Skip to content
MCC Who?
IT EN
← Back

Net Inventory Suite

Network inventory + zero-knowledge vault — IPs, devices, docs, alerts, passwords

In test
Node.js Express Knex SNMP WebDAV nmap Topology Vault Zero-Knowledge Argon2id AES-GCM libsodium SSO DexAuth HTTPS TLS Responsive
Net Inventory Suite

Net Inventory Suite is the technical registry of the company. It tracks IP plan (with auto-computed first free IP), devices (with Wake-on-LAN from the device card), exposed services, software licenses, TLS certificates, technical documents (with direct Office open via WebDAV), internal wiki (with MediaWiki importer), interactive topology graph (drag & drop), SNMP polling for live metrics, expiration alerts (certs/licenses) with multi-channel notifications, and network discovery via nmap. SQL-agnostic backend: SQLite, PostgreSQL or MariaDB with Knex migrations. As of April 2026 it also ships a zero-knowledge password vault module: encryption happens entirely in the browser (Argon2id + AES-256-GCM via libsodium), the server only stores opaque ciphertext blobs and cannot decrypt anything even with root privileges. Sharing across users and groups via RSA-OAEP-4096 envelope encryption, auto-lock after 5 minutes of inactivity, soft-lock after 8 failed attempts, BIP39 recovery code shown once, dedicated audit log + integration with the Dex Hub audit ledger.

Features

  • IP plan with auto-computed "first free IP"
  • Devices with Wake-on-LAN from the card
  • Exposed services, software licenses, TLS certificates with expirations
  • Internal wiki with MediaWiki importer
  • Technical documents with direct Office open via WebDAV
  • Interactive topology graph (drag & drop, persistent)
  • SNMP polling for live metrics
  • Expiration alerts (certs/licenses) with multi-channel notifications
  • Network discovery via nmap
  • Zero-knowledge password vault: client-side encryption (Argon2id + AES-256-GCM), server only sees ciphertext blobs
  • Vault sharing across users and groups via RSA-OAEP-4096 envelope encryption, 5-min auto-lock, BIP39 recovery code
  • Operator action audit log (vault included) with dual-write to the Dex Hub ledger
  • Single Sign-On via DexAuth: delegated authentication, federated cookie, JIT user provisioning
  • HTTPS with certificate (TLS) for secure UI and API access
  • Responsive UI: mobile / tablet / desktop

Configuration

  • HTTP port (default 3003)
  • DB engine + 12 separate schemas (admin, ip_inventory, devices, services, ..., vault)
  • nmap range for discovery
  • SNMP communities (read-only)
  • Alert thresholds (days before expiration)
  • WebDAV endpoint for documents
  • Notifier (reuse Dex Hub or own config)
  • Vault: auto-lock timeout (VAULT_AUTOLOCK_MINUTES, default 5)
  • DEXAUTH_URL — Identity Provider (DexAuth) endpoint for SSO
  • HTTPS_CERT_PATH / HTTPS_KEY_PATH to enable TLS

Technical prerequisites

  • Node.js 20+
  • SQL DB: SQLite / PostgreSQL / MariaDB
  • nmap installed (for network discovery)
  • SNMP read access on monitored devices
  • OS-level WebDAV client (for Office open) — optional
  • Modern browser with WebCrypto + WebAssembly (for the zero-knowledge vault: libsodium-wrappers-sumo bundled offline)