One-click network scan
Point it at your Wi-Fi or LAN and hit scan. A fast, read-only TCP-connect sweep finds every responding device in seconds and keeps the list fresh on every rescan. It needs no setup, no agents, no router login.
The local-first network scanner
One click maps your whole network: every connected device, what it is, which ports are open and where the risk is. DeviceShelf keeps that map local, then warns you when something new appears.
Then €59 once. No subscription.
Desktop: Mac, Windows & Linux · Mobile: Android now, iOS in TestFlight · Server: Docker, .deb & Windows service
Inside the app
These are the views you actually use. Every value comes from a live scan of your own network, not from a spreadsheet, with no manual entry.
One click sweeps the whole subnet. Every responding device shows up with its IP, vendor and detected type; the list is sorted, searchable and exportable.
Your whole LAN at a glance: every device arranged around the gateway as a clean, interactive map.
A deep dive on any device: vendor, all hostnames, OS guess, response time, CVE hints and one-click connect (SSH, VNC, SMB…).
Stuck on an unknown device? Your own AI key identifies it from the network signals: hardware, role and reasoning, in your language.
Every open port with its detected service and banner (SSH, MQTT, Home Assistant and more), plus your own name, tags and notes per device.
A prioritized security report: risk score, exposed risky services, default-credential checks and an AI security advisor with concrete fixes.
Per-device CVE analysis from the detected service versions: severity, description and a concrete remediation for each finding.
Background monitoring tracks who comes and goes and alerts you the moment an unknown device joins your network.
Live per-device throughput, up and down, so you instantly see what's hogging the line.
A full timeline of everything that changed (devices on and offline, ports opening and closing), with snapshot comparison.
Built-in speed test, DNS lookup, ping and MTR-style traceroute: the everyday network tools, right where you need them.
Your network at a glance: subnets, gateway, DNS and WAN details, with live status for every interface.
For anyone who wants to know, fast: what's on the network, what each device is, and what's a risk.
Who builds this
I am Christof. I built DeviceShelf because I wanted to know what was on my network without opening an account or handing my device list to someone else’s server. The tools I had at the time did one or the other.
The product still works that way. There is no DeviceShelf server storing your scans, no telemetry, and no investors who will eventually want a data business. DeviceShelf is sold directly and paid for by its licences.
Christof, developer of DeviceShelf
Features
DeviceShelf starts with a read-only LAN scan, enriches each device with names and signals, then turns the result into monitoring, reports and practical security findings.
Point it at your Wi-Fi or LAN and hit scan. A fast, read-only TCP-connect sweep finds every responding device in seconds and keeps the list fresh on every rescan. It needs no setup, no agents, no router login.
Multi-homed? Select several adapters (Wi-Fi, Ethernet, VLANs) and DeviceShelf sweeps them all into one merged device list. A “show all adapters” toggle surfaces the interfaces other scanners hide: VPN, VirtualBox, Hyper-V and Docker bridges.
DeviceShelf resolves the vendor (MAC OUI), hostname (DNS, mDNS/Bonjour, NetBIOS), OS (TTL, DHCP fingerprint) and device type automatically: router, computer, phone, printer, camera, NAS, IoT.
A prioritized risk report for the whole network: exposed dangerous services (Telnet, RDP, ADB, Docker API, Redis…), default-credential checks, weak TLS, known-CVE hints and camera/privacy flags, each with a fix and a 0–100 risk score.
Per device, enumerate open TCP/UDP ports with service detection and banner grabbing. Quick, Standard, Deep (1–1024) and Full (1–65535) profiles, plus slow/normal/aggressive timing; you decide between thorough and fast.
Background polling tracks which devices come and go and notifies you the moment an unknown device joins. Availability history with uptime and latency per device, perfect for spotting intruders or flaky gear.
See live throughput per device so you can tell what's actually using the line right now. Find the streaming box, the backup that's saturating the uplink, or the chatty IoT gadget at a glance.
Go further on any device: TLS grading and certificate inspection, SSH key fingerprinting, SMB share enumeration, UPnP model/serial, SNMP system info and nmap-style HTTP enumeration of common admin paths.
See the real layout, not just a list. DeviceShelf reads LLDP/CDP and the switch bridge table over SNMP to map which device hangs off which switch port, and draws the links between your routers and switches.
Point your routers, switches and access points at DeviceShelf and read their logs in-app: a local syslog receiver (UDP/TCP, RFC 3164/5424). There's no cloud collector; the logs never leave your LAN.
Ping with aggregate stats, streaming traceroute, DNS lookups, a connectivity health check and a built-in speed test (latency, download, upload). The tools you'd otherwise juggle across five apps, in one place.
Power on compatible machines straight from the device list with a single tap. Great for waking a NAS, a desktop or a media server without getting up.
Export the device list to JSON or CSV, or generate a styled, shareable HTML report. Add custom names, notes and type overrides per device; they persist across scans. An optional local API and webhooks let you wire DeviceShelf into your own tooling.
The 24/7 server edition speaks the Model Context Protocol: connect Claude, Cursor or any MCP client and ask about your network in plain language: “what’s new since yesterday?”, “which certs expire soon?”. 26 tools, strictly local, read-only by default.
Scans, notes and reports stay on your device. The license is verified offline with an ed25519 signature, so normal use does not depend on a DeviceShelf cloud account or activation server.
The same scanning engine runs on macOS, Windows and Linux, with Android available as a direct download and iOS in TestFlight. The server edition adds 24/7 monitoring on Docker, Linux packages or Windows service.
AI, optional
Stuck on a device that's just a MAC address and an open port? Let AI name it from the network signals. Get a plain-language digest of your whole network, ask what's risky and why, and turn the security findings into step-by-step fixes. Everything is grounded in your real scan data, not in a generic checklist.
You bring your own key, and AI is entirely optional. Your prompts never touch our servers; they go directly from your device to the provider you picked. Prefer fully offline? Run a local model with Ollama.
No vendor lock-in. Switch providers in Settings → AI any time.
Private by default
A scan of your network is sensitive: it's a map of your home or office. DeviceShelf is built so that map never leaves your device unless you explicitly choose to send part of it.
Every scan result is stored locally on your device. There is no DeviceShelf cloud, no central database, nowhere for your network map to leak from.
You can run DeviceShelf without creating a profile. Purchases are tied to the buyer email for licensing, while scan data stays on the device that collected it.
No analytics, no phone-home, no anonymous metrics. The app does not report what you scan, what you find, or that you opened it.
Your license is verified locally with an ed25519 signature. There's no license server, no online activation, no check-in. It keeps working even fully offline.
Data leaves only when you turn a feature on or run an online tool: AI (to your provider), Fingerbank lookup, WAN-IP info, speed test and hop geolocation (Cloudflare & RIPE NCC), or webhooks you configure. Everything is off by default and clearly labeled.
Default scans are non-intrusive TCP-connect probes: they observe, they don't attack. You control depth and timing, from a quick sweep to a full deep scan.
It knows what it's looking at
DeviceShelf combines many signals to label each device with a type and a best guess at what it is: MAC vendor (OUI), DNS, mDNS/Bonjour, NetBIOS, SNMP, UPnP, TTL, DHCP fingerprint and open-port profiles.
Desktop and pocket
Android direct download now · iOS in TestFlight
The iOS and Android apps run the same scanning engine as the desktop, not a watered-down companion build. Walk around the house or office and scan from where you stand. One license covers every device you own.
iOS & Android
The mobile apps use the same scanning engine as desktop, so you can inspect a friend's Wi-Fi, an office network or a hotel LAN from the device in your hand.
A direct download, and that's how we ship it. We're not putting DeviceShelf on Google Play: for a local-first tool, the store's review hurdles and Google's grip on Android aren't a trade worth making. It's the same signed app: a 7-day free trial, then activate your license key.
Direct downloads like this one are under threat: starting in September 2026, Google plans to block Android apps from unverified developers. Learn more at keepandroidopen.org
Auto-updates, no store needed. Want the app to update itself? Add DeviceShelf to Obtainium. It watches the direct download and installs new versions for you, with no store account and no tracking. Add to Obtainium
Desktop, pocket, server
A headless server edition runs the same engine continuously in Docker, as a Debian/Ubuntu package, or as a Windows service. It keeps watching the networks you care about and alerts you the moment something changes. Covered by your existing license.
After start, open the dashboard on your LAN, paste the auto-generated token and configure scans, checks and alerts in the browser. New to the server edition? See the server guide.
Server edition included Run DeviceShelf as a self-hosted, always-on monitor with Docker, .deb or Windows service support. Open the server guide for installation, tokens, alerts and MCP setup.
Talk to us
We read every message and usually reply within a working day. For technical bugs, Help → Send feedback inside the app attaches useful context automatically. For everything else, use the form below.
Frequently asked
Locally, on the device that ran the scan. There is no DeviceShelf cloud and no account, so your network map never gets uploaded anywhere. You can export it yourself to JSON, CSV or an HTML report whenever you like.
No scan data leaves your device by default. DeviceShelf only sends scan traffic on your local network; nothing goes to the internet unless you explicitly use an online feature: AI (to the provider whose key you supplied), Fingerbank device lookups (fingerbank.org), WAN-IP info and the built-in speed test (Cloudflare), IP geolocation for WAN info and traceroute hops (stat.ripe.net, RIPE NCC), or webhooks you configure yourself. No analytics, no phone-home, no telemetry.
Scanning a network you own or administer is completely normal, and DeviceShelf's default scans are lightweight, read-only TCP-connect probes: they observe rather than attack. Only scan networks you have permission to scan.
DeviceShelf is built for users who prefer a local-first desktop and mobile scanner without an account, telemetry or subscription. Fing offers its own app ecosystem and subscription plans; DeviceShelf focuses on local network visibility, offline licensing and one-time pricing.
Yes, and AI is entirely optional: the scanner works fully without it. Drop in your Anthropic / OpenAI / Azure OpenAI / OpenRouter / Mistral / Groq / Gemini key, or run Ollama locally for fully offline AI. Your prompts always go directly from your device to your chosen provider.
Yes: the 24/7 server edition (from 1.5.3) includes a local MCP server. Any MCP-capable client (Claude Desktop & Code, Cursor, VS Code, Windsurf, Cline, Gemini CLI) can query your live inventory, alarms and security findings, 26 tools in total. Strictly local, off by default, read-only unless you explicitly allow actions, and included in every paid license. See the connection guide.
One license = one registered user. The license is personal to the buyer and bound to the email address used at checkout; it may not be shared between multiple people. That user can use the same key on every Mac, PC, Linux box, iPhone and Android device they own.
Yes: a 7-day free trial with full features, no credit card required. After that it's a one-time €59 purchase. No subscription, ever.
Yes. Your purchase is yours to keep; there's no subscription and nothing to renew. v1 keeps improving: every 1.x update brings new features and fixes, free of charge, and we'll keep delivering them for as long as the operating systems allow. No software runs on every future OS forever, but we plan to support v1 for a long time. There's no upgrade treadmill: a future v2 would be a major new generation, years away, and an entirely optional paid upgrade — and you can keep using your v1 either way.
14 days, money-back, no questions asked. Email [email protected] from the address you bought with.
Desktop: macOS, Windows and Linux are available now. Mobile: Android is available as a direct APK download, and iOS is in TestFlight. The same scanning engine runs across platforms, and your single license covers desktop, mobile and server edition.
Yes: the headless server edition is part of DeviceShelf. It runs continuous, always-on monitoring without a GUI in Docker, via .deb, or on Windows Server / Windows 11 for networks you want watched around the clock. It is covered by your existing license: same key, no extra cost.
Yes. For teams, MSPs and privacy-conscious businesses we take on sponsored feature development: custom reports, deployment options, integrations and offline-licensing scenarios. It stays local-first, with no telemetry and no hidden cloud. See the Business & sponsored features page, or email [email protected].
Weighing your options? Compare DeviceShelf with Fing, LanScan Pro, Advanced IP Scanner & Angry IP Scanner →
Need 24/7 monitoring? Compare DeviceShelf Server with Uptime Kuma, PRTG & Zabbix →
Local-first by design
Every scan, every device, every note lives on your device. There's no DeviceShelf server holding a copy, so there's nothing to breach, subpoena or sell. You own the data and you can wipe or export it any time.
You can scan without a DeviceShelf account. A paid license is tied to the checkout email, but the app does not build a cloud profile from your network activity.
No analytics, no phone-home, no "anonymous metrics". The app doesn't report what you scan, what it finds, or even that you launched it.
AI is optional. When you use it, your provider key stays on your device and prompts go straight to the provider you chose. We never see them, and we host no model of our own.
Pricing
One personal license for the buyer email used at checkout: install it on every device that user owns, including desktop, Android direct download, iOS TestFlight and the server edition. DeviceShelf is a one-time purchase instead of a monthly scanner subscription. Your v1 copy keeps receiving free 1.x updates for as long as the operating systems allow; a future v2 would be an optional paid upgrade. AI runs on your own provider key.
Good to know: DeviceShelf scans the local network the device is connected to. Run it on the Wi-Fi/LAN you want to inspect. Only scan networks you own or are allowed to scan.
€59 once, incl. VAT. v1 is yours to keep, every 1.x update included.
Includes the full v1 package: desktop now, mobile apps as they ship, and the 24/7 server edition. AI-ready with your own provider key.
For homelabs, small offices, consultants and privacy-conscious power users.
DeviceShelf + ServerShelf, once, incl. VAT.
The local infrastructure bundle: map the network, then manage the servers behind it.
For homelabs and small teams that own both the LAN and the machines running on it.
Company or MSP missing a specific feature? Business & sponsored features
Honest expectations
Please read this before you buy. It saves both of us a refund.
Everything core works on all three desktop platforms. A few capture and Wi-Fi features depend on the OS:
| Feature | macOS | Windows | Linux |
|---|---|---|---|
| Network scan & device discovery | ✓ | ✓ | ✓ |
| Open ports & security report | ✓ | ✓ | ✓ |
| AI device ID & chat | ✓ | ✓ | ✓ |
| Deep probes (TLS, SSH, SMB, HTTP) | ✓ | ✓ | ✓ |
| Traceroute, ping, DNS, speed test, Wake-on-LAN | ✓ | ✓ | ✓ |
| Snapshots, favorites, tags, export | ✓ | ✓ | ✓ |
| Live bandwidth per device 1 | ✓ | ✓ | ✓ |
| Passive DHCP fingerprinting 1 | ✓ | — | ✓ |
| Nearby Wi-Fi scan (SSID, signal) 2 | ✓ | — | — |
Beyond the desktop, a headless 24/7 server edition runs the same engine on Linux/Windows/Docker: continuous monitoring, no GUI. Server guide →
7-day free trial, no account, no credit card required. macOS is notarized; Windows & Linux are unsigned (you can verify everything on the privacy page).
| x86-64 · amd64 | ARM64 | |
|---|---|---|
| .deb Debian/Ubuntu | Download | Download |
| .rpm Fedora/openSUSE | Download | Download |
| AppImage any distro | Download | Download |
Debian/Ubuntu & ARM: .deb · Fedora/openSUSE: .rpm · any distro: AppImage. Pick arm64 for Raspberry Pi / ARM.
curl -fsSL https://downloads.deviceshelf.app/apt/key.gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/deviceshelf.gpg
echo "deb [signed-by=/usr/share/keyrings/deviceshelf.gpg] https://downloads.deviceshelf.app/apt stable main" | sudo tee /etc/apt/sources.list.d/deviceshelf.list
sudo apt update && sudo apt install deviceshelf
sudo curl -fsSL -o /etc/yum.repos.d/deviceshelf.repo https://downloads.deviceshelf.app/rpm/deviceshelf.repo
sudo dnf install deviceshelf
No GUI: it installs as a background service on Windows Server / Windows 11, Docker, or Debian/Ubuntu/Fedora. Same engine, continuous monitoring, dashboard & API.
Server Edition: downloads & setup →📱 Android is available as a direct APK download; iOS is in TestFlight.
Shelf Bundle
DeviceShelf finds every device on your LAN. ServerShelf shows what runs on the machines you manage: SSH inventory, updates, Docker, certificates, uptime and AI log triage.