Network Security Tools - PrivacyInsights | URL Scanner, Domain Checker, Traceroute

1.1 Domain Checker

Service: DomainSecurityCheckerService

What it does: Performs real DNS and SSL security checks on domains.

Technical Implementation

DNS Lookup (Forward): Uses CFHostCreateWithName and getaddrinfo to resolve domain names to IP addresses (supports both IPv4 and IPv6)
Reverse DNS: Performs getnameinfo to find hostname from IP address
SSL Certificate Validation: Connects to domain via HTTPS and retrieves certificate chain with SecTrust

What is Checked

DNS resolution (can domain be resolved to IP?)
Reverse DNS (does IP address have PTR record?)
SSL certificate validity
Certificate issuer (CA)
Expiry date and days until expiry
TLS version
Complete certificate chain

Security Score: Calculated based on DNS status, SSL validity, and certificate lifetime (0-100).

1.2 URL Scanner

Service: URLScannerService

What it does: Analyses URLs for security threats, tracking parameters, and phishing indicators.

Technical Implementation

Follows redirect chains manually (up to 10 redirects)
Analyses HTTP status codes (301, 302, 303, 307, 308)
Checks for meta-refresh and JavaScript redirects
Uses DomainSecurityCheckerService for SSL validation
Performs WHOIS lookup via RDAP API (rdap.org)

What is Checked

Protocol: HTTP vs HTTPS (insecure connection)
Redirect chain: Number of redirects, cross-domain redirects, HTTP→HTTPS downgrade
URL shorteners: Detects bit.ly, t.co, goo.gl, tinyurl, etc.
Homoglyph attacks: Cyrillic/Latin mixing (e.g., "pаypal" with Cyrillic 'а')
Tracking parameters: utm_*, fbclid, gclid, mc_eid, etc.
Phishing indicators: Suspicious patterns in URL
Domain age: Via RDAP/WHOIS (new domains = higher risk)
SSL certificate: Validity and issuer
Suspicious TLDs: .tk, .ml, .ga, .cf, .gq, .xyz, .top

Risk levels: Low, Medium, High based on findings.

1.3 Network Scanner

Services: NetworkScannerService, SSDPDiscoveryService, BonjourDiscoveryService, OUILookupService, NetworkScanCacheService

What it does: Comprehensive local network scanning with multiple discovery methods for accurate device identification.

Technical Implementation

Gets local IP via getifaddrs() on en0 interface
Scans IP range (x.x.x.1-254) with TCP connections
Uses NWConnection for port scanning
SSDP/UPnP Discovery — Multicast M-SEARCH for TVs, media servers, routers
Bonjour/mDNS Discovery — Apple devices, printers, AirPlay
HTTP Banner Grabbing — Server headers and HTML titles for identification
OUI Database — 1,800+ MAC prefixes from 49 vendors
Scan Caching — Remembers devices with "last seen" timestamps

Discovery Methods

TCP Port Scan: Active connection attempts to common ports
SSDP/UPnP: Discovers smart TVs, media servers, routers via multicast
Bonjour: Apple devices, printers, AirPlay, HomeKit
HTTP Banner: Identifies devices by web server headers
MAC OUI: Manufacturer lookup from MAC address prefix

OUI Database (1,800+ entries)

Consumer Electronics: Apple (378), Samsung (299), LG (81), Sony (85), Xiaomi, Roku, Nvidia

Networking: Cisco (140), TP-Link (67), Netgear (51), ASUS (74), D-Link, Linksys, Ubiquiti

Smart Home: Philips Hue, Nest, Sonos, LIFX, Ring, Arlo, Eufy, Tuya, IKEA

Appliances: Bosch, Siemens, Miele, Electrolux, Whirlpool

Printers: HP (140), Epson, Canon, Brother

Security Cameras: Hikvision, Dahua, Reolink

NAS: Synology, QNAP

What is Checked

Active IP addresses on network
Open ports (22, 80, 443, 554, 8080, etc.)
Hostname via reverse DNS and Bonjour
Device manufacturer via MAC address (OUI) and SSDP
Device type categorisation (TV, router, camera, NAS, etc.)
UPnP device descriptions (friendly name, model, serial)
HTTP server headers for device identification

Scan Caching

Stores scan results locally
Shows "last seen" timestamp for each device
Identifies new vs previously seen devices
Persists across app restarts

1.4 Camera & IoT Detector

Service: IPDeviceAnalyzerService

What it does: Finds WiFi cameras and IoT devices on the network.

Technical Implementation

Scans specific ports for different device types
Analyses HTTP headers for device identification
Checks RTSP streams (port 554, 8554)
Uses OUI database for known camera manufacturers

Ports Scanned

Camera: 80, 443, 554, 8080, 8443, 8554, 37777, 34567, 9000
IoT: 80, 443, 1883 (MQTT), 8883, 5683 (CoAP), 8080
Printer: 9100, 515, 631
NAS: 5000, 5001, 139, 445, 548
Smart Home: 8123, 1400, 8008, 10001

Known Camera Manufacturers

Hikvision, Dahua, Axis, Vivotek, Bosch, Panasonic, Foscam, Reolink, Amcrest, Wyze, Ring, Nest, Arlo, Eufy, TP-Link (Tapo/Kasa), D-Link

Privacy Risk Assessment

Camera = +40 points
RTSP stream available = +30 points
IoT device = +20 points
Telnet open (port 23) = +25 points
No authentication on HTTP = +15 points

1.5 Traceroute / Locate Data

Services: TracerouteEngine + GeoIPService

What it does: Traces network path to destination and visualises on map.

Technical Implementation

Uses ICMP Echo Request with increasing TTL (1-64)
TraceroutePinger sends packets and measures RTT
GeoIPService geolocates each hop
Binary GeoIP database (memory-mapped for performance)

What is Checked

Network path (all routers between you and destination)
Response time (RTT) for each hop
Geographic location of each hop
Cloud provider detection (AWS, Azure, GCP, Cloudflare, Akamai, etc.)
Anycast detection (based on RTT vs distance)
Routing loops (consecutive duplicate IPs)
Firewall blocking (consecutive timeouts)

GeoIP Database

Binary format v2 with city-level resolution
O(log n) lookup via binary search
LRU cache for repeated lookups
Supports both IPv4 and IPv6

Cloud providers detected: AWS, Azure, Google Cloud, Cloudflare, Akamai, Fastly, DigitalOcean

1.6 Network Security Checker

Service: NetworkSecurityScoringService

What it does: Checks SSL certificates and secure connections.

What is Checked

SSL/TLS certificate validation
Certificate chain integrity
Certificate pinning
Network security score

🌐 Network & Security Tools

1.1 Domain Checker

Technical Implementation

What is Checked

1.2 URL Scanner

Technical Implementation

What is Checked

1.3 Network Scanner

Technical Implementation

Discovery Methods

OUI Database (1,800+ entries)

What is Checked

Scan Caching

1.4 Camera & IoT Detector

Technical Implementation

Ports Scanned

Known Camera Manufacturers

Privacy Risk Assessment

1.5 Traceroute / Locate Data

Technical Implementation

What is Checked

GeoIP Database

1.6 Network Security Checker

What is Checked