Scan Oasis

AI security scanning that maps your network's attack paths in real time

Comment

Inspiration

Home and small-office networks are full of devices nobody's tracking — laptops, phones, printers, IoT gadgets, that one skid running a raspberry pi homelab and most of them are running software with known vulnerabilities. Real security tooling is built for enterprises: expensive, complex, and overkill. We wanted something that could scan a whole network, find the actual CVEs on each device, and then explain the risk in plain language — so anyone, not just a security pro, could see what's exposed and what to fix first.

What it does

Scan Oasis is an AI-powered network and system security scanner.

  • A lightweight desktop agent runs an nmap discovery sweep of your local network and a full system audit of the host (OS, packages, services, SUID files), then looks up real CVEs for every installed package.
  • Everything syncs to a live web dashboard showing your devices, a ranked CVE list (by severity and vulnerability type), a patch to-do list, and an interactive network attack map.
  • Sentinel, our AI assistant, reads your live CVE + topology data and walks through how an attacker could chain vulnerabilities into attack paths — and what single fix matters most. It even talks, with a custom text-to-speech voice.

# How we built it

## We built the entire thing using the Claude CLI (Claude Code) as our pair programmer.

  • Backend: Python + Flask, deployed on a DigitalOcean droplet (gunicorn), reachable on a .tech domain.
  • Desktop agent: Python + Tkinter GUI (plus a headless CLI version), using nmap for discovery and pure-stdlib CVE lookups against the Arch Security Tracker and OSV.
  • Frontend: vanilla HTML/CSS/JavaScript with Cytoscape for the attack map topology.
  • Data: Google Cloud Firestore -> the agent writes scan results directly, and the dashboard reads them live via realtime listeners.
  • AI/voice: Groq for the LLM and Whisper speech-to-text, and a Piper text-to-speech server reached over Drake's Tailscale server at his house.
  • Hosting was unlocked through GitHub Education, which gave us the DigitalOcean credits and the .tech domain.

Challenges we ran into

  • Finding hosting. This was the big one, we didn't have a way to deploy anything until we discovered GitHub Education, which got us DigitalOcean credits and a free .tech domain.
  • Deploying for the first time. Getting Flask running behind gunicorn, dealing with droplet storage wiping our agent tokens on every redeploy, and making a workflow without a million commands just to restart it.
  • Using nmap on crowded hackathon Wi-Fi caused huge subnet meant scans that never finished, so we had to bound the scan and only surface meaningful devices, with a hard cap at 30 seconds to users are not bored..
  • Making the dashboard run entirely off the cloud database (so the server never scans itself), and cleaning up AI output formatting so it reads professionally.

Accomplishments that we're proud of

  • A real-time, multi-device security dashboard that updates and fills the topological interface like duplicating cells the instant the agent finds something.
  • An AI attack-path analysis grounded in real data from the Arch repository and National databases every node and CVE on the map comes from an actual scan, not hallucinated.
  • We got it live on a real domain, deployed on actual cloud infrastructure.
  • A working voice assistant (Sentinel) on top of it all.

What we learned

  • How to host a website for the very first time, from a Flask app on our laptops to a real server on a real domain.
  • Working with a realtime cloud database (Firestore) and live data sync.
  • Driving a full build with an AI coding agent.
  • Where real vulnerability data comes from, and how to classify and prioritize it.

What's next for Scan Oasis

Leaning into network-admin features: scheduled/continuous scans with alerting when a new critical CVE or unknown device appears, fleet management across many machines, role-based access for teams, exportable reports, and guided/automated remediation. Longer term, deeper OS hardening checks (SELinux/AppArmor, permissions) and native Windows/macOS agents. Our last idea is to have Agentic AI running in the native GUI application to automatically fix the vulnerabilities presented from the algorithm and Sentinel's guidance.

Share this project:

Updates