Command-line tool to tag devices in your network and monitor it against intruders
Version 0.1
- Runs in terminal
- For Linux (possibly BSDs and macOS might work, not tested yet)
- Self-hosted and private
- Usable, but in early stage of development
- It's Free and Open Source Software - GNU GPL v2 license
- Network scanning requires
sudo - Early stage of application security - it's not yet ready for running on critical resources
ktotu
- Download
ktotu - (Optional, recommended) Add
ktotuto the$PATH - Install
./install - Run
ktotu - Run command
network- configure network you want to monitor by providing network interface and IP range - Run command
scan- find active devices in your network - Run command
tag- tag devices by tellingktotuwhich device you disconnected, one device at a time. Repeat that for each device connected to your network - Run command
listen- start monitoring your network - (Optional) Run command
helpor read this document to know more
Currently ktotu is not hosted as binary. You can build from source code on your own - it's very simple. See: Building from source code
Go to folder with downloaded ktotu and run ./install
If program doesn't run, make sure it is executable. You can make it executable with chmod +x install in folder with program.
ktotu is now installed under /opt/ktotu/ folder and has symlink from /usr/local/bin.
It's possible that /usr/local/bin is already in your $PATH variable. You can check it running echo $PATH | grep /usr/local/bin. If it's there, you can skip this section. If not, please continue
It's .bashrc, .zshrc or other appropriate for your shell. In docs I assume it's .bashrc. You will find the configuration file in your user's folder - /home/{your-user-name}/.bashrc
Use your favourite text editor and open it (for example nano ~/.bashrc or vim ~/.bashrc)
export PATH=/usr/local/bin/ktotu:$PATH
Run source ~/.bashrc
If it's added to $PATH, simply type ktotu to run the program from anywhere in the system
If no ktotu in $PATH, then navigate to folder with the program and run it using ./ktotu
If program doesn't run, make sure it is executable. You can make it executable with chmod +x ktotu in folder with the program
ktotu: network (or just ktotu: n as a shorthand - for most of the commands you can type just a first letter) - Decide which network you want to monitor and provide the network interface and IP range to ktotu
You can find your current interfaces and IP ranges using ip a and nmcli d. Interface might look like wlp1s0 and IP range like 192.168.0.0/24.
ktotu: scan (shorthand - ktotu: s) - Then, you can find devices in your network. This way you will discover connected devices and their MAC addresses. ktotu uses MAC addresses of devices to distinguish one from another.
In next step, you will assign names to these devices. In order to distinguish expected devices - like your smartphone or laptop - from intruders, it's highly recommended to tag your devices.
You can tag devices in two ways. You can manually assign name using rename command or interactively discover device using tag command.
ktotu: rename (shorthand - ktotu: r) - Sometimes you can discover MAC address of your device by simply reading it in, for example, smartphone's settings.
If you know your device's MAC address, you can assign the name to the MAC address using 'rename' command.
If your device is not visible on the devices list displayed after running rename, connect your device to monitored network and run scan.
You can always check list of tagged and untagged devices running devices (shorthand - ktotu: d) or macs (shorthand - ktotu: m) if you need list of MAC addresses only.
ktotu: tag (shorthand - ktotu: t) - Alternatively you can run tag command. It's a simple procedure:
ktotuperforms scan for active devices- When it's done, it knows MAC addresses of devices in your network. But it doesn't know which device holds which MAC address
- To discover it, decide which device you want to
tag - Once you decided, disconnect that device from the network
- Make sure it's disconnected before you proceed to the next step
- Provide a name of this device, for example
My Smartphone ktotuperforms the second scan for active devices- Once it's done,
ktotuchecks which device disappeared from the network and assigns the provided name to its' MAC address - Your device is now tagged
Once you tag all devices used in your network, you will fully benefit from using ktotu by monitoring your network with listen command. You will immediately recognize intruders and exactly know who and when is connected
ktotu: listen - now you're ready to start monitoring your network. In listen panel, you will be alerted about intruders and see currently connected devices to your network
ktotu: dashboard - main menu with summary of devices and network. You can open it using command dashboard or pressing Enter
Types of devices:
- tagged - has an assigned name and MAC address
- untagged - has MAC address, but has no name yet
- unknown - never seen before
Any device is unknown until it's connected to your network and found by ktotu either listen during monitoring or on single scan
network (shorthand n) - configure IP range and interface which you want to monitor
dashboard - see devices and network summary. As an alternative to typing the command, you can press Enter to open it
scan (shorthand n) - finds all devices connected to your network. Once ktotu finds a new device, saves it and device becomes untagged
tag (shorthand t) - to recognize untagged devices, you can use tag command. Once you tag the device, it becomes tagged and it's easier to track during listen
listen (shorthand l) - constantly repeat scan, alert about unknown devices
devices (shorthand d) - see tagged and untagged devices
macs (shorthand m) - see only MAC addresses of tagged and untagged devices
forget (shorthand f) - make device unknown to ktotu, if you want so
rename (shorthand r) - change name of device or tag it by MAC address.
help (shorthand h) - help page
about (shorthand a) - info about ktotu
quit or Ctrl+C (shorthand q) - close ktotu
You can use ktotu in two ways:
- Interactive - simply start program using
ktotucommand - Single command - type
ktotuwith command that you want to execute and optionally with parameters. Examples:ktotu scanorktotu f 2
You can type only first letter of command as well, for example t for tag or r for rename command. d is devices
At any time press Enter to return to dashboard.
Devices and network data is stored in /home/{your_username}/.ktotu
ktotu is installed in /opt/ktotu
Along with ktotu, there is mac_addresses_scanner in the same location - /opt/ktotu
ktotu has symlink from /usr/local/bin/ktotu
Performing scan requires sudo, in order to run /opt/ktotu/mac_addresses_scanner
You can build ktotu from the source.
- Download source code from official repository - https://gitlab.com/jmaczan/ktotu
- Python 3
- pip3
- Debian-based Linux (build scripts use
apt, but you can modify this to your own needs - build scripts are simplebashcommands)
Inside folder with source code, run script ./build-from-source.sh
Output files will appear in folder dist/
Navigate to it cd dist/ and run ./install script
You can both build and install using single script ./build-and-install.sh
ktotu is a private program. It works locally on your machine and doesn't connect with any external service. It doesn't even need Internet connection to work - you can use it for local-only networks as well.
ktotu doesn't collect any data about usage, telemetry and so on.
It stores all used data on your machine locally under /home/{your-user-name}/.ktotu and data which is stored is necessary for ktotu to operate - data about devices (MAC addresses and names that you assign to them) and network settings (interface and IP range).
Purpose of ktotu is to increase your security through helping you to recognize your devices and monitor for the unknown ones.
Source code of ktotu uses minimal amount of dependencies - currently it's only single Python package python3-scapy.
ktotu is on early stage of development and it might have security issues. Eliminating potential vulnerabilities is one of top priorities in development roadmap.
I encourage all of you to read the source code and try to hack your own instance of ktotu. I will be grateful for your contribution in application security.
- CI/CD build that produces binary artifact
- Faster and more accurate scanning
- User's input sanitization
- Security audit of
ktotu - Graceful exit on
Ctrl+Cduring scanning - Allow for configuring multiple networks
- Import / export devices and network data
- Handle gracefully more non-happy path scenarios, like user's invalid input
- Allow for running custom script when unknown device is found
- Allow to stop to
listenwithout exiting the program - Unix-based multiplatform - test and build on BSDs and macOS
- Encrypt stored data about devices and network
This project is written in Python 3 and uses python3-scapy package. Scapy is released under GNU General Public License v2
GNU General Public License v2
In Polish language "kto tu (jest)?" means "who (is) here?"
Made in Poland in 2021 by Jedrzej Pawel Maczan