MangScan is a lab-oriented port enumeration tool that wraps a two-phase nmap workflow, classifies discovered services, and generates technical reports in JSON and Markdown.
The project is organized as a Python package under src/mangscan, while main.py remains at the repository root as a compatibility entrypoint for local execution.
The repository is also prepared for packaging and release automation through pyproject.toml and GitHub Actions.
MangScan receives a single target from the command line, performs a full TCP port sweep to identify open ports, and then runs a second, more detailed collection only against those open ports. From the XML generated by nmap, the tool:
- extracts IP, hostname, host status, and exposed services
- identifies versions and basic output from default
nmapscripts - classifies each port into operational categories
- assigns a heuristic priority to findings
- generates simple host profile hypotheses
- exports a structured report for later review
- CLI input with a single required argument:
target - Phase 1 discovery using
-Pn -p- --open -T3 - Phase 2 service enumeration using
-Pn -sV -sC -T3only on open ports found in phase 1 - XML parsing from
nmapoutput into Python objects - Heuristic classification by category:
webremote_accessdatabasenetwork_sharingother
- Automatic artifact generation in
output/:- phase 1 XML
- phase 2 XML
- final
JSONreport - final
Markdownreport
MangScan/
main.py
README.md
requirements.txt
src/
mangscan/
__init__.py
__main__.py
cli.py
config.py
core/
models.py
orchestrator.py
services/
classifier.py
parser.py
reporter.py
scanner.py
utils/
filesystem.pymain.py- compatibility entrypoint for
python main.py <target> - injects
src/intosys.pathfor local execution
- compatibility entrypoint for
src/mangscan/cli.py- CLI parser and terminal output
src/mangscan/config.py- centralized
nmaparguments, output directory, and classification rules
- centralized
src/mangscan/core/models.py- core dataclasses for findings, artifacts, and final result
src/mangscan/core/orchestrator.py- end-to-end execution flow and artifact coordination
src/mangscan/services/scanner.pypython-nmapintegration and XML persistence
src/mangscan/services/parser.py- XML parsing into internal models
src/mangscan/services/classifier.py- heuristic categorization, prioritization, and host hypotheses
src/mangscan/services/reporter.py- JSON and Markdown report generation
src/mangscan/utils/filesystem.py- directory creation, timestamping, and port list serialization
To run MangScan you need:
- Python 3.10+ recommended
nmapinstalled on the system and available inPATH- permission to scan only authorized environments
Current Python dependency:
python-nmapIf the package is already published on PyPI, this is the simplest installation path.
pip install mangscanIf you prefer isolating the installation:
Windows PowerShell:
python -m venv .venv
.venv\Scripts\Activate.ps1
pip install mangscanLinux/macOS:
python3 -m venv .venv
source .venv/bin/activate
pip install mangscangit clone <REPOSITORY_URL>
cd MangScanWindows PowerShell:
python -m venv .venv
.venv\Scripts\Activate.ps1Linux/macOS:
python3 -m venv .venv
source .venv/bin/activatepip install -r requirements.txtMangScan depends on the actual nmap binary. Installing only python-nmap is not enough.
Verify that the command is available:
nmap --versionIf installed from PyPI:
mangscan 192.168.0.10If running from the repository:
python main.py 192.168.0.10Verbose runtime logs:
mangscan 192.168.0.10 --log-level DEBUGYou can also run the package directly if src/ is on PYTHONPATH:
python -m mangscan 192.168.0.10You can also use a hostname:
mangscan lab-host.localAt the end of execution, the CLI prints a short summary with:
- provided target
- identified IP
- open ports list
- total number of open ports
During execution, MangScan now also emits progress logs to the terminal and writes a per-run log file under output/logs/.
By default, output/ is created in the directory where you run the command. You can override this with the environment variable MANGSCAN_OUTPUT_DIR.
Example:
MANGSCAN_OUTPUT_DIR=/tmp/mangscan-output mangscan 192.168.0.10All artifacts are saved in output/, with names based on timestamp and target.
Examples of generated files:
output/
20260404_103000_192.168.0.10_phase1.xml
20260404_103000_192.168.0.10_phase2.xml
20260404_103000_192.168.0.10_report.json
20260404_103000_192.168.0.10_report.md
logs/
20260404_103000_192.168.0.10.logThe log file records the run lifecycle in more detail, including:
- scan start and end for each phase
- effective
nmaparguments - XML parsing milestones
- classification summary
- report generation paths
- exception stack traces on failure
- The user provides an authorized host or IP address.
- The orchestrator creates a timestamp-based
run_id. - The tool runs Phase 1 to discover open TCP ports.
- The Phase 1 XML is parsed to build the list of open ports.
- If no open ports are found, execution ends with a minimal report.
- If open ports exist, the tool runs Phase 2 only against those ports.
- The detailed result is classified and enriched with hypotheses.
- The final report is written to disk in two formats.
Service classification uses two strategies:
- Direct mapping based on known ports
- Inference based on the service name returned by
nmap
Currently mapped categories:
webremote_accessdatabasenetwork_sharingother
This classification is intentionally simple. It helps organize triage, but it does not replace manual technical analysis.
- only one target per execution
- no automated tests yet
- no advanced CLI arguments or external configuration files
- heuristic classification, not validated real-world risk
- no UDP scanning, subnet scanning, or controlled parallelism
- no detailed logging or retry policy
- full dependency on a locally installed
nmap
- add tests for parser, classifier, and reporter
- add CLI flags for scan intensity, ports, output, and formats
- support multiple targets and CIDR ranges
- create an external configuration layer via
.envoryaml - add structured logging
- add
HTMLandCSVexport - implement historical comparison between executions
MangScan is configured as a distributable Python package with a src/ layout and a console entrypoint named mangscan.
Local build commands:
python -m pip install --upgrade build
python -m buildGenerated artifacts will be written to:
dist/
mangscan-0.1.1.tar.gz
mangscan-0.1.1-py3-none-any.whlLocal editable install:
pip install -e .The repository includes a release workflow at .github/workflows/release.yml.
Release flow:
- Update
versioninpyproject.tomland__version__insrc/mangscan/__init__.py. - Commit the version bump.
- Create and push a tag matching the version, for example:
git tag v0.1.1
git push origin v0.1.1When a tag matching v* is pushed, GitHub Actions will:
- validate that the tag matches the package version
- build the source distribution and wheel
- create a GitHub Release with generated notes
- attach the built artifacts to the release
- publish the package to PyPI
Before the automated publishing works, configure the project on PyPI as a Trusted Publisher for this repository.
Recommended values for the PyPI Trusted Publisher form:
- owner:
0xs3n4 - repository:
MangScan - workflow filename:
release.yml
If the project does not exist yet on PyPI, create it there first or use PyPI's pending publisher flow.
MangScan should only be used:
- in your own labs
- against authorized assets
- in controlled research, defensive, or educational environments
Do not use this tool against third-party assets without explicit authorization. The user is fully responsible for how the tool is used and for any legal or ethical consequences resulting from that use.
- GPL-3.0