monitor.py # Monitoring example
│ └── vulnerability_scan.py # Vulnerability scan example
├── docs/ # Documentation
├── reports/ # Generated reports
├── config.yaml # Configuration file
├── requirements.txt # Python dependencies
├── Dockerfile # Docker configuration
└── docker-compose.yml # Docker Compose config
Edit config.yaml for custom configuration:
# config.yaml
network:
interface: "auto" # Interface name or "auto"
timeout: 5 # Timeout in seconds
threads: 200 # Number of threads for scanning
scanning:
default_port_range: "1-1024"
scan_timeout: 0.5
enable_udp_scan: true
enable_banner_grab: true
sniffing:
default_packet_count: 100
default_filter: "ip"
save_pcap: true
detection:
syn_flood_threshold: 50
port_scan_threshold: 10
ddos_threshold: 100
enable_alerts: true
reporting:
format: "json" # json, html, csv, txt
save_path: "./reports"
include_raw_data: false# Install missing modules
pip install -r requirements.txt
# For netifaces issue on Windows
pip install netifaces-plus# Linux/Mac
sudo python3 network_analyzer.py
# Windows
# Run PowerShell/CMD as Administrator
python network_analyzer.py# Windows: Install Npcap
https://npcap.com/#download
# Linux: Install libpcap
sudo apt install libpcap-dev
# Check permissions
sudo setcap cap_net_raw,cap_net_admin=eip $(which python3)# List available interfaces
# Windows
ipconfig
# Linux/Mac
ifconfig
ip addr show
# Select an active and connected interface# Run all tests
pytest
# Run specific test
pytest tests/test_scanner.py
# Run with coverage
pytest --cov=src tests/
# Generate HTML coverage report
pytest --cov=src --cov-report=html tests/# Test port scanner
python examples/basic_scan.py
# Test network monitor
python examples/network_monitor.py
# Test vulnerability scanner
python examples/vulnerability_scan.pyContributions are very welcome! Here's how to contribute:
- Fork this repository
- Create feature branch (
git checkout -b feature/AmazingFeature) - Commit changes (
git commit -m 'Add some AmazingFeature') - Push to branch (
git push origin feature/AmazingFeature) - Open Pull Request
# Clone repository
git clone https://github.com/HudzaifahArrantisi/Cyber-Sentinel.git
cd cybernet-sentinel
# Create virtual environment
python -m venv venv
source venv/bin/activate # Linux/Mac
venv\Scripts\activate # Windows
# Install dev dependencies
pip install -r requirements.txt
pip install pytest black flake8 mypy pylint
# Run linters
black .
flake8 src/
mypy src/
pylint src/IMPORTANT: Use this tool only for legal and ethical purposes!
-
✅ Legal Use: Security testing on own systems or with written permission
-
✅ Educational: Cybersecurity learning and research
-
✅ Authorized Testing: Penetration testing with proper authorization
-
❌ Illegal Use: Unauthorized access or scanning without permission
-
❌ Malicious Intent: Using for malicious or criminal purposes
-
❌ Privacy Violation: Violating others' privacy
User Responsibility: Users are fully responsible for the use of this tool. Developers are not responsible for misuse or damage caused.
This project is licensed under MIT License - see LICENSE file for complete details.
MIT License
Copyright (c) 2024-2026 Candalena
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Candalena
- 🎓 Semester 3 - Web Security Course
- 🏫 Final Project - Network Security Analysis Tool
- 📧 Email: hudzaifaharrantisi@gmail.com
- 🔗 GitHub: @HudzaifahArrantisi
Special thanks to:
- Scapy Project for packet manipulation library
- Python Community for amazing ecosystem
- Course instructor for guidance and support
- Open source contributors who inspired this project
Need help? Please:
- 📖 Read Documentation
- 🐛 Report bugs via Issues
- 💬 Discuss at Discussions
- 📧 Email to hudzaifaharrantisi@gmail.com
- Web-based dashboard
- Real-time alerting system
- Database integration (PostgreSQL)
- Advanced ML-based anomaly detection
- REST API support
- IPv6 support
- Wireless network analysis
- SSL/TLS vulnerability scanning
- SIEM tools integration
- Mobile app (Android/iOS)
- Distributed scanning capability
- Cloud integration (AWS/Azure/GCP)
- Advanced threat intelligence feeds
- Compliance reporting (PCI-DSS, HIPAA)
- Custom plugin system
Made with ❤️ by Candalena
Report Bug • Request Feature • Documentation
© 2024-2026 CyberNet Sentinel | MIT License