• My latest project - "TipOff"

    From MeaTLoTioN@1337:1/101 to All on Thursday, July 02, 2026 23:52:24
    Hey y'all,

    Been quietly building "TipOff" - a self-hosted security monitoring tool for small businesses & home labs. Domain health, LAN discovery, uptime monitors, WordPress scanning & breach detection. One Docker container, your data never leaves your server.

    If you're interested in finding out more, please visit https://tipoff.cc - this is a tool that has made my life a lot easier recently, and I'm sure others will benefit also from it.

    Let me know if you use it and if it's useful to you =)

    Cheerio!

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N // @meatlotion:erb.pw |10S|02SBBSS|08-|10M|08-|100|020001 |10C|02ertified |10B|02BS |10S|02YSOP

    |07�� |08[|10eml|08] |[email protected] |07�� |08[|10web|08] |15www.erb.pw |07��Ŀ |07�� |08[|09fsx|08] |1521:1/158 |07�� |08[|11tqw|08] |151337:1/101 |07���� |07�� |08[|12rtn|08] |1580:774/81 |07�� |08[|14fdn|08] |152:250/5 |07����
    |07�� |08[|10ark|08] |1510:104/2 |07��

    ... A SQL query walks into a bar and sees two tables. Asks: 'Can I join you?'

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (1337:1/101)
  • From deon@1337:2/101 to MeaTLoTioN on Friday, July 03, 2026 17:14:56
    Re: My latest project - "TipOff"
    By: MeaTLoTioN to All on Thu Jul 02 2026 11:52 pm

    Howdy,

    Let me know if you use it and if it's useful to you =)

    Just had a play today - nice tool, well done.

    Be keen to see where you take this - I think there could be a few great things added.

    * I see from the mac address you can identify the vendor - be good to identify all VMs (from their mac)

    * Might be good to be able to group stuff, ie: seperate the appliance from the homelab, etc...

    * Could be helpful to have some lan topology if you can get it. ie: I dont use a /24 on the same wire - some devices I route to, so it could be useful to find out which devices are acting as a router

    * Wondering how you could do IP6?


    ...����
    --- SBBSecho 3.37-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (1337:2/101)
  • From MeaTLoTioN@1337:1/101 to deon on Friday, July 03, 2026 10:12:28
    On 03 Jul 2026, deon said the following...

    Re: My latest project - "TipOff"
    By: MeaTLoTioN to All on Thu Jul 02 2026 11:52 pm

    Howdy,

    Let me know if you use it and if it's useful to you =)

    Just had a play today - nice tool, well done.

    Thank you!

    Be keen to see where you take this - I think there could be a few great things added.

    * I see from the mac address you can identify the vendor - be good to identify all VMs (from their mac)

    Yes, this is already planned, it's a bit tricky as VM's often create mac addresses that don't follow a particular vendor, but I'm working on a better way to capture, perhaps even using multiple ways and then pinning the best fit per each mac address.

    * Might be good to be able to group stuff, ie: seperate the appliance
    from the homelab, etc...

    This is on the todo list already, when you have a long list, grouping would be pretty much a requirement.

    * Could be helpful to have some lan topology if you can get it. ie: I
    dont use a /24 on the same wire - some devices I route to, so it could
    be useful to find out which devices are acting as a router

    Yes this is also on the todo list =)

    * Wondering how you could do IP6?

    Good question, I think I can.

    I'll keep you posted as to what I find/manage to do.
    Thanks for trying. If you're wanting to give the reports and automatic rescanning a go, ping me in Matrix and I'll gen you a pro key.

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N // @meatlotion:erb.pw |10S|02SBBSS|08-|10M|08-|100|020001 |10C|02ertified |10B|02BS |10S|02YSOP

    |07�� |08[|10eml|08] |[email protected] |07�� |08[|10web|08] |15www.erb.pw |07��Ŀ |07�� |08[|09fsx|08] |1521:1/158 |07�� |08[|11tqw|08] |151337:1/101 |07���� |07�� |08[|12rtn|08] |1580:774/81 |07�� |08[|14fdn|08] |152:250/5 |07����
    |07�� |08[|10ark|08] |1510:104/2 |07��

    ... A social life? Where can I download that!?

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (1337:1/101)
  • From MeaTLoTioN@1337:1/101 to deon on Friday, July 03, 2026 14:09:12
    On 03 Jul 2026, deon said the following...

    * I see from the mac address you can identify the vendor - be good to identify all VMs (from their mac)

    * Might be good to be able to group stuff, ie: seperate the appliance
    from the homelab, etc...

    * Could be helpful to have some lan topology if you can get it. ie: I
    dont use a /24 on the same wire - some devices I route to, so it could
    be useful to find out which devices are acting as a router

    * Wondering how you could do IP6?

    Do a `docker compose pull && docker compose up -d` and you'll have all of these =)

    IPv6 address(es) are inside each host detail
    Network Topology has it's own menu item (top-right hamburger menu)
    Host list now has custom tags you can create
    MAC Address identify is a little better, can identify which hosts are VM's if the MAC address matches a known template.

    Let me know how it goes =)

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N // @meatlotion:erb.pw |10S|02SBBSS|08-|10M|08-|100|020001 |10C|02ertified |10B|02BS |10S|02YSOP

    |07�� |08[|10eml|08] |[email protected] |07�� |08[|10web|08] |15www.erb.pw |07��Ŀ |07�� |08[|09fsx|08] |1521:1/158 |07�� |08[|11tqw|08] |151337:1/101 |07���� |07�� |08[|12rtn|08] |1580:774/81 |07�� |08[|14fdn|08] |152:250/5 |07����
    |07�� |08[|10ark|08] |1510:104/2 |07��

    ... User Error: Replace user and hit any key to continue...

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (1337:1/101)
  • From deon@1337:2/101 to MeaTLoTioN on Saturday, July 04, 2026 17:30:18
    Re: Re: My latest project - "TipOff"
    By: MeaTLoTioN to deon on Fri Jul 03 2026 02:09 pm

    Howdy,

    Do a `docker compose pull && docker compose up -d` and you'll have all of these =)

    Awesome, I'll take a look...


    ...����
    --- SBBSecho 3.37-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (1337:2/101)
  • From deon@1337:2/101 to MeaTLoTioN on Saturday, July 04, 2026 19:59:16
    Re: Re: My latest project - "TipOff"
    By: MeaTLoTioN to deon on Fri Jul 03 2026 02:09 pm

    Howdy,

    * Could be helpful to have some lan topology if you can get it. ie: I dont use a /24 on the same wire - some devices I route to, so it could be useful to find out which devices are acting as a router
    Do a `docker compose pull && docker compose up -d` and you'll have all of these =)

    The network topology is not 100% fot me. To give you an example, at home, I use 10.1.3.0/25 for my homelab. Tipoff is running on 10.1.3.54.

    Thus everything on 10.1.3.0/25 you'll get a MAC address and know its "local", if you havent figured that out from quizzing 10.1.3.54 network routing table.

    10.1.3.192/28 is running inside an emulator off of 10.1.3.111 and you may be able to work that out via the same way traceroute does. Those addresses wont have a MAC address (from 10.1.3.54) - but they are grouped under 10.1.3.0/24 (even though I choose "network" from the network map).

    Simularly 10.1.3.240/29 is another network via my core router 10.1.3.1.

    Interestingly, my wifi is 172.31.20.0/24 and on it I have my home assistant VM, it shows as "infrastructure" at the top of the network diagram, next to 172.31.20.1 - what makes it "infrastructure" and not a "device"?

    It would be ideal if 10.1.3.1,172.31.20.1,10.1.3.246 were discovered as the same router.

    MAC Address identify is a little better, can identify which hosts are VM's if the MAC address matches a known template.

    How do I define a mac mask, so that all my proxmox and esx machines are discovered as a VM?


    ...����
    --- SBBSecho 3.37-Linux
    * Origin: I'm playing with ANSI+videotex - wanna play too? (1337:2/101)
  • From MeaTLoTioN@1337:1/101 to deon on Saturday, July 04, 2026 12:08:35
    On 04 Jul 2026, deon said the following...

    The network topology is not 100% fot me. To give you an example, at
    home, I use 10.1.3.0/25 for my homelab. Tipoff is running on 10.1.3.54.

    Thus everything on 10.1.3.0/25 you'll get a MAC address and know its "local", if you havent figured that out from quizzing 10.1.3.54 network routing table.

    10.1.3.192/28 is running inside an emulator off of 10.1.3.111 and you
    may be able to work that out via the same way traceroute does. Those addresses wont have a MAC address (from 10.1.3.54) - but they are
    grouped under 10.1.3.0/24 (even though I choose "network" from the
    network map).

    Simularly 10.1.3.240/29 is another network via my core router 10.1.3.1.

    Interestingly, my wifi is 172.31.20.0/24 and on it I have my home assistant VM, it shows as "infrastructure" at the top of the network diagram, next to 172.31.20.1 - what makes it "infrastructure" and not a "device"?

    It would be ideal if 10.1.3.1,172.31.20.1,10.1.3.246 were discovered as the same router.

    MAC Address identify is a little better, can identify which hosts are V if the MAC address matches a known template.

    How do I define a mac mask, so that all my proxmox and esx machines are discovered as a VM?

    Hey ����,

    Thanks so much for the detailed feedback - really useful stuff!
    I've had a look at the issues you raised:

    Infrastructure classification - you're right, the heuristic is too aggressive. ASUS is in the vendor list which shouldn't be there (ASUS makes plenty of regular devices), and the "last octet is .1 or .254 = infrastructure" rule is catching your subnet gateways when they should actually be shown as gateways in their own tier.

    By network grouping - hosts that fall outside your entered discovery CIDRs (like 10.1.3.192/28 when you've only entered 10.1.3.0/25) have no CIDR context so they fall back to /24 grouping. The fix there is actually on your end - adding 10.1.3.192/28 and 10.1.3.240/29 as discovery CIDRs will get them grouped correctly. They can be comma separated in the settings page.

    Gateways - rather than guessing by last octet (.1/.254), we can read all routes directly from the container's routing table (/proc/net/route) which gives us every gateway IP authoritatively - so 10.1.3.1, 10.1.3.111, 172.31.20.1 etc. would all be correctly identified as gateways without any guesswork. That's the fix going in.

    Custom MAC OUI prefixes - good shout, adding a settings field so you can define your own OUI prefixes for Proxmox/ESX and anything else that doesn't match the built-in list.


    Really appreciate you taking the time to dig into it - this kind of real-world feedback is exactly what makes it better!

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N // @meatlotion:erb.pw |10S|02SBBSS|08-|10M|08-|100|020001 |10C|02ertified |10B|02BS |10S|02YSOP

    |07�� |08[|10eml|08] |[email protected] |07�� |08[|10web|08] |15www.erb.pw |07��Ŀ |07�� |08[|09fsx|08] |1521:1/158 |07�� |08[|11tqw|08] |151337:1/101 |07���� |07�� |08[|12rtn|08] |1580:774/81 |07�� |08[|14fdn|08] |152:250/5 |07����
    |07�� |08[|10ark|08] |1510:104/2 |07��

    ... No one knows what's next, but everybody does it.

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (1337:1/101)
  • From MeaTLoTioN@1337:1/101 to deon on Saturday, July 04, 2026 19:34:33
    On 04 Jul 2026, MeaTLoTioN said the following...

    I've had a look at the issues you raised:

    Do a `docker compose pull && docker compose up -d` now and hopefully you'll get some changes and they'll work a bit better for you.

    In the settings, you can now add a custom VM MAC filter(s) (comma separated). All gateways from routing table should now show correctly/better
    ASUS removed from infra
    Multiple gateway nodes in the topology gateway tier side-by-side

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N // @meatlotion:erb.pw |10S|02SBBSS|08-|10M|08-|100|020001 |10C|02ertified |10B|02BS |10S|02YSOP

    |07�� |08[|10eml|08] |[email protected] |07�� |08[|10web|08] |15www.erb.pw |07��Ŀ |07�� |08[|09fsx|08] |1521:1/158 |07�� |08[|11tqw|08] |151337:1/101 |07���� |07�� |08[|12rtn|08] |1580:774/81 |07�� |08[|14fdn|08] |152:250/5 |07����
    |07�� |08[|10ark|08] |1510:104/2 |07��

    ... The shortest distance between two points is under construction

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (1337:1/101)