{"id":15698398,"url":"https://github.com/jonfryd/tifoon","last_synced_at":"2025-10-24T16:54:58.415Z","repository":{"id":99757843,"uuid":"84850667","full_name":"jonfryd/tifoon","owner":"jonfryd","description":"Tifoon is an open network ports monitoring application with HTML email and PDF reporting capabilities","archived":false,"fork":false,"pushed_at":"2024-05-01T09:55:10.000Z","size":755,"stargazers_count":6,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-09T01:15:58.247Z","etag":null,"topics":["masscan","monitoring","network-monitoring","nmap","ports","portscanner","spring-boot","tcp-ip","thymeleaf"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonfryd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-13T16:40:39.000Z","updated_at":"2024-05-01T09:55:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"8c025ca5-546d-4265-adf8-7de1c9d15cf7","html_url":"https://github.com/jonfryd/tifoon","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/jonfryd/tifoon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonfryd%2Ftifoon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonfryd%2Ftifoon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonfryd%2Ftifoon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonfryd%2Ftifoon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonfryd","download_url":"https://codeload.github.com/jonfryd/tifoon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonfryd%2Ftifoon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279289951,"owners_count":26141131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-17T02:00:07.504Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["masscan","monitoring","network-monitoring","nmap","ports","portscanner","spring-boot","tcp-ip","thymeleaf"],"created_at":"2024-10-03T19:26:47.684Z","updated_at":"2025-10-17T05:28:52.500Z","avatar_url":"https://github.com/jonfryd.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Java 8](https://img.shields.io/badge/Java-8-blue.svg)](http://www.oracle.com/technetwork/java/javase)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Build Status](https://travis-ci.org/jonfryd/tifoon.svg?branch=master)](https://travis-ci.org/jonfryd/tifoon)\n\n# Tifoon: Open Network Ports Monitoring\n\nThis is an attempt to create an application in Java which can effectively monitor and audit open ports in\nnetworks of host machines/devices by comparing consecutive scans against a known \"good\" baseline.\n\nOpen services/ports is a significant security threat, which is why monitoring what ports are open and\nexposed makes it easier to manage this risk and stay alert if something change. This could potentially\nindicate that a host has been compromised by a trojan/worm, although there could be many benign reasons\nfor such an event, of course.\n\nCurrently Tifoon relies on the world class `nmap` port scanner from which it reads the output, as well\nas a diff algorithm using [JaVers](http://javers.org/) for determining changes to open ports reported\nin a concise, easy to read manner.\n\n# Features\n\n* Scan a configurable list of networks via nmap for open TCP, UDP and SCTP ports\n* Runs periodic scans using either a local nmap install or Docker (nmap image downloaded automatically)\n* Determine exact changes compared to a configurable baseline\n* Save scan results as YAML or JSON files\n* [HTML](http://htmlpreview.github.io/?https://github.com/jonfryd/tifoon/blob/master/samples/sample_report.html) and [PDF](samples/sample_report.pdf) report generation\n* Report e-mailing (HTML mails with optional PDF attachment)\n* Optionally pass additional custom arguments to port scanner (e.g. '--defeat-icmp-ratelimit --defeat-rst-ratelimit' for faster UDP and TCP SYN scanning)\n* **NEW**: Report when the input network configuration has changed (via a hash)\n* **NEW**: UDP and SCTP protocol scanning\n\n# Building\n\nJDK 8 and Maven 3 is required to build Tifoon from command line.\n\nClone the repository and execute Maven from the root directory:\n\n $ git clone https://github.com/jonfryd/tifoon\n $ cd tifoon/\n $ mvn clean install\n\nThis will build all required modules, installs them in the local Maven repository and create a ZIP\nfile in the `tifoon-app/target` subdirectory for distribution. If desired, copy the distro to\nanother directory elsewhere on your system and extract it there.\n\n# Usage\n\nEnsure you have some flavor of Java 8 Runtime Environment installed before proceeding. Oracle's JRE and\nOpenJDK have been tested on Windows, Linux and Mac OS X.\n\nAlso, either of the following is a prerequisite to perform any port scanning:\n\n1. A local install of nmap\n2. A working local Docker installation (Tifoon will pull and use an nmap container image automatically)\n\nFrom command line, Tifoon can be extracted from the ZIP archive and launched via three simple steps:\n\n $ unzip tifoon-app-1.0.2-dist.zip\n $ cd tifoon-app-1.0.2/\n $ ./run_tifoon.sh\n\nWith Tifoon's factory network configuration the local host (IP address 127.0.0.1) is completely TCP\nscanned every hour. For the second and later scans, the result is automatically checked (\"diffed\")\nagainst the initial scan for any changes compared to the baseline and the specific changes are reported.\n\nThis behaviour can, of course, be adjusted to include any number of networks and hosts as described in\nthe configuration section below.\n\nScans and diffs are saved to the `scans/` folder (gets created automatically when needed). YAML output\nis the current default, but JSON is supported, as well.\n\nA log file `tifoon.log` is maintained, as well, which contains all standard output produced by Tifoon\nfor auditing and debugging purposes. Sample output:\n\n 2017-03-21 17:13:03.800 INFO 35803 --- [Launcher.main()] com.elixlogic.tifoon.TifoonApp : Starting TifoonApp on imac.jonf with PID 35803 (/Users/jon/Source/tifoon/tifoon-app/target/classes started by jon in /Users/jon/Source/tifoon/tifoon-app)\n 2017-03-21 17:13:03.804 INFO 35803 --- [Launcher.main()] com.elixlogic.tifoon.TifoonApp : No active profile set, falling back to default profiles: default\n 2017-03-21 17:13:18.079 INFO 35803 --- [Launcher.main()] com.elixlogic.tifoon.TifoonApp : Started TifoonApp in 15.239 seconds (JVM running for 33.741)\n 2017-03-21 17:13:18.087 INFO 35803 --- [pool-4-thread-1] c.e.t.a.schedulers.PortScanScheduler : Scanning...\n 2017-03-21 17:13:18.102 INFO 35803 --- [pool-4-thread-1] c.e.t.d.s.s.impl.PortScannerServiceImpl : Performing port scan against: Jons network\n 2017-03-21 17:13:18.116 INFO 35803 --- [pool-4-thread-1] c.e.tifoon.plugin.ProcessExecutorPlugin : Executing process: [nmap -oX nmap_scan_result_855c46d7-4f92-4c2e-b07e-70edbed56bb1.xml -p 0-1023 127.0.0.1 192.168.84.34]\n 2017-03-21 17:13:28.495 INFO 35803 --- [pool-4-thread-1] e.t.d.s.s.i.PortScannerFileIOServiceImpl : Loading file: scans/port_scanner_report_20170321_155933.yml\n 2017-03-21 17:13:28.545 INFO 35803 --- [pool-4-thread-1] e.t.d.s.s.i.PortScannerFileIOServiceImpl : Port scan result loaded.\n 2017-03-21 17:13:28.660 WARN 35803 --- [pool-4-thread-1] c.e.t.a.schedulers.PortScanScheduler : One or more changes DETECTED!\n 2017-03-21 17:13:28.661 INFO 35803 --- [pool-4-thread-1] c.e.t.a.schedulers.PortScanScheduler : Saving report.\n 2017-03-21 17:13:28.684 INFO 35803 --- [pool-4-thread-1] e.t.d.s.s.i.PortScannerFileIOServiceImpl : Saving file: scans/port_scanner_report_20170321_171318.yml\n 2017-03-21 17:13:28.715 WARN 35803 --- [pool-4-thread-1] .t.d.s.s.i.PortScannerLoggingServiceImpl : Change #1 -\u003e Network ids with changes: [Jons network]\n 2017-03-21 17:13:28.719 WARN 35803 --- [pool-4-thread-1] .t.d.s.s.i.PortScannerLoggingServiceImpl : Change #2 -\u003e Hosts with open port changes: networkId=Jons network, hosts=[127.0.0.1]\n 2017-03-21 17:13:28.720 WARN 35803 --- [pool-4-thread-1] .t.d.s.s.i.PortScannerLoggingServiceImpl : Change #3 -\u003e Ports no longer open: networkId=Jons network, host=127.0.0.1, protocol=TCP, ports=[88 (kerberos)]\n 2017-03-21 17:13:28.721 INFO 35803 --- [pool-4-thread-1] e.t.d.s.s.i.PortScannerFileIOServiceImpl : Saving file: scans/port_scanner_report_20170321_155933_diff_20170321_171318.yml\n 2017-03-21 17:13:28.734 INFO 35803 --- [pool-4-thread-1] c.e.t.a.schedulers.PortScanScheduler : Scanning completed.\n\nTifoon runs forever until stopped (CTRL + C) or killed. It might be a good idea to launch Tifoon within\na Linux/UNIX `screen` so it runs in the background in a way that is detached from your terminal.\n\nTCP SYN stealth scanning is used by default when executing Tifoon with root privileges on Unix, Linux and \nMac OS X. Unprivileged execution results in TCP connect() scanning being used, which generates more \"noise\" \nin log files. Run Tifoon as root if this is an issue. Note that root is required anyway for UDP or SCTP\nscanning.\n\nIt is also possible to run the application directly with Maven's Exec plugin. From the root of the cloned\nGIT project:\n\n $ cd tifoon-app/\n $ mvn exec:java\n\n## Configuration\n\nThree configuration files are used to define the behaviour of Tifoon. All files are in YAML format and\nshould be easy to modify with any text editor. These files are loaded once and for all startup. Config changes\nwhile the application is running are not detected.\n\n### `config/application.yml`\n\nDefines the behaviour of the application. The config file includes a comment at the end of each\nproperty line which briefly explains the purpose of each option. The output format can be set to\neither YAML or JSON, nmap can be executed by either local process or Docker, and a number of\noptions controls how Tifoon deals with the baseline, like whether it is created on the initial scan\nor loaded from a previous scan file.\n\nThis is a Spring Boot application which means that Tifoon inherits a bunch of [customisation options](http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html).\nOne example is related to logging and you will see a few properties related to logging already exposed,\nnamely the name of the log file and log levels for various packages.\n\n### `config/network.yml`\n\nThis is list of networks and hosts to be monitored. Each network consists of an arbitrary number of host\naddresses (i.e. DNS host names or IP addresses), and the set of ports to be scanned for every host in this\nnetwork. Example:\n\n - networkId: LAN\n addresses:\n - rasputin.mylan\n - 192.168.0.2\n ports:\n - A:20-25\n - T:153\n - TCP:400-450\n - U:900-999\n - SCTP:20\n\nThis configuration defines TCP, UDP and SCTP ports 20 to 25, TCP port 153, TCP ports 400-450, UDP ports 900 to\n999 and SCTP port 20 being scanned on the target hosts \"rasputin.mylan\" and 192.168.0.2. The supported protocol\nprefixes are:\n\n- \"T\" and \"TCP\" (TCP)\n- \"U\" and \"UDP\" (UDP)\n- \"S\" and \"SCTP\" (SCTP)\n- \"A\" and \"ALL\" (implies all protocols will be scanned on the specified ports, i.e. TCP, UDP and SCTP)\n\nIf a host name (instead of an IP address) is provided for any host, the IP address is resolved on startup\nby DNS lookup on startup (resolution is final and not redone on consecutive scan).\n\nTarget hosts might exist on the same actual physical network, but Tifoon allows grouping hosts into several\nlogical networks if so desired.\n\nRanges of hosts in CIDR or IP interval notation can not be specified, yet.\n\n### `config/docker.yml`\n\nThis config file is only used when the docker command executor enabled. It specifies how commands\nfor scanner plugins (currently only `nmap` is supported) are mapped to Docker containers. A default\nmapping specifies a fallback container image to be used if no mapping is found in the `customImages`\nlist.\n\n# Design\n\nTifoon is based on an open source technologies, domain-driven design, a flexible core and designed with\nextendability in mind by programming against abstractions. Plugins for I/O, scanning and command\nexecution are created as Spring Boot \"uber jars\", loaded and registered on startup from files in the `plugins` \nsubdirectory via a special class loader. This approach is preferred over \"shaded jars\" in order to avoid \nmaking license infringements.\n\n## 3rd party libraries used\n\nTifoon stands on the shoulders of giants. The key libraries used are:\n\n* [Spring Boot](https://projects.spring.io/spring-boot/)\n* [Spring Plugin](https://github.com/spring-projects/spring-plugin)\n* [JaVers](http://javers.org/)\n* [Guava](https://github.com/google/guava)\n* [Lombok](https://projectlombok.org/)\n* [nmap4j](https://sourceforge.net/projects/nmap4j/)\n* [Thymeleaf](http://www.thymeleaf.org/)\n* [Flying Saucer](https://github.com/flyingsaucerproject/flyingsaucer)\n\nCheck the `pom.xml` files for an exhaustive list.\n\n# Acknowledgements\n\nThanks to the open source community for sharing their work with the world. More power to you guys!\n\nAlso, big props to JetBrains for making the wonderful IntelliJ IDEA Community available to\ndevelopers for free, making Java coding productive and a lot of fun.\n\n# TODO\n\nTifoon is production ready in terms of critical features, but I do have some additional ideas for how\nthis baby might grow in the future:\n\n* Support for specifying ranges of hosts\n* Define pre-defined sets of \"top ports\" for fast scanning of the most critical services\n* IPv6 support\n* Banner grabbing and OS detection\n* Optionally save scans and diffs to a database instead of as local files (JPA mapping is done already)\n* Add the option of defining sets of ports which can be easily referred to in scan targets\n* Alternative scanner plugins, e.g. Robert David Graham's [masscan](https://github.com/robertdavidgraham/masscan) looks like an excellent addition\n* REST web application\n* A proper frontend (AngularJS?)\n\n# How to contribute\n\nAll contributions are greatly appreciated; i.e. bug reports, feature suggestions, grammar corrections,\nwhatever.\n\nYou are welcome to tag along for the ride by creating pull-requests, but please keep these common sense \ncoding guidelines in mind:\n\n* Clean, maintainable and readable code, please\n* Embrace the beauty of simplicity in design\n* Think in terms of generic solutions\n* Try to apply well-known design principles and patterns where applicable\n* Write testable code and unit tests for critical functionality\n\nWe want to ensure robust software, which relies on reasonable defaults and behaves in ways that are \n\"unsurprising\" to the general audience.\n\n# Author\n\nThis application created by Jon Frydensbjerg - email: jonf@elixlogic.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonfryd%2Ftifoon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonfryd%2Ftifoon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonfryd%2Ftifoon/lists"}