Skip to content

feature: unprivileged scan#11

Merged
marksie1988 merged 2 commits intoperiphery-security:mainfrom
NullRabbitLabs:feature/unprivileged-scan
Mar 9, 2026
Merged

feature: unprivileged scan#11
marksie1988 merged 2 commits intoperiphery-security:mainfrom
NullRabbitLabs:feature/unprivileged-scan

Conversation

@simonmorley
Copy link
Copy Markdown

@simonmorley simonmorley commented Mar 6, 2026

Just went a bit mad here, testing in a co-working space and I don't have sudo. Which was baked in.

Right now the scan doesn't seem to run, which is why I added --verbose back in.

That said, I think the WiFi has client isolation enabled.... Should be tested before merging.

Toodles

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe: fire the jets up

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

Simon Morley added 2 commits March 6, 2026 13:12
fix: four bugs in cve_scan and password_scan modules
0949486 
- cve_scan/scanner.py: remove unreachable duplicate code block after return
  in _scan_service (dead code from a bad copy-paste refactor)

- cve_scan/scanner.py: fix NVD rate-limit detection using wrong HTTP status
  code; NVD returns 429 (Too Many Requests) for rate limits, not 403
  (Forbidden). Retrying on 403 was pointless and indicated an auth problem.

- password_scan/scanner.py: fix UnboundLocalError when credentials list is
  empty; variable i was unbound if the for-loop never executed, causing
  tested_count=i+1 to crash. Initialize i=-1 before the loop.

- password_scan/scanner.py: fix backward-compat scan_host() calling
  scanner.scan_host(host, ports) without the required mac argument,
  passing ports into the mac parameter and leaving ports missing.
feat: add --unprivileged and --verbose flags to scan command
80f1355 
Threads unprivileged=True from CLI through to nmap, bypassing the
privilege check and passing --unprivileged to all nmap invocations
(ping sweep, port scan, service probe) so users on macOS can run
without sudo using TCP connect scans.

Also threads verbose=True from CLI through to the scanner so
--verbose prints phase-by-phase nmap progress, discovered hosts,
and open ports as they are found.
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 6, 2026

Codecov Report

❌ Patch coverage is 96.15385% with 1 line in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/edgewalker/modules/port_scan/scanner.py 94.73% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@marksie1988 marksie1988 changed the title Feature/unprivileged scan feature: unprivileged scan Mar 6, 2026
@marksie1988 marksie1988 merged commit bf91e12 into periphery-security:main Mar 9, 2026
6 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simonmorley @marksie1988