Features

Everything you need to understand your network.

FortLock packages the same scanning techniques the pros use, then writes the report so a human can actually read it. Every feature below ships in the free download.

Request early access
01 · Discovery

Find every device on your network.

ARP, mDNS, SSDP, NetBIOS, WS-Discovery — plus a 45,000-entry vendor database. The kind of fingerprinting the enterprise tools charge for.

Multi-protocol discovery

Active and passive techniques cross-checked so you don't miss devices that hide from one method.

OUI vendor lookup

Every MAC address resolves to a real manufacturer name — no more 'Unknown'.

Hostname inference

NetBIOS, mDNS, DHCP, reverse DNS — whichever source has the highest confidence wins.

Smart-device fingerprints

We know what an Echo Dot looks like vs a Sonos vs a Hue bridge. The report calls it out.

02 · Vulnerability

Catch what an attacker would catch.

Open ports, weak TLS, exposed admin panels, default credentials, router CVEs. Enriched with EPSS so you fix what's actually exploited.

CVE cross-referencing

1.2M+ CVEs from NVD, GitHub Advisories, OSV, and Vulners. Multi-source so you see exploit availability, not just severity.

Default-cred probe (opt-in)

Single-attempt check against the most common router/IoT default credentials. Safe, slow, and disabled by default.

External-surface scan

Subdomain discovery, DNSBL listings, SPF/DMARC/DKIM hygiene, public-facing CVE checks for your domains.

TLS & header grading

SSL Labs–style grading on every TLS endpoint. OWASP-style HTTP header scoring for every web service.

03 · Reporting

The report your insurance carrier actually wanted.

Plain English at the top. Drill-down detail for the technical reader. PDF export. Branded for your business on Pro+.

Plain-English summary

An executive summary written by FortLock's analysis layer — no jargon, no CVE IDs in the headline.

Risk grade & trend

Letter grade (A–F) per scan plus a 30-scan trend so you know if your network is getting safer or worse.

PDF export

Print or save the report at any point. Layout collapses to a clean linear PDF, ready to email.

Per-device deep dive

Click any device for a full card: ports, fingerprints, CVEs, MITRE techniques, and recommended fixes.

04 · Power features

Grow into it as your needs grow.

Start free with on-demand scans. Add scheduled monitoring, authenticated scans, multiple subnets, and API access as you go.

Scheduled scans

Daily, weekly, or monthly. Get alerted on new devices, new ports, or new critical findings.

Authenticated scans

Add SSH credentials for read-only on-host package enumeration. Find CVEs that pure network probes miss.

AI-written summary

Powered by a bundled local model that runs entirely on your machine. Toggle it off in settings to ship reports without an AI pass — the raw findings still work.

API & webhooks

On Pro+, get programmatic access to inventory, alerts, and report exports. Build it into your dashboards.

Honest data handling

Local-only. Nothing leaves your machine.

Scan execution, findings, and the optional AI analysis all run on your device. The AI is a bundled local model that ships inside the desktop app — toggle it on for plain-English summaries, toggle it off for raw findings only. Either way, no findings, no fingerprints, and no traffic ever leave your machine. The Tauri shell enforces an outbound egress allowlist so you can audit every byte.

  • Scan execution runs on your machine
  • Bundled local AI model — toggleable in settings
  • Findings, reports, and analysis all stay on-device
  • No telemetry, no fingerprint uploads, no cloud calls
  • Outbound egress allowlist enforced in Rust

Cloud-assisted analysis is reserved for the enterprise tier — not yet shipped. When it lands, it will be opt-in, scoped to enterprise SKUs only, and clearly labeled in the UI.

Ready to see your own network?

Free download. First scan free. About five minutes from install to report.

Request early access

Curious about pricing? See plans.