Pi.Alert is a Free WIFI / LAN Intruder Detector with Web Service Monitoring
What is Pi.Alert?
Pi.Alert is a comprehensive WIFI and LAN intruder detector equipped with web service monitoring for enhanced security and efficiency.
This powerful tool conducts regular scans on all the devices that are connected to your WIFI or LAN. It meticulously records the identities of all known devices and alerts you immediately whenever there's a connection from any unrecognized or unknown device. This feature helps in minimizing the risk of unauthorized access and maintaining the integrity of your network.
Moreover, Pi.Alert has a unique feature that monitors the connection status of devices that are always connected. In case one of these devices disconnects, the system promptly sends out warning alerts, enabling you to take swift action to resolve any potential issues or disruptions.
But that's not all. Pi.Alert also excels in assessing the availability of web services. It does this by carefully evaluating important parameters such as the HTTP status code, SSL certificate, and the response time of the service. You'll receive immediate notifications if there are any changes to the SSL certificate or the HTTP status code, or if the service becomes unreachable for any reason. This feature ensures optimal uptime and swift resolution of issues, keeping your web services running smoothly.
In addition to these features, Pi.Alert also helps in detecting any unwanted or foreign DHCP servers that might compromise the security of your network. The tool also offers device monitoring using the simple yet powerful ping command, further enhancing its usability and functionality.
How Does it Scan?
- arp-scan. The arp-scan system utility is used to search for devices on the network using arp frames.
- Pi-hole. If the Pi-hole DNS server is active, Pi.Alert examines its activity looking for active devices using DNS that have not been detected by other methods.
- dnsmasq. If the DHCP server dnsmasq is active, Pi.Alert examines the DHCP leases (addresses assigned) to find active devices that were not discovered by the other methods.
- Fritzbox. If you use a Fritzbox (a router from the company "AVM"), it is possible to perform a query of the active hosts. This also includes hosts of the guest WLAN and Powerline devices from "AVM".
- Mikrotik. If you use Mikrotik Router as DHCP server, it is possible to read DHCP leases.
- UniFi. If you use UniFi controller, it is possible to read clients (Client Devices)
- Web service monitoring. An HTTP request is sent and the web server's response is processed. If self signed certificates are used, no validation of the certificate is performed.
- ICMP monitoring. A "ping" is sent to a manually specified IP/hostname/domain name and the response is evaluated
- DHCP Server Scan. Nmap is used to send DHCP requests into the network to detect unknown (rogue) DHCP servers.
The Backend
Unwaveringly running on a scheduled basis through the user-installed Pi.Alert's cronjobs, the backend is the powerhouse of the system. It meticulously scans the network for connected devices using a variety of robust scanning methods. Additionally, it rigorously ensures the accessibility of web services, staying vigilant for any SSL certificate changes. All the gathered data is securely stored in the database.
Any detected changes? You'll be the first to know. The backend promptly reports changes via email and other efficient services like Pushsafer, Pushover, NTFY, Gotify, and Telegram via shoutrrr, and to the Frontend.
For maintenance, it diligently performs automated tasks for database cleaning and optional backups. If desired, it can also execute speed tests of the Internet connection with accuracy.
And for user convenience? The pialert-cli tool is here, allowing users to effortlessly configure login, password, and other settings.
The Frontend
A configurable login feature is available to prevent unauthorized access, with the default password set to "123456". By default, this feature is disabled. To enable password protection, adjust the configuration settings either in the ~/pialert/config/pialert.conf
file or via the pialert-cli tool.
Moreover, the system offers extensive functionalities:
It manages device inventory and characteristics, facilitating individual management or bulk edits. The collected data, including sessions, connected devices, favorites, events, presence, and internet IP address changes, is visually represented. For enhanced device management, manual Nmap scans and Wake-on-LAN (if supported) are available, alongside speed tests for the "Internet" device in the details view.
Additionally, it provides insights into network relationships through a simple display. Users can perform various maintenance tasks and customize settings, including language selection (English, German, Spanish, French, Italian), AdminLTE-Skins/Theme/Favicons selection, API-key configuration, login management, database maintenance tools, and config file editing.
For support, a comprehensive Help/FAQ section is accessible. Notifications with download options keep users informed, while a journal tracks operations performed via the frontend, pialert-cli, and cronjob.
New Favicons/Homescreen icons have been created based on the original design, tailored to different skins. To ensure compatibility with iOS devices, icons can be directly linked from the repository, as iOS devices may not load homescreen icons from insecure sources (without SSL or self-signed SSL).
There are various ways to submit a request to the backend with the help of a API. I will use curl/bash and curl/php as examples in the following.
License
The app and source-code are released under the GPL-3.0 License, as a free and open-source project.