Introducing netmapper

At RedSide Security, we frequently needed a faster way to understand network environments during security assessments and investigations.

Most discovery tools provide a list of hosts, services, and open ports. What they often fail to show is how those systems relate to each other.

To solve that problem, we built netmapper and are now releasing it as an open-source project.

netmapper is a BloodHound-style network discovery and visualization platform that maps live devices and their relationships across a network.

Instead of focusing on Active Directory attack paths, netmapper focuses on network topology, helping defenders and security professionals understand how systems connect and interact.

Key Features

Network Discovery

netmapper automatically discovers:

  • Hosts
  • Open ports
  • Running services
  • Operating systems

across your network subnets.

Topology Mapping

The platform builds an interactive graph where:

  • Nodes represent devices
  • Edges represent network relationships

Relationships can include:

  • Layer 2 neighbors
  • Routed connections
  • Shared subnet membership

This allows teams to quickly understand network structure and identify critical infrastructure.

Real Topology Collection

netmapper can gather accurate topology information directly from network infrastructure using:

  • SNMP
  • LLDP

This enables visibility into real-world connections between:

  • Switches
  • Routers
  • Endpoints

rather than relying solely on network scans.

Interactive Visualization

Results are rendered into a fully self-contained interactive HTML report.

Users can click on any node to view:

  • IP address
  • MAC address
  • Device vendor
  • Operating system
  • Open services
  • Service banners

making investigation and analysis significantly easier.

Built for Real-World Use

netmapper was designed to be practical and easy to deploy.

Pure Python Discovery

A built-in ping-sweep engine allows scanning without:

  • Nmap
  • Root privileges
  • Additional dependencies

Smart Network Detection

The tool automatically identifies active network segments while excluding:

  • Docker interfaces
  • Virtual adapters
  • Other non-relevant network paths

Portable Output

Inspired by BloodHound and SharpHound workflows, netmapper generates timestamped output files that can be:

  • Saved
  • Shared
  • Re-rendered later
  • Archived for future investigations

Open Source

netmapper is released under the MIT License and is available free of charge for the security community.

The project is intended for:

  • Security assessments
  • Network visibility
  • Asset discovery
  • Incident response
  • Infrastructure mapping

Use only on systems and networks you own or are authorized to assess.

GitHub Repository

Link: https://github.com/RedSideSecurity/netmapper

Understanding a network starts with understanding how systems connect. netmapper helps turn network discovery data into a clear visual map that security teams can use for assessment, investigation, and defense.