Network monitoring and security — self-hosted, from your own server.
¿Hablas español? Lee la documentación completa aquí.
LANGuard is a self-hosted web application for advanced scanning and monitoring of your local network. It combines Nmap and ARP to identify every connected device, classify them as trusted or untrusted, and instantly alert you via Telegram if something suspicious shows up.
No manual network interface configuration required — LANGuard auto-detects the network segment it runs on. All data is stored locally with SQLite, no cloud dependencies.
Dashboard
Scanning
History
Dark mode
| Category | Details |
|---|---|
| Scanning | Auto-detects network segment, Nmap + ARP, configurable scan interval |
| Dashboard | Stat cards (total / trusted / untrusted) with live animated counters |
| Devices | Custom names, manufacturer lookup, port scanning per device |
| Trust management | Mark/unmark devices as trusted directly from the table or the side panel |
| History | Full connection/disconnection log with auto-refresh and MAC filter |
| Alerts | Real-time Telegram notifications for untrusted devices |
| Profile | Display name, email and password change from the profile side panel |
| UI | Dark mode, ES/EN language switch, responsive sidebar, slide-in panels |
| Storage | Lightweight SQLite — no external database needed |
Create a .env file in the same directory:
SECRET_KEY=your_secure_key_hereGenerate a secure key with:
openssl rand -hex 32services:
languard:
container_name: LANGuard
image: netosvaltools/languard:latest
environment:
SECRET_KEY: ${SECRET_KEY}
volumes:
- /etc/localtime:/etc/localtime:ro
- ./data:/app/data
network_mode: "host"
cap_add:
- NET_RAW
- NET_ADMIN
restart: unless-stoppeddocker compose up -d
⚠️ network_mode: hostis required for LAN scanning. ChangeSECRET_KEYbefore going to production.
Open the web interface from your browser using the server's IP on port 5555:
http://<server-IP>:5555
Default credentials:
| Field | Value |
|---|---|
| Username | admin@example.com |
| Password | admin |
⚠️ Change your password immediately after the first login.
LANGuard uses slide-in panels instead of cluttering the main view:
- History — connection/disconnection timeline, filterable by MAC and event type
- Trusted Devices — full list with inline name editing, add/remove without reload
- Profile — display name, credentials (email + password), session info
docker compose pull
docker compose up -d| Variable | Description | Required |
|---|---|---|
SECRET_KEY |
Secret key for session encryption | ✅ Yes |
The access log is stored at:
/app/data/accesos.log
Never expose the admin interface directly to the internet. If you need remote access, use a VPN such as WireGuard, OpenVPN, or Tailscale.
This project was born from a passion for networking, cybersecurity, and homelabs. Built with the help of AI tools as a personal project, with the goal of creating useful, real, self-hosted solutions for those who — like me — enjoy running their own home infrastructure.