NetHawk is a powerful network reconnaissance multi-tool built in Python that provides various capabilities for network analysis and monitoring in Windows. This tool combines multiple network investigation features into a single, user-friendly interface.
NetHawk/
├── README.md
├── banner.txt
├── main.py
├── network_recon.py
├── packet_sniffer.py
└── packet_log.txt (generated when logging is enabled)
- WiFi Network Scanning
- Network Device Discovery (ARP Scanning)
- Packet Sniffing and Analysis
- MAC Address Vendor Lookup
- Hostname Resolution
- MAC Address Discovery
- Packet Logging Capabilities
The following Python packages are required:
- colorama
- python-nmap
- scapy
- requests
- tabulate
- pyshark
- Clone the repository:
git clone https://github.com/yourusername/NetHawk.git
cd NetHawk- Install the required dependencies:
pip install colorama python-nmap scapy requests tabulate pysharkThe main entry point of the application that provides:
- Interactive command-line interface
- ASCII art banner display
- Menu-driven operation
- Function routing to appropriate modules
Key functions:
print_header(): Displays formatted section headersloading_animation(): Shows a loading animation during operationsrun_wifi_function(): Executes WiFi-related functionsrun_sniff_function(): Executes packet sniffing functions
Contains the WifiRecon class that handles network reconnaissance operations:
Key features:
- WiFi network scanning (Windows systems)
- Local network device discovery
- MAC address vendor lookup via API
- Hostname resolution using multiple methods
- ARP-based network scanning
Notable methods:
scan_wifi(): Scans and displays available WiFi networksscan_network(): Performs network device discoveryget_vendor(): Retrieves vendor information for MAC addressesget_hostname(): Resolves IP addresses to hostnamesget_mac_address(): Discovers MAC addresses for IP addresses
Implements the PacketSniffer class for network packet capture and analysis:
Key features:
- Real-time packet capture
- Configurable interface selection
- Packet filtering support
- Raw packet inspection
- Packet logging to file
Notable methods:
start_pkt_capture(): Initiates packet captureprocess_packet(): Handles captured packet analysislog_packet(): Records packet information to file
Run the main script:
python main.py-
Scan Nearby Wi-Fi (Option 1)
- Displays available WiFi networks
- Shows SSID, BSSID, signal strength, security type, frequency, and channel
-
ARP Scan Connected Clients (Option 2)
- Scans local network for active devices
- Displays IP address, hostname, MAC address, and vendor information
-
Sniff Network Packets (Option 3)
- Captures and displays network traffic
- Options:
- Raw packet display
- Custom packet filtering
- Packet logging to file
-
Get Vendor Name (Option 4)
- Looks up vendor information for a MAC address
- Uses online MAC address lookup API
-
Get Hostname (Option 5)
- Resolves IP addresses to hostnames
- Uses multiple resolution methods
-
Get MAC Address (Option 6)
- Discovers MAC address for an IP address
- Uses ARP requests for discovery
clear: Clears the screen and refreshes the bannerx: Exits the application
When enabled, packet logging creates a packet_log.txt file containing:
- Timestamp
- Source IP
- Destination IP
- Protocol information
- Packet length
- Some features require administrative/root privileges
- WiFi scanning functionality is Windows-specific
- Network interface names may vary by operating system
- MAC vendor lookup requires internet connectivity
The application includes comprehensive error handling for:
- Network connectivity issues
- Invalid input parameters
- Permission-related errors
- API timeout/connection failures
- Use responsibly and only on networks you own or have permission to analyze
- Be aware of local laws and regulations regarding network monitoring
- Handle captured data securely and responsibly
When contributing to this project:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
MIT License Copyright (c) 2025 KRNXMID