35 comments

[ 0.21 ms ] story [ 53.8 ms ] thread
I've been working on a LAN discovery tool with a Terminal User Interface (TUI) written entirely in Go. It's called Whosthere, and it's designed to help you explore devices on your local network without requiring elevated privileges.

It works by combining several discovery methods:

- mDNS and SSDP scanning

- ARP cache reading (after triggering ARP resolution via TCP/UDP sweeps)

- OUI lookups to identify device manufacturers

It also includes:

- A fast, keyboard-driven TUI (powered by tview)

- An optional built-in port scanner

- Daemon mode with a simple HTTP API to fetch devices

- Configurable theming and behavior via a YAML config file

Why I built it:

Mainly to learn, I've been programming in Go for about a year now and wanted to combine learning Go with learning more about networking in one single project. I've always been a big fan of TUI applications like lazygit, k9s, and dive. And then the idea came to build a TUI application that shows devices on your LAN. I am by no means a networking expert, but it was fun to figure out how ARP works, and discovery protocols such as mDNS and SSDP.

Example usage:

---

# install via HomeBrew brew tap ramonvermeulen/whosthere brew install whosthere

# or with go install go install github.com/ramonvermeulen/whosthere@latest

# run as TUI whosthere

# run as daemon whosthere daemon --port 8080

---

I'd love to hear your feedback, if you have ideas for additional features or improvements that is highly appreciated! Current platform support is Linux and MacOS.

It says 'Open ports: (None)' for all devices on my network, despite there being open ports on many of them (MacOS Tahoe 26.2 / installed via go)
this is great! i had to tweak the config file on macos because it was using some weird interface (utun4) instead of en0. otherwise awesome tool, i am definitely going to be using this more often.
I love the resurgence of TUI apps, but I wonder what the definition of "modern TUI" means in these cases. Does it basically mean just not using curses?
Overall good work. I'd request an `-i` command-line parameter to specify the interface to scan (and I'd prefer ALL params being able to be read from command line params). I think it just performs a full scan initially on my laptop, following scans either didn't success or didn't involve TCP connect scan (I don't see ARP requests after the initial scan).
(comment deleted)
Surely a missed opportunity to name it “whogoesthere”
Good stuff, this saves me the trouble of going through router GUI. And remembering if it was 192.168.1.1 or 0.1 or what were the admin/root passwords.
Great tool, only thing I miss is it doesn't show SAMBA names.
> Apple could not verify “whosthere” is free of malware that may harm your Mac or compromise your privacy.

Couldn't run it on macOS Tahoe. I believe this requires me lowering the security to allow it, which is something I would rather not doing.

It just means the app isn't signed.
I hope browsers could support mDNS or SSDP. We need an Intranet browser!
Busy building something similar with a view towards customising it for my LAN.

Specifically it needs to pull additional detail out of proxmox servers and opnsense plus deduce where things are physically based on latency.

Thats a whole lot easier if it doesn’t need to work universally & you can hardcode some assumptions

I'm also working on a Go TUI tool. Any reason you went with tcell instead of charmbracelet ecosystem?
Using brew, I got "Apple could not verify `whosthere' is free of malware that may harm your Mac or compromise your privacy." [Move to Trash] [Done]
I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..
Does the Go standard library have unusually good TUI support or something? Am I just imagining the pattern of new TUIs being written in Go?
Big missed opportunity to call it “Whose LAN is it anyway?”
Love it! I already have some ideas for additional improvements, might jump in and contribute a PR or two.

Great work.

is the only way to export the results "run in daemon mode and curl yourself"?
(comment deleted)
There's a famous quote:

  Those who cannot remember nmap are condemned to remake it poorly
Rootless nmap scan of a /24 in under 10 seconds:

  nmap -T5 -sn -PR --script broadcast-dns-service-discovery,broadcast-upnp-info 10.0.0.0/24
  …SNIP…
  Nmap done: 256 IP addresses (30 hosts up) scanned in 9.99 seconds
https://nmap.org/book/toc.html
Looks nice. I'd love to have a way to select anything on the screen or at least have a button to copy more info, like manufacturer name of a found device.
I read the title as "W host here"