A web-based GUI for Nmap network scanning with real-time results, CVE detection, and PDF report generation.
- Quick Scan: Fast host discovery using
nmap -sn - ARP Scan: MAC address and vendor detection via
arp-scan - Deep Scan: Service version detection with CVE vulnerability lookup via vulners script
- Real-time Updates: Live scan results via WebSocket
- Comprehensive Report Export: Generate professional scan reports with multiple formats:
- XML output with nmap -oA
- HTML reports using XSL stylesheet transformation
- PDF conversion from HTML reports
- Organized folder structure: CustomerName/YYYY-MM-DD/scan_HHMMSS_AddressRange/
- Historical Scan Viewer: Browse, view, and manage saved scans
- Filter by customer and date
- View HTML reports in browser
- Download PDF reports
- Delete old scans
- Customer Management: Automatic network fingerprinting and customer identification
- Network Key: Traceroute-based network fingerprint showing your path to the internet
- Network Info: Auto-detects local IP, subnet, CIDR, and public IP
- Python 3.8+
- Nmap installed and available in PATH
- arp-scan (optional, for MAC/vendor detection)
- xsltproc (for XML to HTML conversion)
- Playwright Chromium (preferred HTML-to-PDF rendering)
- wkhtmltopdf or weasyprint (fallback HTML-to-PDF rendering)
- Chrome/Chromium (for headless screenshot functionality)
-
Clone the repository:
git clone https://github.com/techmore/NmapUI.git cd NmapUI -
Build and launch the menu bar app:
./build.sh
build.shwill automatically runinstall.shif dependencies haven't been set up yet. After a successful build, look for the network icon in your macOS menu bar. The app serves NmapUI on a local loopback URL, defaulting tohttp://127.0.0.1:9000and falling back to the next available local port if needed. The wrapper target is selected automatically from your host architecture (arm64orx86_64). Override it explicitly withNMAPUI_SWIFT_TARGETif needed. The completedNmapUI.appis installed into/Applicationswhen writable, otherwise~/Applications, replacing any existing install. Override the destination explicitly withNMAPUI_APPLICATIONS_DIR.Prerequisites: Xcode Command Line Tools (
xcode-select --install) and Homebrew are needed byinstall.shto pull innmap,arp-scan, etc.
To run the Python server directly (after install.sh has been run):
./start.shOr manually:
source .venv/bin/activate
python -m playwright install chromium
python app.py- Root: stable entrypoints and runtime files such as
app.py,requirements.txt,install.sh, anddeploy.sh packaging/macos/: supported Swift wrapper source and wrapper-specific docspackaging/pyinstaller/: PyInstaller spec and packaging inputsdocs/guides/: user and maintainer guidesdocs/notes/: internal implementation notes and working analysisdocs/audits/: deeper audit writeups that are not part of the main setup flow
Runtime-only files such as auto_scan_config.json, generated scan outputs, local wrapper binaries, and ad hoc scratch directories should stay untracked.
Backfill legacy scan metadata into the SQLite runtime store without starting the web app:
./.venv/bin/python scripts/backfill_runtime_store.pyOptional overrides:
./.venv/bin/python scripts/backfill_runtime_store.py --db-path /tmp/runtime.sqlite3 --scans-dir /tmp/scansExport the runtime database from the Settings tab, or download it directly:
curl -OJ http://127.0.0.1:9000/api/runtime/exportMigrate an existing runtime database into the newly built menu bar app:
NMAPUI_MIGRATE_DB=1 ./build.shOptional migration source override:
NMAPUI_MIGRATE_DB=1 NMAPUI_MIGRATE_DB_FROM=/path/to/runtime.sqlite3 ./build.shIf migration is enabled and the source database does not exist, build.sh fails before replacing the installed app.
Start the server:
python app.pyConfigure runtime binding if needed:
NMAPUI_HOST=0.0.0.0 NMAPUI_PORT=9000 NMAPUI_DEBUG=false python app.pyThe app will:
- Check for nmap installation
- Check for arp-scan (optional - warns if missing)
- Verify vulners script is present (bundled in
nmap-vulners/) - Run traceroute to establish network key
- Start the web server
Open your browser to http://127.0.0.1:9000
Enable Settings → Report Exports → Save reports to Desktop to copy report artifacts (PDF, HTML, XML, Nmap outputs) into ~/Desktop/nmapui-reports, preserving the scan folder structure.
To skip startup dependency checks:
python app.py --quick
# or
python app.py -q- nmap -sn runs first for host discovery (warms ARP cache)
- arp-scan runs immediately after to capture fresh MAC/vendor data
- Deep scan runs on discovered hosts for service/CVE detection
Click the Generate Report button after completing a scan to create comprehensive documentation:
- XML Output: Raw nmap data in XML format (
scan.xml) - HTML Report: Styled web report using XSL transformation (
scan.html) - PDF Report: Portable document for sharing (
scan_report.pdf) - Metadata: Scan details and customer information (
metadata.json)
Reports are saved in an organized folder structure:
data/scans/
└── CustomerName/
└── YYYY-MM-DD/
└── scan_HHMMSS_AddressRange/
├── scan.xml
├── scan.nmap
├── scan.gnmap
├── scan.html
├── scan_report.pdf
└── metadata.json
Click Report History to:
- Browse all saved scans
- Filter by customer or date
- View HTML reports in your browser
- Download PDF reports
- Delete old scans
The report generation uses an enhanced nmap command:
sudo nmap -sS -T4 -A -sC --script vulners.nse -oA output <target>This provides:
- -sS: TCP SYN stealth scan
- -T4: Aggressive timing template
- -A: OS detection, version detection, script scanning, traceroute
- -sC: Default NSE scripts
- --script vulners.nse: CVE vulnerability detection
- -oA: Output in all formats (XML, nmap, gnmap)
- nmap-vulners: CVE vulnerability detection scripts (included in repo)
The interface uses an olive/oatmeal color palette with:
- Instrument Serif for headings
- Inter for body text
- Warm, professional tones designed for extended use
MIT