Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go

1/23/2026 at 11:54:53 AM

I've been working on a LAN discovery tool with a Terminal User Interface (TUI) written entirely in Go. It's called Whosthere, and it's designed to help you explore devices on your local network without requiring elevated privileges.

It works by combining several discovery methods:

- mDNS and SSDP scanning

- ARP cache reading (after triggering ARP resolution via TCP/UDP sweeps)

- OUI lookups to identify device manufacturers

It also includes:

- A fast, keyboard-driven TUI (powered by tview)

- An optional built-in port scanner

- Daemon mode with a simple HTTP API to fetch devices

- Configurable theming and behavior via a YAML config file

Why I built it:

Mainly to learn, I've been programming in Go for about a year now and wanted to combine learning Go with learning more about networking in one single project. I've always been a big fan of TUI applications like lazygit, k9s, and dive. And then the idea came to build a TUI application that shows devices on your LAN. I am by no means a networking expert, but it was fun to figure out how ARP works, and discovery protocols such as mDNS and SSDP.

Example usage:

---

# install via HomeBrew brew tap ramonvermeulen/whosthere brew install whosthere

# or with go install go install github.com/ramonvermeulen/whosthere@latest

# run as TUI whosthere

# run as daemon whosthere daemon --port 8080

---

I'd love to hear your feedback, if you have ideas for additional features or improvements that is highly appreciated! Current platform support is Linux and MacOS.

by rvermeulen98

1/23/2026 at 3:18:10 PM

Very nice tool :-)

It would be great it it could show the reverse lookup of the IPs as on my LAN everything has a name and if it hasn't then it is probably an interloper!

by nickcw

1/23/2026 at 4:35:18 PM

This looks great! I've been searching for something like this for ever.

Some feedback of what I found on my network, as compared to some other scanners I've used.

I've never seen anything that can beat Advanced IP Scanner at finding hostnames. I've never even found a way to get arp or nmap to get close to Advanced IP Scanner; I've tried dozens of suggested commands of each, all with no luck. Here's the results of my scans:

Alive hosts: 309

Unkown: 201

With hostnames: 80

https://www.advanced-ip-scanner.com/

####################################

I also tried a program called Angry IP Scanner:

Hosts scanned: 510

Hosts alive: 315

With hostnames: 75

https://angryip.org/

####################################

whosthere

Devices: 318

With hostnames: 54

by N3802E

1/23/2026 at 4:16:11 PM

Installed on raspbian, works wonders, much better than the thing i vibecoded yesterday. One feature I'd like: recording new arrivals to a log with all the info so it can be used as a barebones IDS

by genericacct

1/23/2026 at 4:44:17 PM

Looks great!! I had the same idea a few days ago and am so glad you posted this now! I will be using it and will let you know of any feedback. So far works great on my network!

by alphax314

1/23/2026 at 7:01:04 PM

Why the X11 dependency if it's a TUI? I was expecting ncurses.

by M95D

1/23/2026 at 7:12:10 PM

It says in the read me that X11 is required for clipboard functionality.

by bestham

1/23/2026 at 7:14:18 PM

There's a famous quote:

  Those who cannot remember nmap are condemned to remake it poorly

Rootless nmap scan of a /24 in under 10 seconds:

  nmap -T5 -sn -PR --script broadcast-dns-service-discovery,broadcast-upnp-info 10.0.0.0/24
  …SNIP…
  Nmap done: 256 IP addresses (30 hosts up) scanned in 9.99 seconds

https://nmap.org/book/toc.html

by mmh0000

1/23/2026 at 8:26:15 PM

I like nmap and use it often. The linked tool seems to be doing different or additional things vs nmap.

What makes you think it’s not learning from/remembering nmap?

by zbentley

1/23/2026 at 9:02:24 PM

That nmap command does the same thing as the author's command, except for the UI, for which there are dozens of nmap-uis available.

by mmh0000

1/23/2026 at 10:04:03 PM

But you've got to admit that OPs tool does it quicker, except if you like to memorize flags or already have a script specifically for this. And it's much nicer on the eye than most (all?) nmap-guis out of the box.

by sally_glance

1/23/2026 at 11:10:00 PM

It does it quicker if you already have this tool installed. nmap is everywhere.

by andrewxdiamond

1/23/2026 at 11:40:10 PM

The goal has never been to create something that can replace nmap, the goal was to learn more about networking and about building TUIs in Go. Honestly I am quite overwhelmed by the amount of traction it got today, definitely not what I expected.

I am very grateful for all the feedback and suggestions, and I will take my time to evaluate every comment. In the coming weeks I will try to implement most of the feedback and do releases to improve the tool further, thanks everyone!

by rvermeulen98

1/24/2026 at 1:59:44 AM

LLDP and CDP would like a chat

by gerdesj

1/23/2026 at 2:15:25 PM

Overall good work. I'd request an `-i` command-line parameter to specify the interface to scan (and I'd prefer ALL params being able to be read from command line params). I think it just performs a full scan initially on my laptop, following scans either didn't success or didn't involve TCP connect scan (I don't see ARP requests after the initial scan).

by 84634E1A607A

1/23/2026 at 2:36:53 PM

That's correct. To avoid overloading the local network, the initial scan has a built-in safeguard:

1. It only scans the subnet of the configured network interface.

2. The scan is limited to a maximum size of a /16 subnet.

3. It runs just once every 5 minutes (this interval should be made configurable, currently still hardcoded).

If a subnet larger than /16 is configured, whosthere will log a warning and only scan the first /16 portion of that subnet. As of now the network interface itself is configured via the YAML file. I agree it would be a good idea to add command-line flags for more of these settings to make them easier to adjust.

by rvermeulen98

1/24/2026 at 6:30:16 AM

This is hilarious, 5 years ago I built a very similar cli tool based on the same idea and with the same name (whosthere but in Polish, ktotu [0]). I wonder if you used AI to generate the project and the idea

Congrats for the execution, it looks more complete and feature rich and Go is a better choice for sure

[0] https://github.com/jmaczan/ktotu

by yu3zhou4

1/23/2026 at 2:52:44 PM

Surely a missed opportunity to name it “whogoesthere”

by mrcaramelpants

1/23/2026 at 6:22:53 PM

I was thinking more along the lines of whodat

by adzm

1/24/2026 at 4:37:38 AM

When i saw the name I read it as "whost here", and was exceptionally confused.

by pinkmuffinere

1/25/2026 at 11:28:48 AM

Or perhaps “New phone who dis?”

by cassianoleal

1/23/2026 at 4:53:20 PM

Does the Go standard library have unusually good TUI support or something? Am I just imagining the pattern of new TUIs being written in Go?

by zahlman

1/23/2026 at 5:41:11 PM

It compiles fast, starts up fast, and doesn't have a ton of hoops to jump through (ie borrower/checker in rust).

by cpuguy83

1/23/2026 at 5:03:01 PM

No, it really doesn't have anything TUI focused in stdlib. I get the reason why but it would be cool if they had something foundational in golang.org/x/

This project appears to be using github.com/rivo/tview which is is really solid.

by pstuart

1/23/2026 at 5:02:52 PM

The standard library doesn't have much for this, but Bubble Tea https://github.com/charmbracelet/bubbletea is behind many of the better Go TUIs. This one is using https://github.com/rivo/tview.

by jen20

1/23/2026 at 10:01:10 PM

Bubbletea has the unfortunate side effect of enforcing style/architecture on a project

Much like cobra (or was it viper) did for CLI switches

This is cool if that's what you like, but if you have your own thinking on layout/architecture then you're in for a world of pain.

I use rivo/tview in my projects, and like it, but it's not without its "quirks"

by awesome_dude

1/23/2026 at 5:04:34 PM

The charmbracelet folk are quite, um, charming, but when I tried to work with bubble tea on a multi pane project I found it unwieldy -- tview seemed much more straightforward.

by pstuart

1/24/2026 at 5:00:43 AM

Bubbletea can spell Go, an encouraging indicator vs tview.

by fulafel

1/23/2026 at 5:02:23 PM

Big missed opportunity to call it “Whose LAN is it anyway?”

by jasonjmcghee

1/23/2026 at 4:56:07 PM

Have you tried it on Tailscale at all? Could be super useful but sadly TS doesn't support mDNS: https://github.com/tailscale/tailscale/issues/1013

by apitman

1/24/2026 at 2:14:46 AM

Good skills - you are well on the way to Engineer with a capital E.

You cannot see network traffic.

You'd be amazed at how many people think they can diagnose a network fault without using tools like this. Everyone is an expert until they prove themselves to be a bit of a twit!

At layer 1 you have electrical issues to deal with and that will need some hardware. Obviously you need to pick your network model too. Here you'll go in with a couple of PCs/laptops and APIPA and/or a Fluke or a cheap network tester effort off of Amazon. Use what you have available.

After that you will need nmap and wireshark. LLDP and CDP are very handy too.

If you have to deal with a large network, I can highly recommend Netdisco.

by gerdesj

1/23/2026 at 4:52:00 PM

I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..

by vzaliva

1/23/2026 at 4:54:35 PM

> I wish it has a .deb package..

Generally speaking, the Debian package management system is really not a place I would look for prompt updates when new versions of software are released.

by zahlman

1/23/2026 at 5:55:30 PM

You might be confusing the .deb package format with the release cadence of the Debian Stable distribution.

by foresto

1/23/2026 at 5:43:04 PM

Why not? It works roughly the same as any other binary distribution format. Given that the project is written in go, it's also unlikely to have many dynamically linked dependencies.

by mzajc

1/23/2026 at 5:47:15 PM

“go install” does not have an update mechanism. I imagine most people using it would consider such an anti-feature; it is not a package manager.

I certainly don’t want programs I “go install” to change underneath me without notice or review. That’s basically handing ownership of your computer to a remote developer.

by sneak

1/24/2026 at 5:06:15 AM

> That's basically handling ownership of your computer to a remote developer.

System / application package updates??

by esseph

1/24/2026 at 7:39:38 PM

Compare the security resources of the median OS publisher with the median go package publisher.

An OS update from Debian, Apple, or Microsoft is not the same thing as a new version tag on a random go CLI app made by one person (or even a team of people).

Furthermore, while it is becoming much more common for OS package managers to autoupdate apps, it still isn’t the default state of affairs for most apps. OS updates are a different matter.

In any case, even without these comparisons, handing RCE to 20 organizations/developers/publishers is worse than handing it to 1 or 2.

by sneak

1/23/2026 at 8:09:03 PM

Just `git pull` and `go build` should work!

by yobert

1/25/2026 at 1:32:56 AM

this does not scale if you have 20-30 small utilities installed on your system.

by vzaliva

1/23/2026 at 4:34:18 PM

Using brew, I got "Apple could not verify `whosthere' is free of malware that may harm your Mac or compromise your privacy." [Move to Trash] [Done]

by GeoffKnauth

1/23/2026 at 4:43:00 PM

It just means that the binary is not notarised. You can go into Privacy & Security to override.

by cedws

1/23/2026 at 5:50:20 PM

Unsigned binaries on macOS have slowly but surely been marginalized more and more with scarier and scarier warnings and harder hoops to jump through. You can enable execution in the system settings “Privacy and Security” pane.

I’m sure this has nothing to do with Apple’s subscription-based (and government ID requiring) developer program membership which is the only way to get such signatures.

by sneak

1/23/2026 at 2:11:42 PM

I love the resurgence of TUI apps, but I wonder what the definition of "modern TUI" means in these cases. Does it basically mean just not using curses?

by petcat

1/23/2026 at 2:29:32 PM

It means it has a dependency on X11.

  $ go install github.com/ramonvermeulen/whosthere@latest
  # golang.design/x/clipboard
  clipboard_linux.c:14:10: fatal error: X11/Xlib.h: No such file or directory
    14 | #include <X11/Xlib.h>
       |          ^~~~~~~~~~~~
  compilation terminated.

by Daviey

1/23/2026 at 2:37:34 PM

That has nothing to do with the UI framework. The X11 dependency comes as part of the clipboard integration (which I'd argue should be optional or even removed). Still, I wouldn't call it modern if Wayland is outright not supported.

by fellerts

1/23/2026 at 2:53:57 PM

I think this is only a problem when building from source, right? It is indeed because of the dependency on https://github.com/golang-design/clipboard.

I hesitated a bit bringing in this feature. On one hand, I really like to have clipboard support, on the other hand, I don't like that it requires you to change from static to dynamic linking (and have the x11 dependency).

Maybe I could write an install.sh script for installation that detects the OS and fetches the correct version/tarball from the Github release.

by rvermeulen98

1/23/2026 at 3:03:03 PM

That library isn't going to support Wayland any time soon, and requiring CGO isn't ideal IMO. See this bug, https://github.com/golang-design/clipboard/issues/6

How about this PR? https://github.com/ramonvermeulen/whosthere/pull/29

It switches to using github.com/dece2183/go-clipboard, which supports Mac, Windows, Linux (X11 + Wayland) and Android.

by Daviey

1/23/2026 at 3:53:40 PM

Thanks a lot for your contribution, this is something I will look into in the upcoming days. I totally agree that CGO isn't ideal, I had to make the build/release process also a lot more complicated purely for that clipboard requirement (see GHAs and the different goreleaser files).

On the other hand, I also don't want whosthere to be depended on a fork that isn't maintained anymore. I will think about this trade-off, but I am also interested how others look at this problem.

by rvermeulen98

1/23/2026 at 3:41:48 PM

What's modern about Wayland?

by ok123456

1/23/2026 at 3:19:49 PM

Yikes, so it's a "TUI" app... that still requires a display server? So I can't run this TUI over SSH or a virtual terminal. Wondering what the point of a tui is that still requires a gui environment to run?

by petcat

1/23/2026 at 3:24:30 PM

Sorry, I was unhelpfully flippant. You totally can, and I don't want to distract from the great app that has been shared. This bug was just a compile time issue, which needed X libs to bake in clipboard support which is optional at runtime.

by Daviey

1/24/2026 at 10:38:11 AM

Just released version v0.2.1 eliminating the need for CGO, thanks for your contribution!

by rvermeulen98

1/23/2026 at 4:47:49 PM

this stopped me from go installing it too on nixos. I'm not gonna put the effort in to run it.

There should be a build tag to disable clipboard, that'd be the easiest way around this.

by sigmonsays

1/23/2026 at 7:25:30 PM

Same, I also had the same issue on NixOS :)

by Daviey

1/23/2026 at 2:55:43 PM

Good stuff, this saves me the trouble of going through router GUI. And remembering if it was 192.168.1.1 or 0.1 or what were the admin/root passwords.

by kapitanjakc

1/23/2026 at 10:20:43 PM

Looks great. Discovery.app is also useful if you’re mostly dealing with Apple / Bonjour-heavy networks. https://apps.apple.com/us/app/discovery-dns-sd-browser/id138...

by adi_kurian

1/24/2026 at 11:13:05 AM

Love how all these "modern" TUIs are basically replicating Turbo Vision, Clipper and curses.

by pjmlp

1/23/2026 at 4:33:56 PM

I'm also working on a Go TUI tool. Any reason you went with tcell instead of charmbracelet ecosystem?

by Evidlo

1/23/2026 at 4:44:19 PM

I started off using tview/tcell, and only later found out about bubbletea and the charmbracelet ecosystem. Then I didn't really find a solid reason to switch over to bubbletea. So far I really enjoyed the experience building the app with tview, the only real limitation I ran into was switching the theme at runtime, for which I had to build a custom mechanism.

by rvermeulen98

1/23/2026 at 4:05:33 PM

Busy building something similar with a view towards customising it for my LAN.

Specifically it needs to pull additional detail out of proxmox servers and opnsense plus deduce where things are physically based on latency.

Thats a whole lot easier if it doesn’t need to work universally & you can hardcode some assumptions

by Havoc

1/24/2026 at 2:03:08 AM

You forgot the most useful (and thus important) discovery tool of all:

  ping ff02::1%eth0

by eqvinox

1/23/2026 at 3:04:07 PM

Great tool, only thing I miss is it doesn't show SAMBA names.

by girishso

1/23/2026 at 9:58:01 PM

Looks nice. I'd love to have a way to select anything on the screen or at least have a button to copy more info, like manufacturer name of a found device.

by jarek83

1/23/2026 at 1:34:50 PM

It says 'Open ports: (None)' for all devices on my network, despite there being open ports on many of them (MacOS Tahoe 26.2 / installed via go)

by Anonbrit

1/23/2026 at 2:38:17 PM

It doesn't start port scanning by default, maybe this is a feature I can build in the future. When you are on the `detail` view of a device, you can press `p` and that will open a pop-up to perform the port scan. Also the list of ports that will be scanned is a default list of common ports, and can be configured via the configuration yaml.

by rvermeulen98

1/23/2026 at 7:15:09 PM

In that case maybe print something different for unscanned hosts than „Open ports: None“?

Nice tool!

by 47282847

1/23/2026 at 5:45:27 PM

Love it! I already have some ideas for additional improvements, might jump in and contribute a PR or two.

Great work.

by sneak

1/23/2026 at 3:58:36 PM

I hope browsers could support mDNS or SSDP. We need an Intranet browser!

by est

1/23/2026 at 1:43:02 PM

this is great! i had to tweak the config file on macos because it was using some weird interface (utun4) instead of en0. otherwise awesome tool, i am definitely going to be using this more often.

by coolius

1/23/2026 at 2:46:23 PM

Thanks, I am glad you like it! I couldn't find a Go API that just returns the OS "default" network interface, so struggled a bit with a correct implementation for that part.

When reading some blog posts, I found often a solution where it sends out an UDP dial to for example 8.8.8.8:53 because you can then get the network interface back from the connection it's local address. As fallback I implemented to pick the first non-loopback interface that is up.

Would be open to suggestions to do this in a better way!

by rvermeulen98

1/23/2026 at 2:59:57 PM

I think this package does exactly what you need: https://pkg.go.dev/github.com/google/gopacket/routing. Works on my machine (error handling left to the reader)

    router, _ := routing.New()
    iface, _, _, _ := router.Route(net.ParseIP("8.8.8.8"))
    fmt.Println(iface.Name)

this prints my Ethernet interface as expected. It doesn't make any requests, it just figures out where to route a packet. I guess it interfaces with the OS routing table.

by fellerts

1/23/2026 at 3:30:54 PM

Thanks for sharing! This is definitely something I will look into, I am all in favor to simplify the current implementation of finding the "default" OS network interface.

by rvermeulen98

1/23/2026 at 5:46:38 PM

You'd better use the default route and not some random IP, particularly DNS IPs which people often meddle with.

  # IPv4 default route only
  uname
  Darwin$ route -n get 0.0.0.0 | grep interface | cut -d ':' -f2
  Linux$ route -nv  |grep ^0.0.0.0 | awk '{print $NF}'

by contingencies

1/24/2026 at 4:55:22 AM

Seems IPv4-only, which most LANs aren't since a good while.

by fulafel

1/24/2026 at 5:07:08 AM

You might be fortunate enough to work in forward-thinking workplaces, because I see very little IPv6 adoption outside of mobile. I work with a lot of small/medium business clients and pretty much all of them are still on some flavour of RFC1918 behind NAT

by SturgeonsLaw

1/24/2026 at 5:09:33 AM

Have a look at the traffic on your network with tcpdump, you might be surprised what's going on even if you don't have IPv6 internet connectivity.

But yeah, bigcorp managed networks still often make do with v4 routing only. Besides mobile, homes and SOHO are more likely to have current internet access.

by fulafel

1/23/2026 at 10:24:23 PM

I read the title as "W host here"

by pimlottc

1/24/2026 at 12:33:13 PM

Great tool, I will test the tool

by dalton_zk

1/24/2026 at 11:38:32 AM

Neat! Others have pointed out nmap, but hey, a project may look similar at first but evolve into something entirely different. For a few years I have slowly worked on a network analysis tool. It started out as a way to learn a few concepts better, make a prettier TUI app, but has turned into a tool I use for work as needed. I have never shared it here, https://github.com/derekburgess/jaws

by spacecadet

1/23/2026 at 5:46:04 PM

is the only way to export the results "run in daemon mode and curl yourself"?

by ryancnelson

1/23/2026 at 11:27:52 PM

In the current version yes, never intended to build it as pure cli app. But if there is a lot of interest in this functionality this is something I can focus on in upcoming releases.

by rvermeulen98

1/24/2026 at 1:36:59 AM

- can we get a radmin vpn that works on both mac and windows?

by vivzkestrel

1/24/2026 at 7:12:43 PM

just use tailscale

by fragmede

1/23/2026 at 3:40:25 PM

> Apple could not verify “whosthere” is free of malware that may harm your Mac or compromise your privacy.

Couldn't run it on macOS Tahoe. I believe this requires me lowering the security to allow it, which is something I would rather not doing.

by hk1337

1/23/2026 at 3:49:04 PM

This is basically how every custom app works on Mac. You have to go to Settings -> Security & Privacy and click "Allow whosthere"

by rawgreaze

1/23/2026 at 3:56:08 PM

Would it help to get it on the "official" homebrew, instead of a custom tap/cask? Might try to do an application for that somewhere in the upcoming weeks.

by rvermeulen98

1/23/2026 at 4:37:58 PM

this can be fixed by

xattr -c `which whosthere`

by phubbard

1/24/2026 at 6:16:36 AM

It just means the app isn't signed.

by wtetzner