Skip to content

feat: implement unprivileged mode for CLI and TUI#17

Merged
marksie1988 merged 3 commits intomainfrom
pr-11-fix
Mar 9, 2026
Merged

feat: implement unprivileged mode for CLI and TUI#17
marksie1988 merged 3 commits intomainfrom
pr-11-fix

Conversation

@marksie1988
Copy link
Copy Markdown
Contributor

@marksie1988 marksie1988 commented Mar 9, 2026

PR Checklist

Please check if your PR fulfills the following requirements:

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Other... Please describe:

What is the current behavior?

Currently, EdgeWalker requires root/sudo privileges for all port scans. On macOS or systems where the user cannot easily use sudo, the TUI simply warns the user and disables scanning. There is no persistent way to opt into unprivileged (TCP Connect) scans.

Issue Number: N/A

What is the new behavior?

This PR introduces a comprehensive 'Unprivileged Mode' that allows EdgeWalker to run without root privileges by utilizing nmap's TCP Connect scans.

Key changes:

  • Added setting to global model for persistence and environment variable support ().
  • Added and flags to and CLI commands.
  • Updated TUI with a toggle for Unprivileged Mode.
  • Updated TUI to offer switching to Unprivileged Mode when root is missing (especially useful on macOS).
  • Updated TUI and to respect the unprivileged setting and allow scans to proceed.
  • Improved handling to warn users if the file is owned by root (common after running with sudo) and handle gracefully.
  • Added comprehensive tests for unprivileged mode logic in the scanner and CLI.

Does this PR introduce a breaking change?

  • Yes
  • No

Other information

Simon Morley and others added 3 commits March 6, 2026 13:35
feat: add --unprivileged and --verbose flags to scan command
80f1355 
Threads unprivileged=True from CLI through to nmap, bypassing the
privilege check and passing --unprivileged to all nmap invocations
(ping sweep, port scan, service probe) so users on macOS can run
without sudo using TCP connect scans.

Also threads verbose=True from CLI through to the scanner so
--verbose prints phase-by-phase nmap progress, discovered hosts,
and open ports as they are found.
@marksie1988
feat: add unprivileged support to the TUI
bf91e12
@marksie1988
test: formatting issue in test file
1957fae
@marksie1988 marksie1988 merged commit 12b5d30 into main Mar 9, 2026
@marksie1988 marksie1988 deleted the pr-11-fix branch March 9, 2026 15:37
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 9, 2026

Codecov Report

❌ Patch coverage is 66.66667% with 30 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/edgewalker/tui/app.py 23.07% 10 Missing ⚠️
src/edgewalker/core/config.py 53.33% 7 Missing ⚠️
src/edgewalker/tui/modals/dialogs.py 62.50% 6 Missing ⚠️
src/edgewalker/tui/screens/dashboard.py 54.54% 5 Missing ⚠️
src/edgewalker/cli/cli.py 75.00% 1 Missing ⚠️
src/edgewalker/modules/port_scan/scanner.py 94.73% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marksie1988