The local-first network scanner

Know every device
on your network.

One click maps your whole network: every connected device, what it is, which ports are open and where the risk is. DeviceShelf keeps that map local, then warns you when something new appears.

Then €59 once. No subscription.

Desktop: Mac, Windows & Linux · Mobile: Android now, iOS in TestFlight · Server: Docker, .deb & Windows service

DeviceShelf — Network
DeviceShelf showing discovered devices, vendors and open services on a local network

Included: desktop app, mobile apps and 24/7 server edition · one license covers them all

From unknown IPs
to named devices.

For anyone who wants to know, fast: what's on the network, what each device is, and what's a risk.

Who builds this

DeviceShelf is built by one person.

I am Christof. I built DeviceShelf because I wanted to know what was on my network without opening an account or handing my device list to someone else’s server. The tools I had at the time did one or the other.

The product still works that way. There is no DeviceShelf server storing your scans, no telemetry, and no investors who will eventually want a data business. DeviceShelf is sold directly and paid for by its licences.

Christof, developer of DeviceShelf

Features

Scan, identify, monitor.

DeviceShelf starts with a read-only LAN scan, enriches each device with names and signals, then turns the result into monitoring, reports and practical security findings.

🔍

One-click network scan

Point it at your Wi-Fi or LAN and hit scan. A fast, read-only TCP-connect sweep finds every responding device in seconds and keeps the list fresh on every rescan. It needs no setup, no agents, no router login.

🔀

Scan every interface at once

Multi-homed? Select several adapters (Wi-Fi, Ethernet, VLANs) and DeviceShelf sweeps them all into one merged device list. A “show all adapters” toggle surfaces the interfaces other scanners hide: VPN, VirtualBox, Hyper-V and Docker bridges.

🧬

Deep device identification

DeviceShelf resolves the vendor (MAC OUI), hostname (DNS, mDNS/Bonjour, NetBIOS), OS (TTL, DHCP fingerprint) and device type automatically: router, computer, phone, printer, camera, NAS, IoT.

🛡

Built-in security report

A prioritized risk report for the whole network: exposed dangerous services (Telnet, RDP, ADB, Docker API, Redis…), default-credential checks, weak TLS, known-CVE hints and camera/privacy flags, each with a fix and a 0–100 risk score.

🔌

Open ports & services

Per device, enumerate open TCP/UDP ports with service detection and banner grabbing. Quick, Standard, Deep (1–1024) and Full (1–65535) profiles, plus slow/normal/aggressive timing; you decide between thorough and fast.

📈

Presence monitoring & alerts

Background polling tracks which devices come and go and notifies you the moment an unknown device joins. Availability history with uptime and latency per device, perfect for spotting intruders or flaky gear.

📊

Per-device bandwidth

See live throughput per device so you can tell what's actually using the line right now. Find the streaming box, the backup that's saturating the uplink, or the chatty IoT gadget at a glance.

How to enable live bandwidth →

🔬

Deep probes

Go further on any device: TLS grading and certificate inspection, SSH key fingerprinting, SMB share enumeration, UPnP model/serial, SNMP system info and nmap-style HTTP enumeration of common admin paths.

🗺️

Physical topology map

See the real layout, not just a list. DeviceShelf reads LLDP/CDP and the switch bridge table over SNMP to map which device hangs off which switch port, and draws the links between your routers and switches.

🪵

Built-in syslog server

Point your routers, switches and access points at DeviceShelf and read their logs in-app: a local syslog receiver (UDP/TCP, RFC 3164/5424). There's no cloud collector; the logs never leave your LAN.

🧰

Diagnostics toolbox

Ping with aggregate stats, streaming traceroute, DNS lookups, a connectivity health check and a built-in speed test (latency, download, upload). The tools you'd otherwise juggle across five apps, in one place.

Wake-on-LAN

Power on compatible machines straight from the device list with a single tap. Great for waking a NAS, a desktop or a media server without getting up.

📤

Export & shareable reports

Export the device list to JSON or CSV, or generate a styled, shareable HTML report. Add custom names, notes and type overrides per device; they persist across scans. An optional local API and webhooks let you wire DeviceShelf into your own tooling.

🤖

MCP server for your AI

The 24/7 server edition speaks the Model Context Protocol: connect Claude, Cursor or any MCP client and ask about your network in plain language: “what’s new since yesterday?”, “which certs expire soon?”. 26 tools, strictly local, read-only by default.

Connect your AI agent →

🔒

Local-first & private

Scans, notes and reports stay on your device. The license is verified offline with an ed25519 signature, so normal use does not depend on a DeviceShelf cloud account or activation server.

📱

Desktop & mobile

The same scanning engine runs on macOS, Windows and Linux, with Android available as a direct download and iOS in TestFlight. The server edition adds 24/7 monitoring on Docker, Linux packages or Windows service.

AI, optional

Ask AI about
your real scan data.

Stuck on a device that's just a MAC address and an open port? Let AI name it from the network signals. Get a plain-language digest of your whole network, ask what's risky and why, and turn the security findings into step-by-step fixes. Everything is grounded in your real scan data, not in a generic checklist.

  • Identify unknown devices from their network fingerprint
  • Natural-language digest of your whole network
  • Security advice & concrete remediation steps
  • Grounded chat: ask questions about your scan
  • Server edition: plug Claude, Cursor or any AI agent into your live network via the built-in MCP server

You bring your own key, and AI is entirely optional. Your prompts never touch our servers; they go directly from your device to the provider you picked. Prefer fully offline? Run a local model with Ollama.

Supported AI providers

Anthropic Claude · you provide the API key
OpenAI GPT-4 / GPT-5 · you provide the API key
OpenRouter 300+ models · you provide the API key
Mistral EU-hosted · you provide the API key
Groq Fast inference · you provide the API key
Google Gemini Gemini 1.5 / 2 · you provide the API key
Azure OpenAI Microsoft-hosted GPT · you provide the API key
Ollama Fully local · no API key, no network

No vendor lock-in. Switch providers in Settings → AI any time.

Private by default

Your network map stays yours.

A scan of your network is sensitive: it's a map of your home or office. DeviceShelf is built so that map never leaves your device unless you explicitly choose to send part of it.

Local-first by design

Every scan result is stored locally on your device. There is no DeviceShelf cloud, no central database, nowhere for your network map to leak from.

Install, scan, stay local

You can run DeviceShelf without creating a profile. Purchases are tied to the buyer email for licensing, while scan data stays on the device that collected it.

Zero telemetry

No analytics, no phone-home, no anonymous metrics. The app does not report what you scan, what you find, or that you opened it.

Offline ed25519 license check

Your license is verified locally with an ed25519 signature. There's no license server, no online activation, no check-in. It keeps working even fully offline.

Opt-in outbound only

Data leaves only when you turn a feature on or run an online tool: AI (to your provider), Fingerbank lookup, WAN-IP info, speed test and hop geolocation (Cloudflare & RIPE NCC), or webhooks you configure. Everything is off by default and clearly labeled.

Lightweight, read-only scans

Default scans are non-intrusive TCP-connect probes: they observe, they don't attack. You control depth and timing, from a quick sweep to a full deep scan.

It knows what it's looking at

Recognizes the things on your network.

DeviceShelf combines many signals to label each device with a type and a best guess at what it is: MAC vendor (OUI), DNS, mDNS/Bonjour, NetBIOS, SNMP, UPnP, TTL, DHCP fingerprint and open-port profiles.

🌐 Router / Gateway
💻 Computer
📱 Phone / Tablet
🖨 Printer
📷 Camera
💾 NAS
📺 TV / Streaming
🔊 Smart speaker
🎮 Game console
💡 Smart home / IoT
🖥 Server
❓ Unknown → ask AI

Desktop and pocket

The full scanner, on your phone too.

Android direct download now · iOS in TestFlight

The iOS and Android apps run the same scanning engine as the desktop, not a watered-down companion build. Walk around the house or office and scan from where you stand. One license covers every device you own.

iOS & Android

Scan from the room you're in.

The mobile apps use the same scanning engine as desktop, so you can inspect a friend's Wi-Fi, an office network or a hotel LAN from the device in your hand.

  • Full network scan & device identification on-device
  • Security report and open-port view on the go
  • Presence alerts when an unknown device joins
  • Export and share a report straight from your phone

A direct download, and that's how we ship it. We're not putting DeviceShelf on Google Play: for a local-first tool, the store's review hurdles and Google's grip on Android aren't a trade worth making. It's the same signed app: a 7-day free trial, then activate your license key.

Direct downloads like this one are under threat: starting in September 2026, Google plans to block Android apps from unverified developers. Learn more at keepandroidopen.org

Auto-updates, no store needed. Want the app to update itself? Add DeviceShelf to Obtainium. It watches the direct download and installs new versions for you, with no store account and no tracking. Add to Obtainium

How to install
  1. Tap Download. Your browser asks once to allow installing apps. Tap Allow.
  2. Open the downloaded DeviceShelf .apk file.
  3. Tap Install. That's it.

Desktop, pocket, server

The full scanner, running 24/7.

A headless server edition runs the same engine continuously in Docker, as a Debian/Ubuntu package, or as a Windows service. It keeps watching the networks you care about and alerts you the moment something changes. Covered by your existing license.

DeviceShelf Server dashboard with live device inventory and timeline
DeviceShelf Server SLA and uptime report
Self-hosted monitor Inventory, uptime, alerts and reports from one always-on collector.
Live device inventory Continuous LAN scans with vendors, hostnames, device types, open ports, response times and change history.
Infrastructure health SNMP CPU/RAM/disk, temperature and fan readings, plus Docker containers, Proxmox nodes/guests and NAS RAID health.
Checks and heartbeats Ping, TCP, HTTP, SNMP, database probes and push monitors for cron jobs, backups and small services.
Actionable alerts Email/SMTP, ntfy, Gotify and webhooks with quiet hours, maintenance windows, dependencies and digest batching.
Reports and status Uptime %, daily availability bars, CSV export and an optional public read-only status page.
API, Prometheus and MCP Script it through REST, scrape `/metrics`, or let a local AI agent answer questions from the live inventory.

After start, open the dashboard on your LAN, paste the auto-generated token and configure scans, checks and alerts in the browser. New to the server edition? See the server guide.

Server edition included Run DeviceShelf as a self-hosted, always-on monitor with Docker, .deb or Windows service support. Open the server guide for installation, tokens, alerts and MCP setup.

Talk to us

Questions, bugs or business?

We read every message and usually reply within a working day. For technical bugs, Help → Send feedback inside the app attaches useful context automatically. For everything else, use the form below.

Or email [email protected] directly.

Frequently asked

What people ask before buying.

Where is my scan data stored?

Locally, on the device that ran the scan. There is no DeviceShelf cloud and no account, so your network map never gets uploaded anywhere. You can export it yourself to JSON, CSV or an HTML report whenever you like.

Does DeviceShelf send my data anywhere?

No scan data leaves your device by default. DeviceShelf only sends scan traffic on your local network; nothing goes to the internet unless you explicitly use an online feature: AI (to the provider whose key you supplied), Fingerbank device lookups (fingerbank.org), WAN-IP info and the built-in speed test (Cloudflare), IP geolocation for WAN info and traceroute hops (stat.ripe.net, RIPE NCC), or webhooks you configure yourself. No analytics, no phone-home, no telemetry.

Is scanning my network safe and allowed?

Scanning a network you own or administer is completely normal, and DeviceShelf's default scans are lightweight, read-only TCP-connect probes: they observe rather than attack. Only scan networks you have permission to scan.

How does DeviceShelf compare to Fing?

DeviceShelf is built for users who prefer a local-first desktop and mobile scanner without an account, telemetry or subscription. Fing offers its own app ecosystem and subscription plans; DeviceShelf focuses on local network visibility, offline licensing and one-time pricing.

Can I bring my own AI key?

Yes, and AI is entirely optional: the scanner works fully without it. Drop in your Anthropic / OpenAI / Azure OpenAI / OpenRouter / Mistral / Groq / Gemini key, or run Ollama locally for fully offline AI. Your prompts always go directly from your device to your chosen provider.

Can I connect my AI assistant (Claude, Cursor, …)?

Yes: the 24/7 server edition (from 1.5.3) includes a local MCP server. Any MCP-capable client (Claude Desktop & Code, Cursor, VS Code, Windsurf, Cline, Gemini CLI) can query your live inventory, alarms and security findings, 26 tools in total. Strictly local, off by default, read-only unless you explicitly allow actions, and included in every paid license. See the connection guide.

How many devices can I install on?

One license = one registered user. The license is personal to the buyer and bound to the email address used at checkout; it may not be shared between multiple people. That user can use the same key on every Mac, PC, Linux box, iPhone and Android device they own.

Is there a free trial?

Yes: a 7-day free trial with full features, no credit card required. After that it's a one-time €59 purchase. No subscription, ever.

Will my version keep getting updates?

Yes. Your purchase is yours to keep; there's no subscription and nothing to renew. v1 keeps improving: every 1.x update brings new features and fixes, free of charge, and we'll keep delivering them for as long as the operating systems allow. No software runs on every future OS forever, but we plan to support v1 for a long time. There's no upgrade treadmill: a future v2 would be a major new generation, years away, and an entirely optional paid upgrade — and you can keep using your v1 either way.

Refund policy?

14 days, money-back, no questions asked. Email [email protected] from the address you bought with.

Which platforms are supported?

Desktop: macOS, Windows and Linux are available now. Mobile: Android is available as a direct APK download, and iOS is in TestFlight. The same scanning engine runs across platforms, and your single license covers desktop, mobile and server edition.

Can I run DeviceShelf 24/7 on a server?

Yes: the headless server edition is part of DeviceShelf. It runs continuous, always-on monitoring without a GUI in Docker, via .deb, or on Windows Server / Windows 11 for networks you want watched around the clock. It is covered by your existing license: same key, no extra cost.

Can you build a custom feature for my company?

Yes. For teams, MSPs and privacy-conscious businesses we take on sponsored feature development: custom reports, deployment options, integrations and offline-licensing scenarios. It stays local-first, with no telemetry and no hidden cloud. See the Business & sponsored features page, or email [email protected].

Weighing your options? Compare DeviceShelf with Fing, LanScan Pro, Advanced IP Scanner & Angry IP Scanner →

Need 24/7 monitoring? Compare DeviceShelf Server with Uptime Kuma, PRTG & Zabbix →

Local-first by design

Your network map never leaves your devices.

🗄 Stored locally, full stop

Every scan, every device, every note lives on your device. There's no DeviceShelf server holding a copy, so there's nothing to breach, subpoena or sell. You own the data and you can wipe or export it any time.

🙈 Minimal account surface

You can scan without a DeviceShelf account. A paid license is tied to the checkout email, but the app does not build a cloud profile from your network activity.

🚫 Zero telemetry

No analytics, no phone-home, no "anonymous metrics". The app doesn't report what you scan, what it finds, or even that you launched it.

🔑 Bring your own AI keys

AI is optional. When you use it, your provider key stays on your device and prompts go straight to the provider you chose. We never see them, and we host no model of our own.

Pricing

Buy once. Use v1 forever.

One personal license for the buyer email used at checkout: install it on every device that user owns, including desktop, Android direct download, iOS TestFlight and the server edition. DeviceShelf is a one-time purchase instead of a monthly scanner subscription. Your v1 copy keeps receiving free 1.x updates for as long as the operating systems allow; a future v2 would be an optional paid upgrade. AI runs on your own provider key.

Good to know: DeviceShelf scans the local network the device is connected to. Run it on the Wi-Fi/LAN you want to inspect. Only scan networks you own or are allowed to scan.

Best value

Shelf Bundle

€89 once

DeviceShelf + ServerShelf, once, incl. VAT.

The local infrastructure bundle: map the network, then manage the servers behind it.

For homelabs and small teams that own both the LAN and the machines running on it.

  • ✓ DeviceShelf: LAN devices, ports, topology and security report
  • ✓ ServerShelf: SSH inventory, updates, Docker, TLS/Uptime and AI log triage
  • ✓ Local-first apps: no account, no telemetry, no subscription
  • ✓ 1 registered user, bound to the checkout email, for both apps
  • ✓ 7-day DeviceShelf trial included
Get the bundle for €89 See ServerShelf ↗

Company or MSP missing a specific feature? Business & sponsored features

Honest expectations

What DeviceShelf is and isn't.

Please read this before you buy. It saves both of us a refund.

✓ What it is

  • A universal network scanner that discovers every device on the LAN/Wi-Fi you're connected to.
  • A device identifier: vendor, hostname, OS and type from many combined signals.
  • A port scanner with service detection and configurable scan profiles.
  • A security report with risk scoring, exposed-service and default-credential checks and CVE hints.
  • A monitor that watches for new devices and tracks presence and bandwidth.
  • An optional AI assistant that names unknown devices and explains the risks (bring your own key).
  • A 24/7 server edition that runs headless on Linux/Windows/Docker for always-on monitoring, covered by the same license.

✗ What it isn't

  • Not a cloud service: there's no account and nothing is uploaded; it all runs on your device.
  • Not a WAN/internet scanner: it maps the local network you're on, not the public internet.
  • Not a penetration-testing or exploit tool: it observes and reports, it doesn't attack devices.
  • Not a full 24/7 IDS/SIEM like a dedicated security appliance: monitoring is poll-based.
  • Not a router replacement: it doesn't change your network config; it tells you what's on it.
  • Not compliance-certified: we make privacy claims and document them, but hold no SOC2 / ISO 27001 audit.

⚙ Requirements

  • Desktop: macOS 12+, Windows 10 or 11, or a modern Linux. Small download, light on RAM.
  • Mobile: iOS 13+ or Android 7.0+. Connect to the Wi-Fi you want to scan.
  • Network: just be connected to the LAN/Wi-Fi you want to inspect; no router login, no config changes.
  • AI features (optional): an API key from Anthropic, OpenAI, Azure OpenAI, OpenRouter, Mistral, Groq or Gemini, or run Ollama locally. No key means no AI; everything else still works.
  • Bandwidth monitoring: on desktop, live per-device throughput may need elevated privileges.

See full platform support →

Shelf Bundle

One view for the network. One cockpit for the servers.

DeviceShelf finds every device on your LAN. ServerShelf shows what runs on the machines you manage: SSH inventory, updates, Docker, certificates, uptime and AI log triage.