tjnull / leetha

Public

Passive network fingerprinting and analysis engine

100% credibility

Found Apr 05, 2026 at 58 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

Leetha passively analyzes network traffic to identify devices, map topology, and detect anomalies like spoofing without requiring agents or credentials.

How It Works

🔍 Discover Leetha

You find this helpful tool that quietly watches your home network to spot all connected gadgets without bothering them.

📦 Get it set up

Download and prepare it on your computer in moments, ready to connect to your network.

🔄 Refresh device info

Grab the latest details on thousands of gadgets to help recognize what's on your network.

🚀 Start watching

Turn it on and let it listen to your network traffic, discovering devices as they chat.

🌐 Open your dashboard

Visit the web page to see a live map of every phone, computer, smart TV, and more appearing in real time.

🔍 Spot issues

Check alerts for weird activity like fake devices or changes, keeping your network safe.

✅ Secure network map

Enjoy a complete, up-to-date picture of your network and peace of mind from spotting hidden risks.

Sign up to see the full architecture

5 more

Star Growth

See how this repo grew from 58 to 58 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is leetha?

Leetha is a Python-based passive network fingerprinting engine that silently maps devices on your network by analyzing broadcast traffic like ARP, DHCP, DNS, and TLS handshakes—no agents or active scans needed unless you opt in. It fuses evidence from 30+ protocols and 11.5 million signatures to ID everything from IoT gadgets to ICS gear, spotting anomalies like MAC spoofing or DHCP attacks. Run it via CLI (`sudo leetha --web`) for a real-time React dashboard with topology views, device inventory, and attack surface reports.

Why is it gaining traction?

It stands out with passive-first design that avoids detection, unlike noisy tools like nmap, plus optional active probes for confirmation. Devs dig the WebSocket-driven UI for live threat triage, OT protocol support (Modbus, BACnet), and ready-to-run Docker compose—zero setup for multi-interface capture. Early adopters praise the weighted certainty scoring and behavioral alerts for github passive dns drift or rogue servers.

Who should use this?

Network security engineers monitoring enterprise LANs for unauthorized devices, red teamers mapping attack surfaces pre-engagement, or OT admins tracking ICS/SCADA gear without disrupting production. Ideal for passive network engineers handling VLANs, WiFi, or hybrid wired/wireless setups where active probing risks alerts.

Verdict

Worth a spin for passive network analysis—solid docs, 453 passing tests, and GPL license make it dev-friendly despite 55 stars and 1.0% credibility signaling early maturity. Pair with p0f for deeper OS intel, but expect tweaks for scale.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

876

Followers

Base stars: 58 stars

Penalty: Very new repo (2d): -70%

Bonus: AI verified quality (100%)

Account age: 3,025 days

Repo age: 2 days

License: GPL-3.0

Updated: Apr 05, 2026