Building Modern Python CLI Tool for Network Security Analysis

A deep dive into creating a production-ready network security tool with async Python, rich terminal UI, and PyPI packaging


The Problem That Started It All

As someone who works with network security and infrastructure, I found myself constantly switching between different tools to perform what should be simple tasks: checking if ports are open, identifying whether a website is protected by WAF/CDN services, and understanding the DNS chain. Tools like nmap are powerful but overkill for quick checks, while simple port scanners lack the intelligence to detect modern protection services.

That's when I decided to build Simple Port Checker – a unified CLI tool that combines port scanning, L7 protection detection, and DNS analysis in one beautiful, async-powered package.

What Makes This Project Special

πŸš€ Modern Python Architecture

Instead of building another quick script, I wanted to create something production-ready from day one. Here's what that meant:

# Type hints everywhere for better IDE support and maintainability
async def scan_host(
    self, 
    target: str, 
    ports: List[int], 
    timeout: int = 3
) -> ScanResult:
    """Scan a target host for open ports with full type safety."""

The entire codebase uses type hints with a py.typed file, making it a joy to work with in modern IDEs like VS Code or PyCharm.

🎨 Rich Terminal Experience

One thing that bothers me about most CLI tools is ugly output. I used the fantastic rich library to create progress bars, beautiful tables, and colorful output that actually makes sense:

⚑ Async Everything

Network operations are inherently I/O bound, so I built everything async from the ground up using aiohttp and asyncio:

This allows scanning hundreds of ports across multiple hosts in seconds rather than minutes.

The L7 Protection Detection Challenge

The most interesting technical challenge was building intelligent detection for WAF/CDN services. Modern web applications are protected by services like Cloudflare, AWS WAF, or F5 BIG-IP, and each has unique fingerprints.

Header Analysis

Each protection service leaves traces in HTTP headers:

Response Body Fingerprinting

Some services have unique error pages or response patterns:

DNS CNAME Analysis

Perhaps the most reliable detection method is analyzing DNS CNAME chains:

If a domain points to something.cloudflare.com or something.amazonaws.com, that's a strong indicator of protection.


How Simple Port Checker Works: Sequence Diagram

To better understand the architectural flow and interaction between components, here's a comprehensive sequence diagram that shows how Simple Port Checker operates from initial user command to final results:

spinner

This diagram illustrates three key operational modes:

  1. Port Scanning Phase (Green): Shows how the tool resolves hostnames, performs parallel TCP connections to multiple ports, and gathers service banners for identification.

  2. L7 Protection Detection Phase (Blue): Demonstrates the sophisticated analysis process including HTTP requests, header analysis, response body pattern matching, DNS CNAME resolution, and signature matching against known protection services.

  3. Full Scan Mode (Yellow): Combines both port scanning and L7 detection for comprehensive security assessment.

The async architecture becomes evident in the parallel port scanning operations and the way different detection methods work in concert to provide reliable protection service identification.

Lessons Learned: From Script to Package

Project Structure Matters

I started with a simple script structure but quickly realized that doesn't scale. The final structure follows Python packaging best practices:

CLI Design Philosophy

I wanted a unified CLI that's both powerful and intuitive. Using Click, I created subcommands that can be used independently or chained:

Each command has sensible defaults but allows customization:

Testing in the Real World

Testing network tools is tricky because you need real targets. I developed a strategy using known good/bad examples:

Deployment and Distribution

PyPI Publishing

Getting the package on PyPI was straightforward with modern tooling:

CI/CD Pipeline

I set up GitHub Actions for automated testing and publishing:

Performance and Real-World Usage

The async architecture really pays off in practice:

Compare that to sequential scanning which would take 15+ seconds.

What's Next

I'm already planning v0.3.0 with exciting features:

  • Certificate analysis: SSL/TLS certificate inspection and validation

  • Response time metrics: Latency measurements for performance analysis

  • Export formats: CSV, XML, and YAML output options

  • Plugin system: Allow custom protection service detectors

  • Web interface: Optional web UI for teams who prefer browsers

Key Takeaways for Fellow Developers

  1. Start with good structure: Even for "simple" projects, proper package structure saves time later

  2. Type hints are worth it: They catch bugs early and improve the development experience

  3. Async for I/O: Network operations should always be async in Python

  4. Beautiful CLI matters: Users appreciate well-designed terminal interfaces

  5. Test with real data: Network tools need real-world testing scenarios

  6. PyPI is your friend: Modern Python packaging makes distribution easy

Try It Yourself

Want to give it a spin? It's just a pip install away:

The source code is available on GitHubarrow-up-right, and I'd love to hear your feedback or see your contributions!


Building Simple Port Checker taught me that even "simple" tools can benefit from modern software practices. By focusing on clean architecture, good user experience, and production-ready packaging, what started as a personal utility became something the broader community can benefit from.

The best part? It actually solves real problems I face daily, and based on the early adoption, I'm not alone in needing these capabilities.

What network tools do you find yourself building repeatedly? Let me know in the comments – maybe there's an opportunity for the next useful package!


Published on September 19, 2025 | Tags: #python #networking #security #cli #async #opensource

Last updated