The local-first network scanner

Know every device
on your network.

One click maps your whole network: every connected device, what it actually is, the ports it has open, and the risks it carries. Then DeviceShelf keeps watch — alerting you when something new appears. All local. No account. No telemetry.

📡 One-click LAN scan 🖥 Mac · Windows · Linux · 📱 iOS & Android soon 🛡 Local-first · read-only · no telemetry

Try free for 7 days — then €29 → See what's inside

Desktop now: macOS, Windows, Linux · iOS & Android launching soon · one license covers them all

DeviceShelf is not just an IP scanner.
It's your network's control room.

For anyone who wants to know, fast: what's on the network, what each device is, and what's a risk.

Why DeviceShelf exists

It started with a device I couldn't identify.

One evening my router listed a device I didn't recognise — just a MAC address and an IP. Mine? A neighbour's? Something worse? The router's own page told me nothing useful, and the scanner apps I tried were either ad-riddled, cloud-bound, or stopped at a bare list of IPs.

I wanted the obvious thing: point it at my network and tell me what each device actually is — vendor, name, type, open ports — and flag anything risky. Locally. Without an account, without uploading my home network to someone's server.

So I built it. Scan, identify, watch, and warn — on every device I own, from my Mac to my phone. That became DeviceShelf.

— Christof, builder of DeviceShelf

Features

Everything in one place.

Three things stand out: a one-click scan that maps your whole network, deep identification that tells you what each device really is, and a security report that flags what's risky. Everything else builds on those three.

🔍

One-click network scan

Point it at your Wi-Fi or LAN and hit scan. A fast, read-only TCP-connect sweep finds every responding device in seconds and keeps the list fresh on every rescan — no setup, no agents, no router login.

🧬

Deep device identification

More than an IP list. DeviceShelf resolves the vendor (MAC OUI), hostname (DNS, mDNS/Bonjour, NetBIOS), OS (TTL, DHCP fingerprint) and device type — router, computer, phone, printer, camera, NAS, IoT — automatically.

🛡

Built-in security report

A prioritized risk report for the whole network: exposed dangerous services (Telnet, RDP, ADB, Docker API, Redis…), default-credential checks, weak TLS, known-CVE hints and camera/privacy flags — each with a fix and a 0–100 risk score.

🔌

Open ports & services

Per device, enumerate open TCP/UDP ports with service detection and banner grabbing. Quick, Standard, Deep (1–1024) and Full (1–65535) profiles, plus slow/normal/aggressive timing — you decide thorough vs. fast.

📈

Presence monitoring & alerts

Background polling tracks which devices come and go and notifies you the moment an unknown device joins. Availability history with uptime and latency per device — perfect for spotting intruders or flaky gear.

📊

Per-device bandwidth

See live throughput per device so you can tell what's actually using the line right now. Find the streaming box, the backup that's saturating the uplink, or the chatty IoT gadget at a glance.

🔬

Deep probes

Go further on any device: TLS grading and certificate inspection, SSH key fingerprinting, SMB share enumeration, UPnP model/serial, SNMP system info and nmap-style HTTP enumeration of common admin paths.

🧰

Diagnostics toolbox

Ping with aggregate stats, streaming traceroute, DNS lookups, a connectivity health check and a built-in speed test (latency, download, upload) — the tools you'd otherwise juggle across five apps, in one place.

Wake-on-LAN

Power on compatible machines straight from the device list with a single tap. Great for waking a NAS, a desktop or a media server without getting up.

📤

Export & shareable reports

Export the device list to JSON or CSV, or generate a styled, shareable HTML report. Add custom names, notes and type overrides per device — they persist across scans. An optional local API and webhooks let you wire DeviceShelf into your own tooling.

🔒

Local-first & private

Everything runs and stays on your device. No account, no sign-up, no telemetry, no analytics. Your license is verified offline with an ed25519 signature — so the app doesn't phone home to check it.

📱

Desktop & mobile

The same scanning engine on macOS, Windows and Linux today — with iOS and Android apps launching soon. Scan from your laptop at the desk now, and from your phone on the couch once mobile ships — one license covers every device you own.

AI, optional

An AI that
actually knows your network.

Stuck on a device that's just a MAC address and an open port? Let AI name it from the network signals. Get a plain-language digest of your whole network, ask what's risky and why, and turn the security findings into step-by-step fixes. Everything is grounded in your real scan data — no guessing from a generic checklist.

  • Identify unknown devices from their network fingerprint
  • Natural-language digest of your whole network
  • Security advice & concrete remediation steps
  • Grounded chat — ask questions about your scan

Bring your own key — AI is entirely optional. Your prompts never touch our servers; they go directly from your device to the provider you picked. Prefer fully offline? Run a local model with Ollama.

Supported AI providers

Anthropic Claude · you provide the API key
OpenAI GPT-4 / GPT-5 · you provide the API key
OpenRouter 300+ models · you provide the API key
Mistral EU-hosted · you provide the API key
Groq Fast inference · you provide the API key
Google Gemini Gemini 1.5 / 2 · you provide the API key
Ollama Fully local · no API key, no network

No vendor lock-in. Switch providers in Settings → AI any time.

Private by default

Your network map stays yours.

A scan of your network is sensitive — it's a map of your home or office. DeviceShelf is built so that map never leaves your device unless you explicitly choose to send part of it.

Local-first by design

Every scan result is stored locally on your device. There is no DeviceShelf cloud, no central database, nowhere for your network map to leak from.

No account, no sign-up

Install and scan. No registration, no email verification, no profile. We don't know who you are, and we like it that way.

Zero telemetry

No analytics, no phone-home, no anonymous metrics. The app does not report what you scan, what you find, or that you opened it.

Offline ed25519 license check

Your license is verified locally with an ed25519 signature — no license server, no online activation, no check-in. It keeps working even fully offline.

Opt-in outbound only

Data leaves only when you turn a feature on: AI (to your provider), Fingerbank device lookup, or WAN-IP info. Each is off by default and clearly labelled.

Lightweight, read-only scans

Default scans are non-intrusive TCP-connect probes — they observe, they don't attack. You control depth and timing, from a quick sweep to a full deep scan.

It knows what it's looking at

Recognises the things on your network.

DeviceShelf combines many signals — MAC vendor (OUI), DNS, mDNS/Bonjour, NetBIOS, SNMP, UPnP, TTL, DHCP fingerprint and open-port profiles — to label each device with a type and a best guess at what it is.

🌐 Router / Gateway
💻 Computer
📱 Phone / Tablet
🖨 Printer
📷 Camera
💾 NAS
📺 TV / Streaming
🔊 Smart speaker
🎮 Game console
💡 Smart home / IoT
🖥 Server
❓ Unknown → ask AI

Desktop and pocket

The full scanner, on your phone too.

Not a watered-down companion — the iOS and Android apps run the same scanning engine as the desktop. Walk around the house or office and scan from where you stand. One license covers every device you own.

iOS & Android

Your whole network, in your pocket.

Native iOS and Android apps that scan, identify and monitor on their own — no desktop required. The perfect way to check a friend's Wi-Fi, an office network or a hotel LAN while you're standing right next to it.

  • Full network scan & device identification on-device
  • Security report and open-port view on the go
  • Presence alerts when an unknown device joins
  • Export and share a report straight from your phone
Coming to the App Store
Coming to Google Play

📱 Launching soon The mobile apps are in final testing — App Store & Google Play listings are on the way. Email us to get notified at launch.

Talk to us

Bug, feature wish, or sales question?

We read every message and usually reply within a working day. For technical bugs the in-app Help → Send feedback dialog ships extra context automatically. Otherwise, this form:

Or email [email protected] directly.

Frequently asked

Questions, answered.

Where is my scan data stored?

Locally, on the device that ran the scan. There is no DeviceShelf cloud and no account — your network map never gets uploaded anywhere. You can export it yourself to JSON, CSV or an HTML report whenever you like.

Does DeviceShelf send my data anywhere?

No scan data leaves your device by default. DeviceShelf only sends scan traffic on your local network — nothing goes to the internet unless you explicitly enable an optional feature: AI (to the provider whose key you supplied), Fingerbank device lookups (fingerbank.org), or WAN-IP info (ip-api.com). No analytics, no phone-home, no telemetry.

Is scanning my network safe and allowed?

Scanning a network you own or administer is completely normal, and DeviceShelf's default scans are lightweight, read-only TCP-connect probes — they observe rather than attack. Only scan networks you have permission to scan.

How does DeviceShelf compare to Fing?

DeviceShelf is built for users who prefer a local-first desktop and mobile scanner without an account, telemetry or subscription. Fing offers its own app ecosystem and subscription plans; DeviceShelf focuses on local network visibility, offline licensing and one-time pricing.

Can I bring my own AI key?

Yes — and AI is entirely optional; the scanner works fully without it. Drop in your Anthropic / OpenAI / OpenRouter / Mistral / Groq / Gemini key, or run Ollama locally for fully offline AI. Your prompts always go directly from your device to your chosen provider.

How many devices can I install on?

One license = one user, unlimited personal devices. Use the same key on every Mac, PC, Linux box, iPhone and Android device you own. The license is per user, not per machine.

Is there a free trial?

Yes — a 7-day free trial with full features, no credit card required. After that it's a one-time €29 purchase. No subscription, ever.

Will my version keep getting updates?

Yes. Your purchase is yours to keep — no subscription, nothing to renew. v1 keeps improving: every 1.x update brings new features and fixes, free of charge, and we'll keep delivering them for as long as the operating systems allow. No software runs on every future OS forever, but we plan to support v1 for a long time. There's no upgrade treadmill: a future v2 would be a major new generation, years away, and an entirely optional paid upgrade — and you can keep using your v1 either way.

Refund policy?

14 days, money-back, no questions asked. Email [email protected] from the address you bought with.

Which platforms are supported?

Desktop (available now): macOS, Windows and Linux. Mobile (coming soon): iOS and Android. The same scanning engine runs everywhere, and your single license covers all of them — desktop today, mobile once released.

Local-first by design

Your network map never leaves your devices.

🗄 Stored locally, full stop

Every scan, every device, every note lives on your device. There's no DeviceShelf server holding a copy — so there's nothing to breach, subpoena or sell. You own the data and you can wipe or export it any time.

🙈 No account, no profile

Download, install, scan. No email, no sign-up, no login. We genuinely don't know who our users are or what's on their networks — and that's the point.

🚫 Zero telemetry

No analytics, no phone-home, no "anonymous metrics". The app doesn't report what you scan, what it finds, or even that you launched it.

🔑 Bring your own AI keys

AI is optional. When you use it, your provider key stays on your device and prompts go straight to the provider you chose. We never see them, and we host no model of our own.

Pricing

Buy once. Use v1 forever.

Launch price — rises to €49 when the iOS & Android apps ship

No subscription. No account. No telemetry. One local-first licence. Most subscription-based network scanners cost monthly — DeviceShelf is a one-time purchase. Your v1 licence includes every 1.x update; a future v2 will be an optional paid upgrade. Desktop now (macOS, Windows, Linux); iOS & Android soon. AI runs on your own provider key — no extra cost, no lock-in.

Good to know: DeviceShelf scans the local network the device is connected to. Run it on the Wi-Fi/LAN you want to inspect. Only scan networks you own or are allowed to scan.

One-time licence

€29 €49 once

€29 launch price, incl. VAT — €49 once the mobile apps ship. v1: all 1.x updates included.

For homelabs, small offices, consultants and privacy-conscious power users.

  • ✓ Unlimited scans & unlimited devices
  • ✓ Security report, monitoring & bandwidth
  • ✓ AI device ID & chat (bring your own key)
  • ✓ Desktop now — macOS, Windows, Linux · iOS & Android soon
  • ✓ 1 user, install on every device you own
  • ✓ One-time payment — no subscription, ever
  • ✓ 7-day free trial — no credit card required
Buy now — €29 Download free 7-day trial
macOS Windows Linux

All platforms & architectures →

Honest expectations

What DeviceShelf is — and isn't.

Please read this before you buy. It saves both of us a refund.

✓ What it is

  • A universal network scanner that discovers every device on the LAN/Wi-Fi you're connected to.
  • A device identifier — vendor, hostname, OS and type from many combined signals.
  • A port scanner with service detection and configurable scan profiles.
  • A security report with risk scoring, exposed-service and default-credential checks and CVE hints.
  • A monitor that watches for new devices and tracks presence and bandwidth.
  • An optional AI assistant that names unknown devices and explains the risks (bring your own key).

✗ What it isn't

  • Not a cloud service — there's no account and nothing is uploaded; it all runs on your device.
  • Not a WAN/internet scanner — it maps the local network you're on, not the public internet.
  • Not a penetration-testing or exploit tool — it observes and reports, it doesn't attack devices.
  • Not a full 24/7 IDS/SIEM like a dedicated security appliance — monitoring is poll-based.
  • Not a router replacement — it doesn't change your network config; it tells you what's on it.
  • Not compliance-certified — we make privacy claims and document them, but hold no SOC2 / ISO 27001 audit.

⚙ Requirements

  • Desktop: macOS 12+, Windows 11, or a modern Linux. Small download, light on RAM.
  • Mobile: iOS 17+ or Android 8.0+. Connect to the Wi-Fi you want to scan.
  • Network: just be connected to the LAN/Wi-Fi you want to inspect — no router login, no config changes.
  • AI features (optional): an API key from Anthropic, OpenAI, OpenRouter, Mistral, Groq or Gemini — or run Ollama locally. No key means no AI; everything else still works.
  • Bandwidth monitoring: on desktop, live per-device throughput may need elevated privileges.

See full platform support →