Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go

Posted by rvermeulen98 9 hours ago

Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go(github.com)

169 points | 61 comments

mmh0000 2 hours ago|

There's a famous quote:

  Those who cannot remember nmap are condemned to remake it poorly

Rootless nmap scan of a /24 in under 10 seconds:

  nmap -T5 -sn -PR --script broadcast-dns-service-discovery,broadcast-upnp-info 10.0.0.0/24
  …SNIP…
  Nmap done: 256 IP addresses (30 hosts up) scanned in 9.99 seconds

https://nmap.org/book/toc.html

zbentley 48 minutes ago|

I like nmap and use it often. The linked tool seems to be doing different or additional things vs nmap.

What makes you think it’s not learning from/remembering nmap?

mmh0000 11 minutes ago||

That nmap command does the same thing as the author's command, except for the UI, for which there are dozens of nmap-uis available.

rvermeulen98 9 hours ago||

I've been working on a LAN discovery tool with a Terminal User Interface (TUI) written entirely in Go. It's called Whosthere, and it's designed to help you explore devices on your local network without requiring elevated privileges.

It works by combining several discovery methods:

- mDNS and SSDP scanning

- ARP cache reading (after triggering ARP resolution via TCP/UDP sweeps)

- OUI lookups to identify device manufacturers

It also includes:

- A fast, keyboard-driven TUI (powered by tview)

- An optional built-in port scanner

- Daemon mode with a simple HTTP API to fetch devices

- Configurable theming and behavior via a YAML config file

Why I built it:

Mainly to learn, I've been programming in Go for about a year now and wanted to combine learning Go with learning more about networking in one single project. I've always been a big fan of TUI applications like lazygit, k9s, and dive. And then the idea came to build a TUI application that shows devices on your LAN. I am by no means a networking expert, but it was fun to figure out how ARP works, and discovery protocols such as mDNS and SSDP.

Example usage:

---

# install via HomeBrew brew tap ramonvermeulen/whosthere brew install whosthere

# or with go install go install github.com/ramonvermeulen/whosthere@latest

# run as TUI whosthere

# run as daemon whosthere daemon --port 8080

---

I'd love to hear your feedback, if you have ideas for additional features or improvements that is highly appreciated! Current platform support is Linux and MacOS.

genericacct 4 hours ago||

Installed on raspbian, works wonders, much better than the thing i vibecoded yesterday. One feature I'd like: recording new arrivals to a log with all the info so it can be used as a barebones IDS

N3802E 4 hours ago|||

This looks great! I've been searching for something like this for ever.

Some feedback of what I found on my network, as compared to some other scanners I've used.

I've never seen anything that can beat Advanced IP Scanner at finding hostnames. I've never even found a way to get arp or nmap to get close to Advanced IP Scanner; I've tried dozens of suggested commands of each, all with no luck. Here's the results of my scans:

Alive hosts: 309

Unkown: 201

With hostnames: 80

https://www.advanced-ip-scanner.com/

####################################

I also tried a program called Angry IP Scanner:

Hosts scanned: 510

Hosts alive: 315

With hostnames: 75

https://angryip.org/

####################################

whosthere

Devices: 318

With hostnames: 54

M95D 2 hours ago|||

Why the X11 dependency if it's a TUI? I was expecting ncurses.

bestham 2 hours ago||

It says in the read me that X11 is required for clipboard functionality.

alphax314 4 hours ago|||

Looks great!! I had the same idea a few days ago and am so glad you posted this now! I will be using it and will let you know of any feedback. So far works great on my network!

nickcw 5 hours ago||

Very nice tool :-)

It would be great it it could show the reverse lookup of the IPs as on my LAN everything has a name and if it hasn't then it is probably an interloper!

mrcaramelpants 6 hours ago||

Surely a missed opportunity to name it “whogoesthere”

adzm 2 hours ago|

I was thinking more along the lines of whodat

84634E1A607A 6 hours ago||

Overall good work. I'd request an `-i` command-line parameter to specify the interface to scan (and I'd prefer ALL params being able to be read from command line params). I think it just performs a full scan initially on my laptop, following scans either didn't success or didn't involve TCP connect scan (I don't see ARP requests after the initial scan).

rvermeulen98 6 hours ago|

That's correct. To avoid overloading the local network, the initial scan has a built-in safeguard:

1. It only scans the subnet of the configured network interface.

2. The scan is limited to a maximum size of a /16 subnet.

3. It runs just once every 5 minutes (this interval should be made configurable, currently still hardcoded).

If a subnet larger than /16 is configured, whosthere will log a warning and only scan the first /16 portion of that subnet. As of now the network interface itself is configured via the YAML file. I agree it would be a good idea to add command-line flags for more of these settings to make them easier to adjust.

zahlman 4 hours ago||

Does the Go standard library have unusually good TUI support or something? Am I just imagining the pattern of new TUIs being written in Go?

cpuguy83 3 hours ago||

It compiles fast, starts up fast, and doesn't have a ton of hoops to jump through (ie borrower/checker in rust).

pstuart 4 hours ago|||

No, it really doesn't have anything TUI focused in stdlib. I get the reason why but it would be cool if they had something foundational in golang.org/x/

This project appears to be using github.com/rivo/tview which is is really solid.

jen20 4 hours ago||

The standard library doesn't have much for this, but Bubble Tea https://github.com/charmbracelet/bubbletea is behind many of the better Go TUIs. This one is using https://github.com/rivo/tview.

pstuart 4 hours ago||

The charmbracelet folk are quite, um, charming, but when I tried to work with bubble tea on a multi pane project I found it unwieldy -- tview seemed much more straightforward.

jasonjmcghee 4 hours ago||

Big missed opportunity to call it “Whose LAN is it anyway?”

apitman 4 hours ago||

Have you tried it on Tailscale at all? Could be super useful but sadly TS doesn't support mDNS: https://github.com/tailscale/tailscale/issues/1013

vzaliva 4 hours ago||

I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..

zahlman 4 hours ago||

> I wish it has a .deb package..

Generally speaking, the Debian package management system is really not a place I would look for prompt updates when new versions of software are released.

foresto 3 hours ago|||

You might be confusing the .deb package format with the release cadence of the Debian Stable distribution.

mzajc 3 hours ago|||

Why not? It works roughly the same as any other binary distribution format. Given that the project is written in go, it's also unlikely to have many dynamically linked dependencies.

yobert 1 hour ago|||

Just `git pull` and `go build` should work!

sneak 3 hours ago||

“go install” does not have an update mechanism. I imagine most people using it would consider such an anti-feature; it is not a package manager.

I certainly don’t want programs I “go install” to change underneath me without notice or review. That’s basically handing ownership of your computer to a remote developer.

GeoffKnauth 4 hours ago||

Using brew, I got "Apple could not verify `whosthere' is free of malware that may harm your Mac or compromise your privacy." [Move to Trash] [Done]

cedws 4 hours ago||

It just means that the binary is not notarised. You can go into Privacy & Security to override.

sneak 3 hours ago||

Unsigned binaries on macOS have slowly but surely been marginalized more and more with scarier and scarier warnings and harder hoops to jump through. You can enable execution in the system settings “Privacy and Security” pane.

I’m sure this has nothing to do with Apple’s subscription-based (and government ID requiring) developer program membership which is the only way to get such signatures.

Evidlo 4 hours ago|

I'm also working on a Go TUI tool. Any reason you went with tcell instead of charmbracelet ecosystem?

rvermeulen98 4 hours ago|

I started off using tview/tcell, and only later found out about bubbletea and the charmbracelet ecosystem. Then I didn't really find a solid reason to switch over to bubbletea. So far I really enjoyed the experience building the app with tview, the only real limitation I ran into was switching the theme at runtime, for which I had to build a custom mechanism.

More comments...