Introducing netmapper
At RedSide Security, we frequently needed a faster way to understand network environments during security assessments and investigations.
Most discovery tools provide a list of hosts, services, and open ports. What they often fail to show is how those systems relate to each other.
To solve that problem, we built netmapper and are now releasing it as an open-source project.
netmapper is a BloodHound-style network discovery and visualization platform that maps live devices and their relationships across a network.
Instead of focusing on Active Directory attack paths, netmapper focuses on network topology, helping defenders and security professionals understand how systems connect and interact.
Key Features
Network Discovery
netmapper automatically discovers:
- Hosts
- Open ports
- Running services
- Operating systems
across your network subnets.
Topology Mapping
The platform builds an interactive graph where:
- Nodes represent devices
- Edges represent network relationships
Relationships can include:
- Layer 2 neighbors
- Routed connections
- Shared subnet membership
This allows teams to quickly understand network structure and identify critical infrastructure.
Real Topology Collection
netmapper can gather accurate topology information directly from network infrastructure using:
- SNMP
- LLDP
This enables visibility into real-world connections between:
- Switches
- Routers
- Endpoints
rather than relying solely on network scans.
Interactive Visualization
Results are rendered into a fully self-contained interactive HTML report.
Users can click on any node to view:
- IP address
- MAC address
- Device vendor
- Operating system
- Open services
- Service banners
making investigation and analysis significantly easier.
Built for Real-World Use
netmapper was designed to be practical and easy to deploy.
Pure Python Discovery
A built-in ping-sweep engine allows scanning without:
- Nmap
- Root privileges
- Additional dependencies
Smart Network Detection
The tool automatically identifies active network segments while excluding:
- Docker interfaces
- Virtual adapters
- Other non-relevant network paths
Portable Output
Inspired by BloodHound and SharpHound workflows, netmapper generates timestamped output files that can be:
- Saved
- Shared
- Re-rendered later
- Archived for future investigations
Open Source
netmapper is released under the MIT License and is available free of charge for the security community.
The project is intended for:
- Security assessments
- Network visibility
- Asset discovery
- Incident response
- Infrastructure mapping
Use only on systems and networks you own or are authorized to assess.
GitHub Repository
Link: https://github.com/RedSideSecurity/netmapper
Understanding a network starts with understanding how systems connect. netmapper helps turn network discovery data into a clear visual map that security teams can use for assessment, investigation, and defense.