macOS manual

NetworkToolbox – Mac

NetworkToolbox for Mac – Software user guide


Please find below some general information about NetworkToolbox for Mac and about this manual.

The manual can be opened from inside the App (Help Menu) or directly using the following link:

If you prefer a printed version, just tap on the PDF Icon on the website version to download a PDF file.

Please note: In case of issues with the App, you will find a lot of possible reasons and solutions in the last chapter “Common issues / FAQ” of this manual.

2.Using the App

After starting the App, you will see the main window of the App.

2.1.Main Window

From here, you can select the App section (Tools, Maintenance, Resources and System) on the left side of the screen.

On the right side, icons are being be displayed for each function or tool.

At the top you can either search for a function or tool by just typing a few letters in the Search field.

The icons at the top right side will adjust how the icons will be displayed. They can be displayed as plain Icons or as list. Or they can be grouped which may help to easier locate the tool you are looking for.

2.2.General usage

Each tool or feature of the App, which can be opened by clicking on an icon, has a similar layout.

The tools also share a common way how information will be entered, can be accessed or further explored.

Try to get familiar with this concept to get the most out of this App.

As an example, this is how the network scanning tool looks like:

The Toolbar section

This and most other tools are using a toolbar at the top with the following functions:

The History combo-box can be used to recall previous results of this tool. Whenever you are using the tool, a new History entry will be added. To empty the History, just click on Clear History.

You can use the Set Defaults button, to clear all entry fields or bring them back to their default values of the below entry section of the screen.

The entry section

The top section of the tool screen, below the toolbar, will usually be used for entering parameters like the scan range, addresses or other information which is needed for using a tool.

Some fields may offer a ☰ Icon on the right side.

When clicking on such an Icon, you will get a list of possible choices like in the above example for the Port number.

In case of Addresses, the ☰ Icon will offer a list of previously used IP Addresses or host names as well as your current Public and Local IP Address.

In addition and depending on the list, you can also right click on each line and column to copy the content of the column. In some cases, you may also see additional options.

At the bottom of this data entry section, you will usually find buttons to run a scan or perform whatever action the tool is meant for.

The Result section

Depending on the tool, results might be displayed on a separate screen or below the entry section like here:

Most time, you can either double-click on a line in this list or use the Icon at the right side to get more details about each list entry.

The most powerful feature however, is the Action button […] in front of each address. You will find such an Action button wherever addresses are displayed.

By clicking this button, you can perform various actions on that particular address.

One example would be to run a port scan on an IP Address that has been discovered by a network scan.

This way, you can easily jump from one tool to another.

In addition, you can also copy the particular address or perform a wake-on-lan (WOL) for the address.

Footer section

While a scan or long lasting procedure is running, you will see a progress indicator at the bottom and may have the possibility to cancel the operation.


The tools in the tools section of the App provides almost anything what is need to access, maintain or discover your local or any other network.


3.1.Local Network Tools

Current Net

This tool provides the IP addresses of your current wired and WiFi network, including your Public IP address.

IP/Host Info

This tool provides a lot of information about any IP address or host, including domain information, Provider, Country and more.

This tool is also very useful when called from the Action […] button from inside other tools to get information about a particular address.

Local Files

Files that have been downloaded using the SMB or FTP tools will end up in a special “sandboxed” folder. (For more information have a look to the “App Sandbox” chapter later in this manual).

This Local Files tool can be used to Browse the contents of this folder, create or removed files and directories.

You can also use the included File Viewer to display file contents in a convenient format or even as plain Text file or as Hexadecimal binary.

Using the “Show in Finder” button will open the macOS Finder which can then be used to copy files between other Directories on your Harddrive and this sandboxed folder.


This tool analyzes the path or route of the data from your Mac to any destination IP address or host.

Before data, such as a request to display a certain website, ends up at the destination IP address, the data is received and passed on by many additional nodes such as routers.

The speed of the connection will depend on the number of such additional nodes and the utilization and bandwidth of each node.


This tool scans for Bluetooth LE or so called Bluetooth 4.0 or smart devices.

Hitting the Start button will start scanning for devices. As long as there are new devices or other changes, the scan will continue to run which may take quite some time. You can hit Cancel to stop scanning but you can also display the details for scanning results while scanning is still running.

Once you double-click on a line or hit the details button on the right of the list, the App will try to connect to the particular Bluetooth device in order to retrieve more detailed information. This may take some time so just wait a few seconds until the details will be displayed.


Bonjour is Apple’s implementation of a so called “Zero-configuration network” technology. The Bonjour tool locates devices such as printers, other computers, and the services that those devices offer on a local network using multicast Domain Name System (mDNS) service records.

Bonjour comes built into Apple’s OS X and iOS operating systems, Apple TV and many other third-party devices and can also be installed on Windows PCs.

If you run a Bonjour scan, you might be surprised at how many devices and software on your network is using Bonjour. Such a scan can reveal additional devices that were not found by a normal Network Scan as they may only respond to certain services.


UPnP is another so called “Zero-configuration network” similar to Apple’s Bonjour.

This tool can be used to discover all UPnP devices on your network.

UPnP comes built into many devices, especially on networked TVs, recorders and players but also on many other devices that provide access to external Apps or via web-interface.


The connections tool displays currently open or recently closed internal (local) or external connections.

At the top of the tool, you can select which type of connection should be displayed (Internal or External).

Hitting the Refresh button will update the list of connections.


This tool interfaces to your Pi-hole Server, if available.

This way, you can use the App to further analyze DNS queries made on your network. By using this tool, you can also easily maintain your black- and whitelists.

Pi-hole is an open source software which can run on a Raspberry pi to protect against Tracking, Ads or other unwanted traffic. Pi-hole even speeds up your browsing experience on your network.

Pi-hole also logs network DNS queries which helps to find Devices on your network which are performing unwanted network connections.

You can read more about Pi-Hole here:

I have compiled a small documentation on how to setup Pi-hole on a Raspberry pi here:

3.2.Exploration Tools

Network Scan

This tool performs a Network-Scan in a given IP Address range.

To scan a certain range, enter both a start and end IP address and press the Scan button.

You can also enter the IP address range in slash or CDIR notation (net/mask). E.g. means to scan from to or entering will scan up to

When using the Quick scanning option, you will get a quick overview of the components in the IP Address range. The results are not as accurate (complete) as a full scan but you can press the refresh button to repeat the quick scan.

When Check for Web interfaces is checked, this tool will look for web interfaces on each of the found IP addresses.

The flags in the result list have the following meaning:

A Active. IP can be pinged.
W Web Interface found.
B Bonjour services found.
U UPnP services found.
S Samba (Windows) services found.

It is possible to Export the list as CSV file, to the Batch tool or the local Devices list which can be found in the Maintenance section.

If you click on Rescan, additionally found addresses will be marked green.

Port Scan

This tool scans for open ports on a specified IP address or domain.

This is useful if you wish to find out whether necessary services like HTTP, FTP etc. are available as expected or if you wish to check if more ports than necessary are accessible which might then be a security issue.

You can click on the selection button next to the Ports field to select one of the predefined port ranges. Select Default to cover the most  common and important ports.

Alternatively, you can enter port numbers manually, separated by commas (or ranges by using the dash/minus sign e.g. 10-100 means Ports 10 to hundred) or any combination of commas and dashes.

WiFi Scan

This tool scans for WiFi devices around you. This will of course require that you have WiFi of your Mac turned on. If you have more than one WiFi network interface, you can select the desired device for scanning. Otherwise, the currently available and selected default device will be selected.

This tool is useful for instance, if you like to see if other WiFi networks are using the same WiFi channel as your own WiFi network. For this, you can click on the “Channel” heading to let the list to be sorted by Channel number. Now, you can search for your own WiFI SSID in the list and check if other WiFi networks are on the same channel.

Shodan and Morpheus

Shodan and Morpheus are search engines that let you find devices such as computers, servers or routers on the Internet. You use them just as you would use Google to search the Internet for websites containing specific terms.

Morpheus is an alternative to Shodan. Like Shodan, it is a device search engine and can be used to search for certain Servers, Routers, Set-Top Boxes and other devices on the Internet.  Both search engines have their pros and cons and it’s probably a good idea to try both engines when searching for a particular device.

You can either select a pre-defined search term by using the button or enter an individual term.

In addition, even without using a specific search term, you can also specify a country, a port, a network name, a host name or an operating system as additional search parameters.

It is important, to enter good search terms or search criteria. Otherwise you will get too many results or no result at all. As a good starting point, you can use the HTTP-Head tool and inspect similar websites or devices and look for specific terms in the HTTP Header, which can be used as search term.

Please note: It is up to you and depends on the law in your country on where you are allowed to proceed from there. Up to this point, you will just see what a device responds to anybody who connects to it. This information will be sent also for instance if you visit this particular device with your web-browser. But in that case, the browser will not show you what it receives from the server and only displays the website. It can be interesting and useful to analyze such responses but it will definitely not be allowed to use this tool to find and break

Morpheus Map

This tool uses Morpheus to search for devices within a certain distance of a given location.

You could, for example, use the tool to see if your own devices have been found by Morpheus.


This tool can be used to find information which was unintentionally indexed by Google.

A dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a “slow-witted” or “in-ept” person.

Dork queries are advanced search operators to narrow down search engine results to find such information.

Using Google dork queries is also called “Google Hacking”

Network Toolbox has a database of common Google dork Queries which will be updated via Data update over time.

To select a certain dork query, first select the Category. Next select the dork query you like to use.

The Search string field contains the special search string for the selected dork query.

Note: You can alter this string, for instance by adding site: to restrict the search to your own domain . Otherwise, if you use the search term as is, the whole internet will be searched.

If you click on Analyze, the App will perform the dork query and gather all urls (links) from the search results in a list. You can then either tap on each entry of this list to visit that particular website or use the action button […] for further actions.

In case you don’t see the desired links or in case you want to see more than 50, you can also tap on Browse instead of Analyze. Then, you will see the original Search result website and can visit the links from there.

Note: If you are using Google dork queries too often within a certain time period, Google will use a captcha to ensure you are human. For this, you will also need to use the Browse button.

3.3.Access Tools


This Tool offers a SSH (secure socket) terminal connection to a server offering the SSH service.

SSH has replaced Telnet as Telnet is highly insecure whereas SSH uses an encrypted connection.

This tool supports either a username/password combination for logging in or to use a Public/Private-key combination. If the private key is password protected (recommended) the password entered in the password field will be used as password for the private key.

For further information about Public-Private keys, please see the dedicated PKI chapter later in this manual.

The usual port for SSH connections is 22 but can be changed here, if necessary.

If the login credentials are not correct or missing, the Passwords screen will pop up automatically. From here you can either try different passwords or select one from the accounts of the Maintenance section of the App. Please read more about this screen under Password tests later in this manual.


The FTP and SFTP Tools provide file browsing and downloading functions to network devices that have this type of service enabled.

SFTP has replaced FTP which is highly insecure. However, some devices still only support FTP.

FTP only supports a username/password combination for the connection whereas SFTP also supports using a Public/Private-key combination.

For further information about Public-Private keys, please see the dedicated PKI chapter later in this manual.

The usual port for SFTP connections is 22 and for FTP it is 21 but it can be changed here, if necessary.

Once connected, you will see a File Browser similar to the Local Files browser just that the files, displayed here are file on the server you connected to.

Please note: As this App runs in a Sandbox environment, all files downloaded by these tools will end up in the separate local file browser Tool. For more information have a look to the “App Sandbox” chapter later in this manual.


This tool opens a simple socket terminal connection.

Some devices still provide this possibility for a terminal connection but where possible, SSH should be used instead because it is much more secure than Telnet.

This tool is also useful to analyze any kind of connection, even HTTP, FTP, POP3, IMAP, SMTP or any other connection. If this tool will be used to connect to such services, it shows a lot of useful information which helps to analyze an address at a certain Port.


This tool allows to connect to so-called Samba Shares or Windows File services and to browse, up- and download files.

Once connected, you will see a File Browser similar to the Local Files browser just that the files, displayed here are file on the server you connected to.

To access a Samba Share, you need to enter a Share name in addition to a username/password combination if the server doesn’t allow root share access.

Once you entered a correct username/password combination you can use the button next to the share field to browse all available shares.

The share can also be entered directly after the Address in the Address field.

Like for the FTP/SFTP tools, files downloaded from here will end up in the separate local file browser Tool. For more information have a look to the “App Sandbox” chapter later in this manual.


This tool allows to browse through data stored in Elasticsearch databases.

Elasticsearch is a popular Search database or better to say engine. It is popular because it’s easy to use and very flexible because there is no need for a database schema as like for other databases.

On the other hand, Elasticsearch has a bad reputation because often, administrators forgot to protect access to it and several data beaches in the past were caused by un- or not-well protected Elasticsearch engines which can easily be revealed by Shodan or Morpheus.

In 2019 for instance, Conrad Electronic accidentally exposed 14 million customer records including financial data and addresses.

The port usually used for elasticsearch is 9200 and the so called App name is the root path of the database on the server which is often ‘elasticsearch’.

If you leave these fields blank, this tool will try for the most common values. Knowing and entering those values will speed up opening the database.

In case the Elasticsearch server is protected, you can enter the username and password pair below.

3.4.Server Tools


This tool acts basically like a regular Web-Browser but offers several features that help to analyze the response of a web-server.

For instance, this Tool can:

  • mimic different browser types like Firefox, Safari and even mobile browsers
  • Disable Javascript for browsing
  • Allow login with standard or custom username/password combinations
  • Test the web-server on common HTTP parameter exploits
  • Use different protocols
  • Display results in source code, plain text or JSON or XML-Tree
  • Display Cookies, created by a Website
  • Display the HTTP Head response of the Web-Server
  • Analyze (Crawl or Spider) the website and their links

Once the web-server connection has been opened by using the Open button, the content will be displayed as in a regular browser.

The Utilities button in the toolbar offers additional utility tools:

From here, the website can be displayed as source or other formats.

Cookies can be displayed, cleared or you can even create or overwrite an existing Cookie.

The Login utility can be used to probe standard passwords using the Password test screen described more in detail under Password tests further below in the manual.

The Test parameters utility can be used in a similar way to test for known HTTP Parameter vulnerabilities.


This tool provides detailed information about certificates used by websites or servers.

This way, you can check certificates for their expiration or origin and if a server can be trusted.

Moreover, this tool helps to reveal additional information of an unknown address.

For instance, if a domain of an IP address can not be revealed using other methods, looking at the certificate may tell you the domain.

This way, you may even find multiple domain names, or even sub-domains. for instance has registered aver 70 domain names in their certificate.


This tool allows to query an individual DNS Server for a domain or, the other way round, find the domain name for an IP address (reverse-dns).

Usually, if a DNS Server is used to translate a host or domain name to an IP address, the local DNS Server of your network is used.

This tool however, let you query any individual DNS Server for domains. This is useful, if you want to debug your DNS settings or want to find out, if DNS settings already have been distributed to other DNS Servers.

Also, all individual records (A,AAA,MX,NS,SOA etc.) will be displayed.

Furthermore, this tool also displays the response times for the queries. This way, you can compare the results of different DNS Servers and chose the fastest for your own network.

You can also perform a reverse lookup to search for a domain for a given IP address.


A web service is a function that can be accessed by other programs or websites over the web. Web services are often used to allow other websites or users to use certain functions of a website without using the website itself to access the information. One example is the Google geolocation services.

Web services usually consists of one or more of the following pieces of information:

  • URL (sometimes called EndPoint of the Service) and URL Parameters
  • Header
  • Body

This tool allows to analyze and test web services of any type.

There are various even quite interesting public web services available which can also be used by this tool.

Once you have entered the required information of the web service you like to access, you can click on GET, POST or PUT to start the service request using the corresponding HTTP method.

Depending on the selection for “View results as”, the results will be displayed accordingly.

Mail Server

This Tool can be used to check for POP3, IMAP and SMTP Mail services of a mail server.

The results can either be used to find out whether your own Mail server has been configured correctly or to identify the required mail settings in your mail client for a particular external Mail server.


There are services on the web which are collecting information about Spam mails and their origin.

The most popular and effective Blacklist service is the Spamhaus Project founded by Steve Linford. Spamhaus got some popularity some years ago when they got attacked by a (so far) never been seen before DDOS (Distributes Denial of Service) attack caused by one of the Spammers they listed in their database as an act of revenge. This incident revealed how powerful such Blacklists are today against Spammers.

Nowadays, there are several additional Blacklist services with different focus, quality and reliability.

The two challenges of those Blacklist services are to prevent false alarms (which may result in blocked domain ranges) and late alarms (which may cause domains to send out Spam for some time before they bet blocked).

For this reason, it is good practice to rely on more than one Blacklist.

This tool allows you to query several Blacklists for a certain IP Address or Domain.

The list of included Blacklist servers will be updated via Data-Update from time to time.

This tool is useful, if you want to check the originator of a Mail. For this, you need to have a look to the source code of a Mail (which usually is an option of most Email Clients) and look for the originating IP Address and domain of the mail.

It is also useful to search the Blacklist for other suspicious IP addresses or domains to see if the server of an Address might have been compromised and now used to distribute Spam. In this case, the Address might be listed on a Blacklist.

Server Check

This tool can be used to check a Web-Server for leaked information or unintentionally exposed files or content.

Due to wrong configurations, bugs or security issues on the Web-Server, a Server may expose information or files that should normally not be exposed. Such information may help Hackers to break into the system or even steal confidential data.

A common issue is that Website administrators forget to protect files or directories against Website visitors.

Or the administrator doesn’t update Server software to the most recent version whereas the current version may have vulnerabilities.

Some of these issues can be revealed if a Web-Server will be accessed by using certain link parameters or by using specially crafted request-headers or request-bodies.

During the check, the Web-Server will be analyzed and the results will be displayed in a list, along with additional information and a colored flag. A red flag indicates a possible major issue. An orange/yellow flag indicates that the Web-Server may reveal some possible unnecessary information. A green flag means that noting was found or the attempt to access a file or information failed.

You can double-click on each entry or the detail icon to see the details of the information returned by the Web-Server. From here, you can also use the action button […] for visiting the Web-Server using the corresponding parameters or perform other actions.

The internal database behind this will be constantly updated over time via Data update. It contains information from recent attacks and the Honeypots I am running.

A full check may run quite a while, depending of the Web-Server’s and your internet speed. These checks will be run sequentially and not in parallel like in some other tools. This is to prevent firewalls on the Web-Server to detect this check. However, it may still happen (or better to say it should happen) that firewalls may detect this check even though they are performed in sequence. In this case you will see consecutive server errors after a few checks were run. Then, you might want to continue the test at a later time or after changing your IP Address.

3.5.Utility Tools


This tool can be used to test the reach-ability and availability of a network device.

You can also see the ping time in milliseconds to compare or check the speed of a connection.

If advanced is switched on, additional values such as ttl (time-to-live) and the ping packet size can be entered. It is also possible to force IPv4 or IPv6 pinging.

If advanced is switched off, these values will be set automatically based on the IP Address or domain that has been entered and based on best-practices.

MAC Database

This tool offers a huge database of all vendors who are entitled to assign their own MAC addresses.

To search the database, just enter either the first three parts of any MAC address (such as e8:8d:28) or a vendor’s name such as Apple. Then press Search and you will see all matching entries.

This tool will also be used internally by other tools of this App to add vendor names for MAC addresses wherever MAC addresses will be displayed e.g. in the Device or Network scanning tool.


This tool performs IP address calculations that are helpful in configuring networks.

It also offers functions for converting between IPv4 and IPv6 addresses.


This tool provides information about a registered domain.

It starts searching for the registrar of the domain and drills down to the registration record of the corresponding registrar. Often, such a tool is called Deep whois.

Whois query results are not standardized. Several registration authorities provide their information in various formats and at different information depths. This is, why websites or other Apps just provide raw text output of the results or they charge for individual structured results.

However, this tools tries to interpret the query result and to present it, in the usual, structured format. In some cases (e.g. for, where this is not possible, you may also see just raw information.

Just enter a domain name and press Start Query.

In case the domain name you entered includes one or more subdomains (e.g., the tool will convert the name to the base domain name. (e.g. will be converted to or will be converted to

On the result list, you will first see information about the registrar under the IANA Information section. As this information is not necessarily provided by the usual whois.nic.DOMAIN registrar, this section might also contain valuable information.

On the next section, you will see all information provided by the registrar about the domain. The level of details of this section is different from registrar to registrar.


The Batch Tool is useful if you like to perform scanning actions on multiple addresses one after the other.

You can add addresses to the batch in three different ways:

  1. Add addresses manually from inside the Batch tool by using the “Add” button
  2. From the Network Scan tool by using the Export button.
  3. From any location where an address is displayed by clicking the Action button […] and selecting “Add to batch”
  4. By importing addresses from csv files

Once the batch contains at least one address, you can hit any of the buttons in the “Run action” section to perform that action on any of the addresses in the list.

For long lists, this can take quite a while so it’s a good idea to start with the “Ping” action, to see which of the addresses are responding to a network Ping. You can then click on “remove failed” to remove those addresses from the list that are not responding, before starting additional actions.


This is a unit conversion tool for converting all kind of different units such as speed-, length-, power- or data transfer units.


This tool can be used for data conversion (Base64, HEX, URL, HTML), checksum / hash generation (MD5, SHA1, SHA256) or JSON pretty printing.

The conversion can happen in up to five steps. This way you can for instance first decode a BASE64 encoded string and next convert it to Hexadecimal or even more.


This tool can be used to monitor or generate network traffic (Packets).

Sometimes you may want to see the data packets, sent from a server or generate your own packets and submit them to a client. This is what this Tool is for.

This Packet tool can send packets either using UDP or TCP to a given IP Address and port. And it can listen on a certain port for packets in UDP or TCP.

In the upper, “Transmit:” part, you can enter Address, Port and protocol (TCP or UDP) to be used to send the data. Below, you can device if you like to enter the data as plain ASCII text or in hexadecimal form. You can also switch back and forth here as the entered data will be converted.

Finally, you can enter a repeat count which causes the data to be repeated multiple times before it is being sent using the “Send” button.

(Note: if you want to send a packet of 256 bytes of zeros, you can enter 00 in Hexadecimal and 256 for Repeat)

In the lower “Receive:” section of this Tool, for your convenience, you will see the IP Address of your Mac (which is where this tool is listening for the data). Below, you can enter the Port where to listen and you can select again if you like to use the UDP or TCP protocol. Once you click on “Start Listen” the tool will start a Server process that is listening on the given port and protocol.

Once data had been sent or will be received, the log at the bottom of this tool will inform about the data or possible errors. The details button at the right will show the full information.

Port Forward

This tool is useful for analyzing the traffic between two network devices. It acts as a man-in-the middle tool that connects the two devices and logs the traffic between them.

It can, for instance, be used to see what kind of information your desktop browser or e-mail client is sending to a web server or mail server. Often, browsers transfer more information than necessary, such as your computer type, its operating system and version etc.

First, you need to enter the port to which your device should listen. This can be, for instance, Port 8080. For the destination you need to enter an IP address and port number. The port numbers can be identical or different.

Once you click on Start, the tool will listen for data on the given port. Once data has been received, it will be displayed in the log at the bottom of the screen. Also, the same data will be passed on to the address and port entered as “Destination”.

Health Check

This tool helps to quickly monitor a number of networks (IP Addresses or hosts) in one step.

This way, you can quickly find out if any of the network components on your network or any of a set of Web-Servers are working correctly or may have an issue.

To use this tool, just add the addresses you like be checked by using the “Add” button.

You can optionally enter a port and need to select the type of check. Each test nay require additional parameters like a timeout value or text that must (or must not) be contained in the response when connecting to the address.

Once you have entered this information you can hit the Test button to see if this single test would pass or fail based on the entered information.

Once you have entered your checks this way for multiple addresses, you can click the Start button to run all checks one after the other.


This tool provides information if whether or not an Email address has been compromised in a data breach of the past.

Background: This tool used to use an API offered by Troy Hunt. He created the “Have I Been Pwned” service as a free resource for anyone to assess if they may have been put at risk due to an online account of theirs having been compromised or “Pwned” in a data breach. For this, he is collecting all available information about data breaches of the past. Have I Been Pwned is also available on his website

Unfortunately, there were several users who misused this API so Troy had to remove free and public access to the API.

But good news: I decided to pay the monthly fee for it so you can use it for free from inside my iOS and Mac Apps.

So please continue to use this tool to check your Email addresses and in case your Email address has been ‘Pwned’ you should change password on every service you are using with that Email address. Also, most likely, you will receive Spam mails but there is not much you can do against this other than switching to another mail address.


This tool can be used to check Files, Websites, Domains and IP Addresses for malicious content or activities.


Background: This tool uses the API offered by VirusTotal . VirusTotal is a community driven service which offers scanning of contents using over 70 different scanners.

Once you open this tool, you can select a Scan type (File, URL, Domain or IP-Address) and use the Add button to add an item to the list.

You can also add items to the list from other Tools by using the […] button.

Files and URLs

For files and URLs, you can try the details button on the right side before you submit anything to VirusTotal. This way, Network Toolbox uses the fingerprint of the file or URL to see if somebody else might have already sent the same file or website URL to VirusTotal. If that’s the case, you will see the results immediate. If the File or Website has not yet been scanned, you have to use the “Submit” button to submit it to VirusTotal for scanning. After that, it may take a few minutes until you will be able to see the results using the details button. These results will be updated over time so you may want to use the “Re-check” button to get updated results.

Domains and IP Addresses

For this type, it is not necessary to submit some data to VirusTotal and you can immediately use the right details button to see the VirusTotal analysis results.

PLEASE NOTE: In order to use this tool, you need to obtain an API key from VirusTotal. You can get such an API key for free on the VirusTotal website. Once you have an API key, you can enter it in the App Preferences and the API Keys tab.




Using this tool, you can create and maintain an inventory of your local network.


From the main screen of the devices tool you can add, edit and delete entries to the devices list using the toolbar icons.

However, the most convenient starting point for the tool is the Network Scan tool of the Tools section. From there, you can run a network scan on your local network and use the Export button to export the scanning results to this tool.

After this, you can update the information for each device individually.

For instance, you can enter an Alias which better describes this device, select a Type, a Role and add a Comment.

It is also possible to add Accounts for each device which is described in more details in the next Accounts chapter.

You can Export the list for backup purposes or to transfer this data to other Apps, Numbers or Excel and re-import the list from the Utilities button of the Toolbar.


In addition to devices, you can also maintain Accounts along with their credentials for your network devices.


Similar to the devices tool, the accounts tool also shows a list and a similar Toolbar with the same features.

Hitting the Add button (or the Edit button for an already existing account) shows the Account details screen.

Here you can enter all information for a particular account including a Title, an Address (host name or IP Address), Port, Type and comment.

Port and Type are needed if you plan to use this App to automatically select the right tool (e.g. SSH, FTP, SMB etc.) to open this account.

The account credentials like username, password, Public- and Private Key are all optional of course but once entered, they will be used when opening an account from inside the App.

Once you have created an account for a certain address, you can add that account to the address from inside the devices tool.

From here, you can then open this account (if you did enter a port number and Type as mentioned earlier).

You can add multiple account to a single device.


This tool can be used to generate and verify Public-Private key combinations.

Similar to, but more secure than, passwords, Public and Private Key combinations can be used for SSH connections as in the SSH or SFTP Tool.

Such Public and Private keys can be generated from inside this tool. The keys then need to be stored on the Server which as well as the client. In this App, you can copy / paste the keys to the SSH and SFTP tools as well as the Accounts Maintenance tool.

To generate new keys, select the Key type at the top (OpenSSH, Putty or RFC4716), select the Key size and encryption method (RSA or DSA).

Because private keys need to be kept private (secure), it should be encrypted using a password which can also be entered from here.

After hitting the Generate button, the key(s) will be generated and can be copied out of the sections below.

To verify the consistency of a given Public / Private key pair, you can paste the keys to the sections and hit the “Validate” button at the bottom.

On this link you can find a tutorial on how to use Public and Private keys to secure a Raspberry Pi. Even though this tutorial is based on the iOS variant of NetworkToolbox, the procedure is similar.


In the resources section of NetworkToolbox you will find a lot of useful information like an ASCII Table, overview of Ports, HTML Tags and Status codes and much more.

From inside these tools you can either browse or search for the information you are looking for.


In the system section of this App you will find additional tolls which are providing information about your Mac, including Memory, CPU, Operating System and Network Device information.

7.Additional background information

7.1.File viewer

Throughout the App, files can be displayed in various formats. Where possible, the file format will be determined automatically and the appropriate viewer will be used. The file browsers also allows to select a particular viewer by right-clicking on a file.

JSON, XML and Plist files will be displayed in a hierarchical browser, CSV or TSV files as Tables and HTML with Syntax highlighting.

Binary files can be displayed in HEX format.

7.2.Password tests


Wherever password are needed but not available or entered incorrectly, the following password selection screen will be displayed.

If the “Default List” tab is selected, using this screen you can probe for commonly used username / password combinations by selecting a combination from the list either by double-clicking or hitting the Use button.

You can also alter or completely re-enter the Username/Password combination at the top of this screen before hitting the use button.

Each already probed entry will be marked with a checkmark which can be removed using the “Clear checkmarks” button.

The commonly used password list will be updated from time to time using data updates.

If you like to select a username/password combination of your Accounts from the Maintenance section of the App, just select the “Account List” tab at the top.


7.3.App Sandbox

NetworkToolbox for Mac is a Sandboxed App which means it runs in a safe and protected environment.

The App complies to all Apple Sandbox and Security guidelines and does not access other sensitive data other than the data and information which should be discovered by using the individual tools of the App.

This is very important, especially for an App like this and therefore this App offers the greatest possible security and privacy to you.

Usually, sandboxed Apps may suffer of limited features and possibilities. However, NetworkToolbox for Mac is almost not affected by any restriction.

One constraint is the fact that the App doesn’t have full access to files stored on your local Harddrive. For this reason, the App is storing local files that my have been downloaded or should be uploaded for instance when using the SMB or FTP Tools in a local Sandbox directory.

The App Sandbox Directory is located under:

/<Your Harddrive>/Users/<Your Username>/Library/Containers/Network Toolbox/Data

To access these files here, NetworkToolbox offers a local file Browser tool in the Tools section.

From here, you can also open a Finder window to copy files out of or into this folder.

7.4.App security

As described in the previous chapter, you can rest assured that this App doesn’t perform any harmful activities.

However, tools of the App can of course be misused to perform harmful or even illegal activities. It is your responsibility to use this App only on your own network or networks for which you have been given permission to.

You can enter and maintain passwords, private keys and other sensitive information inside the App. This information is already encrypted when stored on your device.

However, this security measure can be further improved from the App Preferences, Security tab:

If you select “Use Encryption Password” you will be able to enter an additional Password to protect this data.

If “Request Password on App Start” is switched on, you will need to enter this password immediately when starting the App. Otherwise you will be prompted for the Password once you will access sensitive data from inside the App (for instance when using the SSH tool and want to access your Accounts to get the credentials).

You can also select “Authenticate using Device login”. Selecting this option assumes that you are the legitimate user once you have authenticated to your device. This feature will also use Apple’s Touch-ID authentication, if available so this is useful especially on MacBooks with Touch ID.

Please Note: If you are using a password to protect the data of this App, there is no way to recover the password. The only way to re-gain access to the App if you lost or forgot the password is to use the “Reset Password” button. However, when using this button, all sensitive information which was previously protected by the password, will be lost.

It is also suggested, especially on portable Macs, to use Apple’s FileVault (System Preferences, Security & Privacy, FileVault) to encrypt the local Harddrive so no data gets compromised even if the device got stolen.

For privacy reasons you can also clear the history and defaults using the corresponding button here.


8.Common issues

So far, there are no known issues. Once I am getting aware of issues or may receive one and the same question more than once, I will add them to this section of the manual.

So please, in case of questions, suggestions or issues, use the “Support or Feature Request” button inside the App which can be found on the NetworkToolbox Preferences screen.

Suggest Edit