LANScan

PowerShell network discovery tool. Ping sweep, ARP/MAC collection, vendor lookup, NetBIOS hostname resolution, and port scanning — no install, no dropped files.

irm scan.kreider.io/lanscan | iex

Features

• Parallel ping sweep (runspace pool, configurable thread count)
• ARP table parsing for MAC address collection
• MAC vendor lookup via scan.kreider.io
• Hostname resolution: DNS PTR → nbtstat → WMI/CIM (cascading, stops at first hit)
• TCP port scanning with async socket connects
• CSV export: IP, MAC, vendor, hostname, workgroup, resolution method, open ports
• Auto-detects local subnets or accepts manual IP/CIDR input

Usage

Run directly in any PowerShell session:

irm scan.kreider.io/lanscan | iex

The script prompts for options at startup — port scan, hostname resolution, CSV output, and subnet — then runs without further input.

Options (prompted at runtime)

Prompt	Default	Notes
Port scan	No	Configurable range and timeout
NetBIOS/hostname lookup	No	DNS → nbtstat → WMI, throttled to 50 threads
Save CSV	No	Saves to working directory with timestamp
Manual subnet	No	Accepts IP + CIDR or dotted netmask

Configuration

Defaults are set at the top of lanscan.ps1:

Variable	Default	Description
$Timeout	200	ICMP and TCP timeout (ms)
$MaxThreads	200	Thread pool size for ping and port scan
$NetBIOSThreads	50	Thread pool size for hostname resolution
$DefaultPortRange	"1-1024"	Port range if not customized at runtime
$ShowClosed	$false	Also print closed ports

Requirements

• Windows PowerShell 5.1 or PowerShell 7+
• No external modules
• Outbound HTTP to scan.kreider.io for vendor lookup (degrades gracefully if unavailable)
• WMI accessible on targets for Stage 3 hostname resolution (optional, best-effort)

License

MIT