KillerScan

~/killerscan

$ killerscan --scan 192.168.1.0/24

found 47 hosts in 3.2s
probed 12 open ports across 6 services
identified 38 vendors via MAC OUI
classified printers, switches, APs, endpoints

Optional installer. No agent. No account. No telemetry.
Free. Open. GPLv3. Built by a field tech, for field techs.

$

Download for Windows (.zip)

Windows 10/11 x64 · ~865 KB · source (zip)

$ KillerScan v1.3.0 · updated 4/25/2026

SHA256f52707176a98bda7f4a4a0855491ef924676200e895636da1dc927c9deff02c9

What it does

ARP + Ping Discovery

Dual-method host detection catches devices that don't respond to ICMP, including IoT devices and firewalled endpoints.

Port Probing

Parallel scan of common service ports (SSH, RDP, SMB, HTTP, printing, hypervisor, NAS) with 200ms timeout per port.

Vendor Identification

MAC OUI lookup against the IEEE database identifies device manufacturers -- printers, switches, APs, IoT, and more.

Device Classification

Automatic typing via hostname keywords, OUI vendor, and port fingerprinting. Right-click to manually override any device type.

Export

Export scan results as CSV or HTML report. Right-click any device to copy IP, MAC, hostname, or launch RDP/SSH/browser.

Self-Installer or Portable

Run it straight from the EXE for a portable no-install experience, or let it install itself to %LOCALAPPDATA% with a Start Menu shortcut. No runtime, no admin rights, no dependencies.